Footprinting is a technique that hackers and criminals use to find out about the specific environment or IT ecosystem a potentially vulnerable system operates in. This makes it easier for them to intrude into the system so they can steal data or cause other issues.

Terms related to Footprinting: Vulnerability, Phishing, Social Engineering, Exploit, Cybersecurity, Breach, Hack.

Footprinting for the purposes of network and software intrusion is similar to “casing” for the purpose of house burglary. A bad actor will learn about an organization’s connections to the internet, websites, employee roster, associated networks, domain names, commonly-used technologies, and more. This can be useful in developing tools and techniques to hack the organization, especially for a system-wide breach.

This is a planning, pre-attack phase designed to maximize a hacker’s chance of success in gaining access to computer systems. It can be used to target attacks more precisely, for example via social engineering, phishing, and spear phishing attacks.

Footprinting will gather important information about an organization including company details, employee information, and email addresses; relationships and ongoing projects with other businesses; legal documents and other important details; internet technologies in use; OS and hardware use; IP addresses and WHOIS lookups; policies and procedures; and more.

These can all help to identify weaknesses, gaps, and vulnerabilities in an organization’s technologies, making it easier to conduct a targeted attack.

Footprinting Resources from Crossmatch