A technique used by ethical hackers to find vulnerabilities in a system, network, or infrastructure. It involves gathering information about their target to identify the best way to penetrate it. Hackers gather all available data, like information about the network, the organization, its employees, and partners. It includes the devices and software used in the company, IP addresses, VPNs, network pams, vendors, and personal employee data (names, addresses, phone numbers, and social media accounts).
Active footprinting is a more straightforward approach but requires more skill from hackers to carry out successfully. It involves using various tools to directly target the organization’s systems to get information about how they operate and possible vulnerabilities that can be exploited. Active footprinting is more difficult because it’s easy for the organization’s security software to detect.
This approach is slower and requires more social engineering skills. A certain amount of luck is also involved. It includes actions like performing Google searches, going through the internet archives, and gathering information on social media (personal employee data or pictures of the offices, meeting rooms, or work screens.) Job ads with certain details can also provide information to a hacker — like a list of software that a potential developer or system administrator will have to work with.