In this chapter, you’ll begin the process of investigating a
system with the intention of attacking and compromising the
target. You’ll start with the step known as footprinting, and
subsequent steps depend on the results of the previous one.
Understanding the Steps of
Ethical Hacking
For an overview of the process, let’s look at the steps of ethical hacking to see where foot-
printing fits in as well as what future phases hold.
Phase 1: Footprinting
Footprinting is the first phase of the ethical hacking process and is the subject of this chapter.
This phase consists of passively gaining information about a target. The goal is to gather as
much information as possible about a potential target with the objective of getting enough
information to make later attacks more accurate. The end result should be a profile of the tar-
get that is a rough picture but one that gives enough data to plan the next phase of scanning.
Information that can be gathered during this phase includes:
■ IP address ranges
■ Namespaces
■ Employee information
■ Phone numbers
■ Facility information
■ Job information
Footprinting takes advantage of the information that is carelessly exposed or disposed of
inadvertently.
Phases 2–4 are the subjects of later chapters (scanning, Chapter 5, “Scan-
ning Networks”; enumeration, Chapter 6, “Enumeration of Services”; and
system hacking, Chapter 7, “Gaining Access to a System”) but do remem-
ber that the information gathered in Phase 1 is crucial to the success of
later phases. Time spent researching and investigating shortens the attack
phase and makes it potentially more fruitful and accurate.