Footprinting is the procedure whereby as much information as possible is gathered in relation to a target. In footprinting, the objective is to obtain specific details about the target, such as its operating systems and the service versions of running applications. The information that's collected can be used in various ways to gain access to the target system, network, or organization. Footprinting allows a penetration tester to understand the security posture of the target infrastructure, quickly identify security vulnerabilities on the target systems and networks, create a network map of the organization, and reduce the area of focus to the specific IP addresses, domain names, and the types of devices regarding which information is required.

Footprinting is part of the reconnaissance phase; however, since footprinting is able to provide more specific details about the target, we can consider footprinting to be a subset of the reconnaissance phase. The following diagram provides a visual overview of how reconnaissance and footprinting sit together:

The following are the main objectives of footprinting:

• Collecting network information (domain names, IP addressing schemes, and network protocols)
• Collecting system information (user and group names, routing tables, system names, and types)
• Collecting organization information (employee details, company directory, and location details)

To successfully obtain information about a target, I would recommend using the following footprinting methodology:

• Checking search engines such as Yahoo, Bing, and Google
• Performing Google hacking techniques (advanced Google searches)
• Information gathering through social media platforms such as Facebook, LinkedIn, Instagram, and Twitter
• Footprinting the company's website
• Performing email footprinting techniques
• Using the whois command
• Performing DNS footprinting
• Network footprint techniques
• Social engineering

You are now able to differentiate between reconnaissance and footprinting. Both reconnaissance and footprinting are required during penetration testing as each provides vital information about the target. In the next section, we will take a deep dive into passive information gathering.