Footprinting and Reconnaissance – 51 Safety

Google hacking refers to the usage of superior Google search operators for creating complicated search queries to extract delicate or hidden info. 

▪ Hidden internet pages equivalent to intranet and VPN companies

Instance: Use Google Advance Operator syntax [intitle:intranet inurl:intranet +intext:”human resources”] to search out delicate details about a goal group and its staff. Attackers use the gathered info to carry out social engineering assaults.

An attacker may leverage AI-powered ChatGPT or different generative AI expertise to carry out this process by utilizing an acceptable immediate equivalent to: “Use filetype search operator to acquire pdf recordsdata on the goal web site eccouncil.org and retailer the end result within the recon1.txt file”

Shell-gpt / sgpt : https://github.com/tbckr/sgpt

Google Dork.

VPN Footprinting by way of Google Hacking Database with AI

Footprinting by way of SHODAN Search Engine 

Supply: https://www.shodan.io

Shodan is a search engine that allows attackers to carry out footprinting at varied ranges. It’s used to detect gadgets and networks with vulnerabilities. A search in Shodan for VoIP and VPN footprinting can ship varied outcomes, which is able to assist collect VPN-and VoIP-related info. 

Different Methods for Footprinting by way of Search Engines 

▪ Gathering Data Utilizing Google Superior Search, Superior Picture Search, and Reverse Picture Search

▪ Gathering Data from Video Search Engines

▪ Gathering Data from Meta Search Engines

▪ Gathering Data from File Switch Protocol (FTP) Search Engines

▪ Gathering Data from IoT Search Engines

        shodan.io/search?question=SCADA

3. Footprinting by way of Web Analysis Companies

▪ DNSdumpster Supply: https://dnsdumpster.com

• sgpt –chat area –shell “Uncover all of the subdomains of ‘google.com’ utilizing dig command.”
• sgpt –chat footprint –shell “Use Sublist3r to assemble an inventory of subdomains of the goal group eccouncil”

▪ Censys Supply: https://censys.io

▪ SimilarWeb Supply: https://www.similarweb.com

Attackers use enterprise profile websites equivalent to opencorporates, Crunchbase, and corporationwiki to assemble vital details about the goal organizations, equivalent to their location, addresses, contact info (equivalent to telephone numbers, e mail addresses), worker database, division names, kind of service offered, and kind of business.

o Google Alerts Supply: https://www.google.com/alerts

▪ Gathering Data from Teams, Boards, and Blogs

▪ Gathering Data from Public Supply-Code Repositories

Gathering Inform at ion from LinkedIn •

• Attackers use theHarvester device to carry out enumeration on LinkedIn and discover staff of the goal firm together with their job titles

Attackers can use this info to assemble extra info, equivalent to present location and academic {qualifications}, and carry out social engineering or other forms of assaults

Harvesting Electronic mail Lists 

Gathering e mail addresses associated to the goal group acts as an vital assault vector in the course of the later phases of hacking. Attackers can use automated instruments equivalent to theHarvester and Electronic mail Spider to gather publicly obtainable e mail addresses of the workers of the goal group. These instruments harvest e mail lists associated to a specified area utilizing search engines like google and yahoo equivalent to Google, Bing, and Yahoo. Attackers use these e mail lists and usernames to carry out social engineering and brute drive assaults on the goal group. ▪ theHarvester

Supply: https://github.com

Attackers use theHarvester device to extract e mail addresses associated to the goal area. For instance, attackers use the next command to extract e mail addresses of microsoft.com utilizing the Baidu search engine: 

theharvester -d microsoft.com -l 200 -b baidu

Within the above command, -d specifies the area used for harvesting the emails, -l will restrict the outcomes to 200, and -b tells theHarvester to extract the outcomes from the Baidu search engine; alternatively, you need to use Google, Bing, and so forth.

5. Whois Footprinting

 Whois Lookup

Attackers can use the next instructions to carry out DNS reconnaissance utilizing the Fierce device:

The next shell command is designed to carry out DNS enumeration utilizing the “dnsrecon” device on the www.certifiedhacker.com area:

sudo apt-get replace && sudo apt-get set up -y dnsrecon && dnsrecon -d certifiedhacker.com -t std Clarification of the command:

▪ sudo apt-get replace: Updates the package deal lists for upgrades and new package deal installations.

▪ &&: Concatenates instructions to execute them sequentially. 

▪ sudo apt-get set up -y dnsrecon: Installs the dnsrecon device with computerized “sure” to all prompts.

▪ dnsrecon -d certifiedhacker.com -t std: Initiates the dnsrecon device to carry out DNS enumeration on the certifiedhacker.com area utilizing customary enumeration methods.

Reverse DNS Lookup 

DNS lookup is used to search out the IP addresses for a given area title, and a reverse DNS operation is carried out to acquire the area title of a given IP deal with. When in search of a site by coming into the area title in a browser, the DNS converts the area title into an IP deal with and forwards the request for additional processing. This conversion of a site title into an IP deal with is carried out utilizing a report. Attackers carry out a reverse DNS lookup on the IP vary to find a DNS PTR report for such IP addresses.

Attackers use varied instruments equivalent to DNSRecon, Reverse Lookup, puredns, Reverse IP Area Test, and Reverse IP Lookup to carry out reverse DNS lookup on the goal host. After we get hold of an IP deal with or a variety of IP addresses, we will use these instruments to acquire the area title. 

▪ DNSRecon

Supply: https://github.com

As proven within the screenshot, attackers use the next command to carry out a reverse DNS lookup on the goal host: 

dnsrecon -r 162.241.216.0-162.241.216.255 

Within the above command, the -r possibility specifies the vary of IP addresses (first to final) for a reverse lookup by brute drive.

▪ Reverse Lookup Supply: https://mxtoolbox.com

7. Community and Electronic mail Footprinting

Community and Electronic mail Footprinting

The following step after retrieving DNS info is to assemble network-related info and monitor e mail communications. This part describes the tactic to find the community vary, traceroute evaluation, and traceroute instruments. It additionally describes the way to monitor e mail communications, the way to acquire info from e mail headers, and e mail monitoring instruments.

Acquiring non-public IP addresses may be helpful to attackers. The Web Assigned Numbers Authority (IANA) has reserved the next three blocks of IP deal with house for personal internets: 10.0.0.0–10.255.255.255 (10/8 prefix), 172.16.0.0–172.31.255.255 (172.16/12 prefix), and 192.168.0.0–192.168.255.255 (192.168/16 prefix). 

▪ PingPlotter Supply: https://www.pingplotter.com

Monitoring Electronic mail Communications 

Electronic mail monitoring screens the e-mail messages of a specific person. This type of monitoring is feasible by way of digitally time-stamped data that reveal the time and date when the goal receives and opens a selected e mail. Electronic mail monitoring instruments enable an attacker to gather info equivalent to IP addresses, mail servers, and repair suppliers concerned in sending the e-mail. Attackers can use this info to construct a hacking technique and to carry out social engineering and different assaults. Examples of e mail monitoring instruments embody IP2LOCATION’s Electronic mail Header Tracer, MxToolbox, DNS Checker Electronic mail Header Analyzer, and Social Catfish. 

Electronic mail monitoring instruments equivalent to IP2LOCATION’s Electronic mail Header Tracer, MxToolbox, eMailTrackerPro, Holehe, DNS Checker Electronic mail Header Analyzer, and Social Catfish enable an attacker to trace an e mail and extract info equivalent to sender identification, mail server, sender’s IP deal with, location, and so forth. Attackers use the extracted info to trace the e-mail path from the attacker’s location to the goal mail server utilizing IP addresses within the e mail header. 

▪ eMailTrackerPro Supply: http://www.emailtrackerpro.com 

▪ IP2LOCATION’s Electronic mail Header Tracer Supply: https://www.ip2location.com

8. Footprint ing by way of Social Engineering

Social engineers try to assemble 

• Bank card particulars and social safety quantity • Usernames and passwords • Safety merchandise in use • Working methods and software program variations • Community structure info • IP addresses and names of servers

• Eavesdropping • Shoulder browsing • Dumpster diving • Impersonation

Gathering Data Utilizing Eavesdropping, Shoulder Browsing, Dumpster Diving, and Impersonation

Eavesdropping, shoulder browsing, dumpster diving, and impersonation are social engineering methods broadly used to gather info from individuals. 

▪ Eavesdropping Eavesdropping is the act of intercepting communication in any kind, equivalent to audio, video, or textual content, with out the consent of the speaking events. It additionally contains studying confidential messages from communication media equivalent to prompt messaging or fax transmissions. The attacker can achieve info by tapping telephone conversations or intercepting audio, video, or written communications.

▪ Shoulder Browsing

Shoulder browsing is a way whereby attackers secretly observe the goal to achieve important info. Within the shoulder browsing method, an attacker stands behind the sufferer and secretly observes the sufferer’s actions on the pc, equivalent to keystrokes whereas coming into usernames, passwords, and so forth. The method is efficient in gaining passwords, private identification numbers, safety codes, account numbers, bank card info, and related knowledge. Attackers can simply carry out shoulder browsing in a crowded place, as it’s comparatively simple to face behind and watch the sufferer with out his or her data.

▪ Dumpster Diving

This uncouth method, also referred to as trashing, includes the attacker rummaging for info in rubbish bins. The attacker might achieve important info equivalent to telephone payments, contact info, monetary info, operations-related info, printouts of supply codes, printouts of delicate info, and so forth from the goal firm’s trash bins, printer waste bins, sticky notes at customers’ desks, and so forth. The attacker might also collect account info from ATM trash bins. The data can assist the attacker to commit assaults.

▪ Impersonation

Impersonation is a way whereby an attacker pretends to be a professional or licensed particular person. Attackers carry out impersonation assaults personally or use telephones or different communication media to mislead targets and trick them into revealing info. The attacker would possibly impersonate a courier/supply particular person, janitor, businessman, consumer, technician, or he/she might faux to be a customer. Utilizing this system, an attacker gathers delicate info by scanning terminals for passwords, looking vital paperwork on desks, rummaging bins, and so forth. The attacker might even attempt to overhear confidential conversations and “shoulder surf” to acquire delicate info.

Maltego is an automatic device that can be utilized to find out the relationships and real-world hyperlinks between individuals, teams of individuals, organizations, web sites, Web infrastructure, paperwork, and so forth. Attackers can use completely different entities obtainable within the device to acquire info equivalent to e mail addresses, an inventory of telephone numbers, and a goal’s Web infrastructure (domains, DNS names, Netblocks, IP addresses info).

Recon-ng

Recon-ng is a Net Reconnaissance framework with unbiased modules and database interplay, which gives an surroundings during which open supply, web-based reconnaissance may be carried out

AI-Powered OSINT Instruments

AI has revolutionized open-source intelligence (OSINT) by considerably enhancing investigative capabilities by way of superior knowledge assortment, evaluation, and prediction. AI automates knowledge processing, extracts related insights, delivers actionable intelligence extra effectively than conventional strategies, and enhances the OSINT instruments. AI-powered instruments supply quite a few benefits for OSINT. The next are some key use circumstances during which AI can considerably profit OSINT researchers. ▪ Net Scraping: AI methods make the most of on-line knowledge from sources equivalent to social media, blogs, boards, and deep internet databases. This knowledge allows the monitoring of entities over time or the monitoring of public habits. Machine-learning fashions can automate the extraction of particular info equivalent to social media feedback and replies.

▪ Sample Recognition: Machine studying (ML) methods can establish entities inside giant datasets and analyze recordsdata to establish the relationships between completely different entities. These entities embody names, firm particulars, addresses, emails, telephone numbers, and related knowledge.

▪ Content material Summarization: NLP algorithms can summarize giant volumes of information. OSINT gatherers can make the most of this functionality to extract pertinent info from in depth datasets. For instance, an AI summarization device can extract firm names from a set of PDF recordsdata spanning a whole bunch of pages.

▪ Picture Recognition: Laptop imaginative and prescient, a subset of AI, can analyze digital media recordsdata equivalent to pictures and movies. In OSINT investigations, laptop imaginative and prescient can help in:

o Face Recognition: Figuring out and monitoring people throughout completely different media. o Metadata Evaluation: Extracting metadata from digital recordsdata.

o Reverse Picture Search: Enhancing reverse picture search capabilities and detecting deepfake pictures.

▪ AI Detection: AI may establish content material generated by different AI instruments, which is essential for detecting malicious actions facilitated by AI.

AI-Powered OSINT Device: Taranis AI Supply: https://taranis.ai

Taranis AI is a complicated OSINT device makes use of AI to boost info gathering and situational analyses. It makes use of NLP and AI to enhance the standard of information obtained from knowledge sources, equivalent to web sites, to assemble unstructured information articles. Analysts then remodel these AI-enhanced articles into organized studies which might be used as the idea for deliverables equivalent to PDF recordsdata which might be ultimately revealed.

AI-Powered OSINT Device: OSS Perception Supply: https://ossinsight.io

OSS Perception leverages AI to delve deep into the GitHub ecosystem by analyzing an intensive dataset of over 5 billion GitHub occasions. This functionality allows it to supply complete insights and instruments to boost the understanding and navigation of the open-source world. From detailed repository analytics encompassing metrics equivalent to stars, forks, and commits to insights into developer productiveness and collaboration patterns, OSS Perception is provided with highly effective sources for knowledgeable decision-making and strategic planning in open-source software program growth.

Extra AI-Powered OSINT Instruments

AI OSINT instruments that leverage synthetic intelligence to boost the effectivity and accuracy of open-source intelligence gathering are as follows: ▪ DorkGPT Supply: https://dorkgpt.com DorkGPT is an AI-powered device designed to help Google Dorking, a way used to search out info that’s not simply accessible by way of common search queries. It leverages the capabilities of GPT (Generative Pre-trained Transformer) fashions to generate and refine search queries, serving to customers uncover delicate info, hidden pages, and different knowledge which may be related to cybersecurity, moral hacking, or analysis functions.

▪ DorkGenius Supply: https://dorkgenius.com DorkGenius is an AI-powered device that automates Google Dorking and helps customers

generate superior search queries to search out particular info on the web. It’s helpful for uncovering hidden recordsdata, directories, delicate info, and safety vulnerabilities, significantly within the case of moral hackers.

▪  Google Phrase Sniper Supply: https://googlewordsniper.eu

Google Phrase Sniper helps to refine search queries for more practical Google outcomes. It identifies focused key phrases and phrases, making it simpler to search out particular info, hidden content material, and area of interest knowledge. This device is efficacious for researchers, entrepreneurs, and cybersecurity professionals, because it enhances their skill to uncover priceless buried info in search outcomes.

▪ Cylect.io Supply: https://cylect.io

Cylect.io is a complicated AI-powered OSINT device that integrates a number of databases right into a user-friendly interface, offering an enormous assortment of sources for moral hackers and enabling environment friendly and assured OSINT investigations. Developed to deal with the inefficiencies of conventional search engines like google and yahoo, Cylect.io simplifies the search course of and enhances the pace and accuracy of information assortment in investigative contexts.

▪ ChatPDF Supply: https://chatpdf.com

ChatPDF is an OSINT device that leverages AI to investigate and extract info from PDF paperwork by way of a conversational interface. Customers can add PDF recordsdata and work together with the device to shortly retrieve particular knowledge, summaries, and insights, making it a priceless useful resource for moral hacking.

▪ Bardeen.ai Supply: https://www.bardeen.ai

Bardeen.ai is an automation device that can be utilized for OSINT by enabling customers to streamline and automate knowledge assortment and evaluation processes from varied on-line sources. This enhances the pace and accuracy of OSINT actions, making them helpful belongings for cybersecurity professionals, researchers, and investigators.

▪ DarkGPT Supply: https://github.com/luijait/DarkGPT

DarkGPT is an AI assistant that makes use of GPT-4-200K to question leaked databases, aiding in environment friendly and focused searches inside compromised knowledge sources. This permits customers to extract important info and insights, enhancing the OSINT capabilities of cybersecurity analysts and researchers.

▪ PenLink Cobwebs Supply: https://cobwebs.com

PenLink Cobwebs is a complicated AI-powered OSINT device that focuses on gathering and analyzing knowledge from varied on-line sources. It provides complete capabilities for amassing, processing, and visualizing info to assist cybersecurity investigations.

▪ Discover AI Supply: https://exploreai.vercel.app

Discover AI is an AI-powered YouTube search engine that makes use of synthetic intelligence to seek for and extract info from YouTube movies, making it simpler to entry info for moral hacking functions.

▪  AnyPicker Supply: https://app.anypicker.com

AnyPicker is a strong visible internet scraper and AI OSINT device designed to extract knowledge from web sites with out requiring coding abilities. This device helps scraping a number of pages concurrently and gives a real-time preview of the extraction outcomes, providing flexibility and effectivity in internet knowledge assortment.

Create and Run Customized Python Script to Automate Footprinting Duties with AI 

Attackers can leverage AI-powered applied sciences to boost and automate their footprinting duties. With assistance from AI, attackers can effortlessly create and run customized footprinting scripts and purchase priceless insights about their targets. By creating customized scripts empowered by synthetic intelligence (AI), attackers can effectively execute a sequence of web site footprinting instructions to assemble details about a goal area for cybersecurity assessments. For instance, Attackers can use ChatGPT to information the event of such a script by utilizing an acceptable immediate equivalent to: “Develop a Python script which is able to settle for the area title www.microsoft.com as enter and execute a sequence of web site footprinting instructions, together with DNS lookups, WHOIS data retrieval, e mail enumeration, and extra, to assemble details about the goal area.”

State of affairs

Reconnaissance refers to amassing details about a goal, which is step one in any assault on a system. It has its roots in army operations, the place the time period refers back to the mission of amassing details about an enemy. Reconnaissance helps attackers slim down the scope of their efforts and aids within the collection of weapons of assault. Attackers use the gathered info to create a blueprint, or “footprint,” of the group, which helps them choose the best technique to compromise the system and community safety.

Equally, the safety evaluation of a system or community begins with the reconnaissance and footprinting of the goal. Moral hackers and penetration (pen) testers should acquire sufficient details about the goal of the analysis earlier than initiating assessments. Moral hackers and pen testers ought to simulate all of the steps that an attacker often follows to acquire a good thought of the safety posture of the goal group. On this state of affairs, you’re employed as an moral hacker with a big group. Your group is alarmed on the information tales regarding new assault vectors plaguing giant organizations world wide. Moreover, your group was the goal of a significant safety breach previously the place the private knowledge of a number of of its clients have been uncovered to social networking websites.

You could have been requested by senior managers to carry out a proactive safety evaluation of the corporate. Earlier than you can begin any evaluation, it’s best to talk about and outline the scope with administration; the scope of the evaluation identifies the methods, community, insurance policies and procedures, human sources, and every other part of the system that requires safety analysis. You must also agree with administration on guidelines of engagement (RoE)—the “do’s and don’ts” of evaluation. Upon getting the mandatory approvals to carry out moral hacking, it’s best to begin gathering details about the goal group. When you methodologically start the footprinting course of, you’ll get hold of a blueprint of the safety profile of the goal group. The time period “blueprint” refers back to the distinctive system profile of the goal group as the results of footprinting.

The labs on this module offers you a real-time expertise in amassing a wide range of details about the goal group from varied open or publicly accessible sources.

Goal

The target of the lab is to extract details about the goal group that features, however shouldn’t be restricted to:

• Group Data Worker particulars, addresses and get in touch with particulars, associate particulars, weblinks, internet applied sciences, patents, logos, and so forth.

• Community Data Domains, sub-domains, community blocks, community topologies, trusted routers, firewalls, IP addresses of the reachable methods, the Whois report, DNS data, and different associated info

• System Data Working methods, internet server OSes, location of internet servers, person accounts and passwords, and so forth.

Footprinting refers back to the strategy of amassing details about a goal community and its surroundings, which helps in evaluating the safety posture of the goal group’s IT infrastructure. It additionally helps to establish the extent of threat related to the group’s publicly accessible info.

Footprinting may be categorized into passive footprinting and energetic footprinting:

• Passive Footprinting: Includes gathering info with out direct interplay. Any such footprinting is principally helpful when there’s a requirement that the information-gathering actions are to not be detected by the goal.

• Energetic Footprinting: Includes gathering info with direct interplay. In energetic footprinting, the goal might acknowledge the continuing info gathering course of, as we overtly work together with the goal community.

Lab Duties

Moral hackers or pen testers use quite a few instruments and methods to gather details about the goal. Advisable labs that can help you in studying varied footprinting methods embody:

1. Carry out footprinting by way of search engines like google and yahoo

   • Collect info utilizing superior Google hacking methods

2. Carry out footprinting by way of Web Analysis Companies

   • Discover the corporate’s domains, sub-domains, and Hosts utilizing Netcraft and DNSdumpster

3. Carry out footprinting by way of social networking websites

   • Collect private info from varied social networking websites utilizing Sherlock

4. Carry out Whois footprinting

   • Carry out Whois lookup utilizing DomainTools

5. Carry out DNS footprinting

   • Collect DNS info utilizing nslookup command line utility and on-line device

6. Carry out community footprinting

   • Carry out community tracerouting in Home windows and Linux Machines

7. Carry out e mail footprinting

   • Collect details about a goal by tracing emails utilizing eMailTrackerPro

8. Carry out footprinting utilizing varied footprinting instruments

   • Footprinting a goal utilizing Recon-ng

9. Carry out Footprinting utilizing AI

   • Footprinting a goal utilizing Shellgpt

1. Other than the aforementioned superior Google operators, you may also use the next to carry out a complicated search to assemble extra details about the goal group from publicly obtainable sources.

• cache: This operator means that you can view cached model of the net web page. [cache:www.eccouncil.org]- Question returns the cached model of the web site www.eccouncil.org

• allinurl: This operator restricts outcomes to pages containing all of the question phrases specified within the URL. [allinurl: EC-Council career]—Question returns solely pages containing the phrases “EC-Council” and “profession” within the URL

• inurl: This operator restricts the outcomes to pages containing the phrase specified within the URL [inurl: copy site:www.eccouncil.org]—Question returns solely pages in EC-Council web site during which the URL has the phrase “copy”

• allintitle: This operator restricts outcomes to pages containing all of the question phrases specified within the title. [allintitle: detect malware]—Question returns solely pages containing the phrases “detect” and “malware” within the title

• inanchor: This operator restricts outcomes to pages containing the question phrases specified within the anchor textual content on hyperlinks to the web page. [Anti-virus inanchor:Norton]—Question returns solely pages with anchor textual content on hyperlinks to the pages containing the phrase “Norton” and the web page containing the phrase “Anti-virus”

• allinanchor: This operator restricts outcomes to pages containing all question phrases specified within the anchor textual content on hyperlinks to the web page. [allinanchor: best cloud service provider]—Question returns solely pages during which the anchor textual content on hyperlinks to the pages include the phrases “finest,” “cloud,” “service,” and “supplier”

• hyperlink: This operator searches web sites or pages that include hyperlinks to the desired web site or web page. [link:www.eccouncil.org]—Finds pages that time to EC-Council’s house web page

• associated: This operator shows web sites which might be related or associated to the URL specified. [related:www.eccouncil.org]—Question gives the Google search engine outcomes web page with web sites much like eccouncil.org

• data: This operator finds info for the desired internet web page. [info:eccouncil.org]—Question gives details about the www.eccouncil.org house web page

• location: This operator finds info for a selected location. [location: EC-Council]—Question provide you with outcomes based mostly across the time period EC-Council

1. Launch any internet browser, and go to https://www.netcraft.com (right here, we’re utilizing Mozilla Firefox).

2. Click on on menu icon from the top-right nook of the web page and navigate to the Assets -> Analysis Instruments. Within the Instruments | Netcraft web page, click on on Web site Report possibility.

3. Open a brand new tab in Firefox browser and go to https://dnsdumpster.com/. Seek for certifiedhacker.com within the search field.

1. Within the nslookup interactive mode, kind set kind=a and press Enter. Setting the kind as “a” configures nslookup to question for the IP deal with of a given area.

2. set kind =cname

3. set kind =

To resolve hosts utilizing the Bing module, use the next instructions:

• again
• modules load recon/domains-hosts/bing_domain_web
• run

1. After incorporating the ShellGPT API in Parrot Safety machine, we are going to use ShellGPT for harvesting emails pertaining to a goal group. To take action, run sgpt –chat footprint –shell “Use theHarvester to assemble e mail accounts related to ‘microsoft.com’, limiting outcomes to 200, and leveraging ‘baidu’ as an information supply” command.

   Within the immediate kind E and press Enter to execute the command.

2. ShellGPT will harvest the emails utilizing theHarvester device and shows the e-mail and host record.

   

   

3. We are going to carry out footprinting by way of social networking websites utilizing ShellGPT, to take action run sgpt –chat footprint –shell “Use Sherlock to assemble private details about ‘Sundar Pichai’ and save the lead to recon2.txt” command.

   Within the immediate kind E and press Enter to execute the command.

   

4. After the execution of the command, within the terminal run ls command to view the contents within the current working listing.

   

5. We will see that recon2.txt file is created by earlier command. Within the terminal window, run pluma recon2.txt command to view its contents. Shut the textual content editor window.

   ls

6. We are going to carry out DNS lookup utilizing ShellGPT, to take action, run sgpt –chat footprint –shell “Set up and use DNSRecon to carry out DNS enumeration on the goal area www.certifiedhacker.com” command.

   Within the immediate kind E and press Enter to execute the command.

   

7. Within the terminal run sgpt –chat footprint –shell “Carry out community tracerouting to find the routers on the trail to a goal host www.certifiedhacker.com” command to carry out Traceroute to a goal.

   Within the immediate kind E and press Enter to execute the command.

   

8. Now run sgpt –chat footprint –shell “Develop a Python script which is able to settle for area title microsoft.com as enter and execute a sequence of web site footprinting instructions, together with DNS lookups, WHOIS data retrieval, e mail enumeration, and extra to assemble details about the goal area” command to run a python script to automate footprinting duties.