The Footprinting Process 89
Using Search Engines
One of the first steps in the process of footprinting tends to be using a search engine. Search
engines such as Google and Bing can easily provide a wealth of information that the client
may have wished to have kept hidden or may have just plain forgotten about it. The same
information may readily show up on a search engine results page (SERP).
Using a search engine you can find a lot of information, some of it completely unex-
pected or something a defender never considers, such as technology platforms, employee
details, login pages, intranet portals, and so on. A search can easily provide even more
details such as names of security personnel, brand and type of firewall, and antivirus pro-
tection, and it is not unheard of to find network diagrams and other information.
To use a search engine effectively for footprinting, always start with the basics. The very
first step in gathering information is to begin with the company name. Enter the company
name and take note of the results, as some interesting ones may appear.
Nowadays the tendency is for individuals to go directly to their favorite
search engine and review the results it returns. But if you do this, you are
greatly limiting your results. Be sure to search other engines in addition to
your favorite. Different engines can and do give different results here and
there because of the way they have been designed. Depriving yourself of
this information is limiting your potential attack options later.Once you have gotten basic information from the search engine, it’s time to move in a
little deeper and look for information relating to the URL.
If you need to find the external URL of a company, open the search engine of your choice,
type the name of the target organization, and execute the search. Such a search will gener-
ally obtain for you the external and most visible URLs for a company and perhaps some of
the lesser known ones. Knowing the internal URLs or hidden URLs can provide tremendous
insight into the inner structure or layout of a company. However, tools are available that can
provide more information than a standard search engine. Let’s examine a couple.
This process uses a search engine—nothing special at this point. Look for
details that may be skipped over during a more cursory examination. It is
also worth your time to look beyond the first 3–5 pages of results as you
can miss information that may be valuable. Studies have shown that most
users only look at the first 3–5 pages before stopping and trying another
search. Look closely!In some cases you may find that the information you wanted or hoped was
on a website has long since been removed, but you are in luck in this case.
Thanks to Archive.org (also known as The Wayback Machine), you can find
archived copies of websites from which you can extract information.