Patches and Hotfixes

Hotfixes and Patches – These both words are very important in every aspect for us. Through both of them we can find lot of way to hack a victim. Actually these are use for security or vanishing loop hole purpose. but we can create fake Hotfixes and patches , before that we have to understand what exactly these updates are.

Hotfixes   -A hotfix  is a code that fixes a bug in a product. The users may be notified through emails or through the vendor’s website. Hotfixes are sometimes packaged as a set of fixes called a combined hotfix or service pack

Patch – A patch can be considered as a repair job in a piece of programming problem. A patch is the immediate solution that is provided to users.

Patches and Hotfixes

What is Patch Management – Patch management is a process used to ensure that the appropriate patches are installed on a system”. It involves the following:

  •  Choosing, verifying, testing, and applying patches
  • Updating previously applied patches with current patches
  • Listing patches applied previously to the current software
  • Recording repositories, or depots, of patches for easy selection
  • Assigning and deploying the applied patches

The first step in patch testing is the verification of patch source and integrity which helps you to ensure that update is valid and it is not altered the major components of patch testing include digital signature, checksums, Integrity Verification
Basically patch testing process take place in three different categories are

  • Testing patch installation
  • Testing application Patches
  • Testing Service Patches
Patches and Hotfixes
Patches and Hotfixes

Types of Patches defined by Microsoft – Microsoft releases patches to facilate updates to the windows OS and microsoft applications
Such patches fix known problem or bugs in an OS or application and are shipped in three format are

  • Hotfixes – As security fixes or Quick Fix Enginerring
  • Roll ups – merge updates of several Hotfixes into a single update file
  • Service packs -An update to a software version that fix a bug, include fixes not previously released and introduce new funcionality

There are also some tools used for management tools like Update Expert , Qfecheck , Shavlik NetChk protect ,Kaseya Patch management etc

Keep visting !!

Hacking Webservers 2

In previous post on Hacking web servers we cover Web applications and Web application vulnerabilities and now we discuss about tool to attack on web serves its countermeasure and Increasing Web Server Security

Any Web server software out of the box is usually vulnerable to attack , some vulnerability about Web Servers like

  • Web and application server misconfiguration
  • Default accounts and passwords
  • Overly informative error messages
  • DATA vulnerability
List of tool used for hacking websrevers and for security testing purpose
List of tool used for hacking websrevers and for security testing purpose

Examples include: $ y
• showcode.asp vulnerability
• Piggy backing vulnerability
• Privilege command execution
• Buffer Overflow exploits (IIShack.exe)
• WebDav / RPC Exploits

These components include protocol listeners, such as HTTP.sys, and services, such as World Wide Web Publishing Service (WWW service)
and Windows Process Activation Service (WAS)

Some points to keep in mind before Compromising Web Servers

Issues to consider

  • Dynamic Web pages
  • Connection to a backend database server
  • User authentication
  • What platform was used?

Does the Web Application Use Dynamic Web Pages?
Static Web pages do not create a secure environment . IIS attack example: Directory Traversal Adding .. to a URL refers to a directory above the Web page directory
Early versions of IIS filtered out , but not %c1%9c, which is a Unicode version of the same character

Connection to a Backend Database Server

Security testers should check for the possibility of SQL injection being used to attack the system. SQL injection involves the attacker supplying SQL commands on a Web application field

Connection to a Backend Database Server

Basic testing should look for Whether you can enter text with punctuation marks , Whether you can enter a single quotation mark followed by any SQL keywords , Whether you can get any sort of database error when attempting to inject SQL

User Authentication

Many Web applications require another server to authenticate users Examine how information is passed between the two servers
Encrypted channels, Verify that logon and password information is stored on secure places.
Authentication servers introduce a second target

What Platform Was Used?

Popular platforms include:

  • IIS with ASP and SQL Server (Microsoft)
  • Linux, Apache, MySQL, and PHP (LAMP)

Footprinting is used to find out the platform. The more you know about a system the easier it is to gather information about its vulnerabilities

Now here i am going to share of tools which is useful for hacking web servers and for Security Testers.Choose the right tools for the job , Attackers look for tools that enable them to attack the system. They choose their tools based on the vulnerabilities found on a target system or application.

List of Tools used for Hacking Web Servers and Security Testing

WebGoat project
Its Helps security testers learn how to perform vulnerabilities testing on Web applications developed by OWASP. It’s like HackThisSite without the helpful forum.Tutorials for WebGoat are being made, but they aren’t yet ready

Metasploit Framework

Metasploit framework is an advanced open-source platform for developing, testing, and using exploit code. A tool for penetration testing, exploit development, and vulnerability research. The framework was composed in Perl scripting language and consists of several components written in C, assembler, and Python.It runs on any UNIX-like system under its default configuration a customized Cygwin environment for windows OS users.

Immunity CANVAS Professional

Immunity’s CANVAS makes hundreds of exploits, an automated exploitation system, and a comprehensive, reliable exploit development framework available to penetration testers and security professionals worldwide. CANVAS Professional’s completely open design allows a team to adapt it to their environment and needs. CANVAS Professional supports Windows, Linux MacOSX, and other Python environments

Core Impact

CORE IMPACT is the first automated, comprehensive penetration testing product for assessing specific information security threats to an organization. By safely exploiting vulnerabilities in your network infrastructure, the product identifies real, tangible risks to information assets while testing the effectiveness of your existing security investments.

CGI SCAN

Cgiscan.c: CGI scanning tool written in C in 1999 by Bronc Buster. Tool for searching Web sites for CGI scripts that can be exploited. One of the best tools for scanning the Web for systems with CGI vulnerabilities

Phfscan.c

Written to scan Web sites looking for hosts that could be exploited by the PHF bug. The PHF bug enables an attacker to download the victim’s /etc/passwd file. It also allows attackers to run programs on the victim’s Web server by using a particular URL

Wfetch

GUI tool from Microsoft. It displays information that is not normally shown in a browser, such as HTTP headers. It also attempts authentication using Multiple HTTP methods, Configuration of host name and TCP port, HTTP 1.0 and HTTP 1.1 support
Anonymous, Basic, NTLM, Kerberos, Digest, and Negotiation authentication types Multiple connection types , Proxy support and Client-certificate support

There are  different types of vulnerability scanners according to their availability are:

  •  Online Scanners : e.g. www.securityseers.com
  • Open Source scanners : e.g. Snort, Nessus Security Scanner, and Nmap
  • Linux Proprietary Scanners : The resource for scanners on Linux is SANE
  • Scanner Access Now Easy. Besides SANE there is XVScan, Parallel Port , Scanners under Linux, and USB Scanners on Linux

Some Countermeasures regarding Hacking Webservers.

IISLockdown restricts anonymous access to system utilities as well as the ability to write to web content directories. It disables Web Distributed Authoring and Versioning (WebDAV) .It installs the URLScan ISAPI filter

  • URLScan

UrlScan is a security tool that screens all incoming requests to the server by filtering the requests based on rules that are set by the administrator

  • MBSA Utility

Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool that determines the security state in accordance with Microsoft security recommendations and offers specific remediation guidance

  • File System Traversal Countermeasures

Microsoft recommends setting the NTFS ACLS on cmd.exe and several other powerful executables to Administration and SYSTEM: Full Control only Remove the sample files, Monitor the audit logs,  Apply Microsoft patches and hotfixes regularly.

Methods to Increasing Web Server Security

  • Use of Firewalls
  • Administrator Account Renaming
  • Disabling the Default Websites
  • Removal of Unused Application Mappings
  • Disabling Directory Browsing
  • Legal Notices
  • Service Packs, Hotfixes, and Templates
  • Checking for Malicious Input in Forms and Query Strings
  • Disabling Remote Administration
  • Run Patches and Updates
  • Auditing and Logging
  • Run IISLockdown
  • Disable unnecessary Windows services

Hope you enjoying our tutorials on learn ethical hacking. keep visting !!

Hacking WebServers

Welcome back to the session of learning ABC of Ethical Hacking. Objective of this post is to describe Web applications, Explain Web application
vulnerabilities, Describe the tools used to attack Web servers , Countermeasures and Increasing Web Server Security.

Mainly there are two main Web servers are Apache (Open source) and IIS (Microsoft).

First of all we have to understand that every program is vulnerable. It is nearly impossible to write a program without bugs.Some bugs create security vulnerabilities simillar to this Web applications also have bugs.Web applications have a larger user base than standalone applications so
Bugs are a bigger problem for Web applications. So firstly we study about components of web application later on we move to vulnerability .

Hacking WebServers
Hacking WebServers

Web Application Components

Lets discuss some web application components  which is necessary to understand the Web applications

  • Static Web pages
  • Created using HTML
  • Dynamic Web pages
  • Need special components <form> tags
  • Common Gateway Interface (CGI) scripts
  • Active Server Pages (ASP)
  • PHP
  • ColdFusion
  • Scripting languages like JavaScript VBscript etc
  • ODBC (Open Database connector)

Common Gateway Interface (CGI)
Handles moving data from a Web server to a Web browser. The majority of dynamic Web pages are created with CGI and scripting languages
Describes how a Web server passes data to a Web browser. It relies on Perl or another scripting language to create dynamic Web pages.
CGI Languages – CGI programs can be written in different programming and its also need some scripting languages

  • C or C++
  • Perl
  • Unix shell scripting
  • Visual Basic
  • FORTRAN

Active Server Pages (ASP)

We all says in small form known as ASP DOT NET. HTML pages are static—always the same means they users cant query to the static pages.
ASP creates HTML pages as needed.  They are not static , ASP uses scripting languages such as JScript or VBScript. Although all Web servers  does not support  ASP. IIS supports ASP andApache doesn’t support ASP as well
You can’t see the source of an ASP page from a browser. This makes it harder to hack into, although not impossible

ColdFusion

Server-side scripting language used to develop dynamic Web pages. Uses its own proprietary tags written in ColdFusion Markup Language (CFML). CFML Web applications can contain other technologies, such as HTML or JavaScript

VBScript
Visual Basic Script is a scripting language developed by Microsoft. You can insert VBScript commands into a static HTML page to make it dynamic. It also Provides the power of a full programming language Executed by the client’s browser

JavaScript
Ita a very Popular scripting language and JavaScript also has the power of a programming language functions like Branching , Looping, Testing and Connecting to Databases

Now we talk about Database connectivity. For hacking a web servers we have to learn about Database.
Web pages can display information stored on databases. There are several technologies used to connect databases with Web applications
Technology depends on the OS used

  1. ODBC
  2. OLE DB
  3. ADO

Open Database Connectivity (ODBC)

Standard database access method developed by the SQL Access Group. ODBC interface allows an application to access. Data stored in a database management system (DBMS). Can use Oracle, SQL, or any DBMS that understands and can issue ODBC commands
Interoperability among back-end DBMS is a key feature of the ODBC interface. ODBC defines Standardized representation of data types, A library of ODBC functions and Standard methods of connecting to and logging on to a DBMS

OLE DB and ADO
Object Linking and Embedding Database (OLE DB) and ActiveX Data Objects (ADO)
These two more modern, complex technologies replace ODBC and make up”Microsoft’s Universal Data Access“

Understanding Web Application Vulnerabilities
Many platforms and programming languages can be used to design a Web site. Application security is as important as network security
Attackers controlling a Web server can

  1. Deface the Web site
  2. Destroy or steal company’s data
  3. Gain control of user accounts
  4. Perform secondary attacks from the Web site
  5. Gain root access to other applications or servers

Open Web Application Security Project (OWASP)
OWASP is an Open source ,  not-for-profit organization dedicated to finding and fighting vulnerabilities in Web applications
It Publishes the Ten Most Critical Web Application Security Vulnerabilities. Its worth-full for us

Top-10 Web application vulnerabilities

  1. Unvalidated parameters HTTP requests from browsers that are not validated by the Web server Inserted form fields, cookies, headers, etc.
  2. Broken access control
  3. Developers implement access controls but fail to test them properly .For example, letting an authenticated user read another user’s files
  4. Broken account and session management .Enables attackers to compromise passwords or session cookies to gain access to accounts
  5. Cross-site scripting (XSS) flaws – Attackers inject code into a web page, such as a forum or guestbook. When others user view the page, confidential information is stolen
  6. Buffer overflows – It is possible for an attacker to use C or C++ code that includes a buffer overflow
  7. Command injection flaws – An attacker can embed malicious code and run a program on the database server. Example: SQL Injection
  8. Error-handling problems – Error messages may reveal information that an attacker can use
  9. Insecure use of cryptography – Storing keys, certificates, and passwords on a Web server can be dangerous
  10. Remote administration flaws – Attacker can gain access to the Web server through the remote administration interface

Remaining topics shoul be cover in our next post i.e Hacking web server 2

How to Face an Interview

Hello friends,

Today we are providing you some best tips to crack the HR Interview.. And here are they:

  • The First 30 seconds from the time you enter the Interview room are very precious for you.. Interviewer makes the judgement about you within these 30 seconds only and he takes remaining time to confirm whether he made a right decision or not. So be very careful in this time period.
  • Never seem desperate and don’t be very casual. Because if you are desperate it means that you have less confidence and you supposed to believe on some pure holy forces.
FOR THIS MOMENT, THE WORLD PREPARE YOU SINCE 20 YEARS.
new-inspirational-quotes-01-1024x791
Momentum
  • Success happens to you, you never bring it.
  • Simply says by above sentence is you need momemtum, many times we plan we did some thing on end moment, but seriously its never working, so you have keep this in practice so get the momentum and luck aslo favours you.
  • Sometimes you give a excellent answer to an interviewer but interveiwer give you a very strange expression so dont take it seriously at this stage he’s trying to check your confidence.
THEY ARE NOT LOOKING FOR PERFECT CANDIDATE,
THEY ARE FOR SURE CANDIDATE.
Now the surety is
  • They do not want to know how much you know, They want to know how much you sure about what you claim.
  • Your biggest claim is your CV. They always try to grill on your hobbies part.
  • In interview you never compete to anyone. They trying to check your level. Their anaylsis is on you.
Keep 1 thing in your mind
The interviewer is also nervous because you have nothing to loose but he has to impress because gratitude is the greatest burden.
Hence the noticeable point is sureity and other point is Depth.
The other thing, Interviewer want to is depth. If you tell somebody that you are knowlegable or intelligent than never try to shows, its just like mirror. If you are doing this then you are suffering from inferior complex.
Some key point
  • Interview is always govern by you.
  • BE YOURSELF means BE YOUR BEST SELF.
  • In interview you dont supposed to lie. But you can say half truth.
  • Selection never decide on 1st answer, its decide on 7th answer of the same topic. Means Discussion make your selection.
  • you have to salted person, so start anaylsing yourself.
  • Beside your verbal, Non verbal communication is also imp.Your non verbal communication should be in
  1. Breast line
  2. Waist line
  3. Shoulder line.
Your non verbal comm. supposed to be in this rectangle.
  • COULD, WOULD and SHALL, use these three words in your interview.
  • Never ever try to disagree the Interviewer, you can say your thing in this way “I am respect your opinion, but allow me to disagree or here my point of view is quietly different.”
  • Strees interview -Its a game, so plays it, never show your aggression, Be calm.
  • Don’t disagree on each thing because, u have to win “war” not to battle.
In life there is no right or wrong decision, they are always decision. You have to prove it right
Eventually i must say
the best sentence is which you ever says to your parents is
“I AM PLACED”
How to Face an Interview
How to Face an Interview
These are the golden sentence, before preparing yourself for an placement Imagine it. 😀
Here you can all articles regarding Campus placement , job , HR interview , Resume Etc

6 beautiful HR Questions !!!

Here are some of the typical HR questions asked to find out if the candidates have “out of box” thinking capability

HR Questions
HR Questions

Question 1:

“What will you do if I run away with your sister?”

The candidate who was selected answered ” I will not get a better match for my sister than you, sir.”

Question 2:

Interviewer (to a student girl candidate) – What if one morning you woke up & found that you were pregnant ?

I will be very excited and take a day off, to celebrate with my husband. (Normally an unmarried girl will be shocked to hear this, but she managed it well. Why should I think it in the wrong way, she said later when asked.)

Question 3:

Interviewer: He ordered a cup of coffee for the candidate. Coffee arrived and was kept before the candidate, then he asked “What is before you?”

Candidate: Instantly replied “Tea” and got selected.

(You know how and why did he say “TEA” when he knows very well that coffee was kept before him?.
Answer: The question was “What is before you U? (-alphabet). Reply was “TEA” T (- alphabet).

Question 4:

Where Lord Rama would have celebrated his “First Diwali”?

People will start thinking of Ayodya, Mithila [Janaki’s place], Lanka etc…

But the logic is, Diwali was a celebrated as a mark of Lord Krishna Killing Narakasura. In Dusavataar, Krishnavathaar comes after Raamavathaar.

So, Lord Rama would not have celebrated the Diwali At all!

Question 5:

You are driving along in your car on a wild, stormy night, it’s raining heavily, when suddenly you pass by a bus stop, and you see three people waiting for a bus:

An old lady who looks as if she is about to die.
An old friend who once saved your life.
The perfect partner you have been dreaming about.

Which one would you choose to offer a ride to, knowing very well that there could only be one passenger in your car?

This is a moral/ethical dilemma that was once actually used as part of a job application.

* You could pick up the old lady, because she is going to die, and thus you should save her first; * or you could take the old friend because he once saved your life, and this would be the perfect chance to ! pay him back. *
However, you may never be able to find your perfect mate again…

The candidate who was hired (out of 200 applicants) had no trouble coming up with his answer. Guess what was his answer?

He simply answered:

“I would give the car keys to my Old friend and let him take the lady to the hospital. I would stay behind and wait for the bus with the partner of my dreams.”

Sometimes, we gain more if we are able to give up our stubborn thought limitations. Never forget to “Think Outside of the Box.”

Question 6:

The interviewer asked the candidate “This is your last question of the interview. Please tell me the exact position of the center of this table where u have kept your files.”

Candidate confidently put one of his finger at some point at the table and said that this was the central point at the table. Interviewer asked “how did you decide that this is the central point of this table?”, then he answers quickly that “Sir you are not supposed to ask any more question, as it was the last question as you promised …..

And hence, he was selected as because of his quick-wittedness.

This is what Interviewer expects from the Interviewee. ….

“THINK OUTSIDE OF THE BOX”

Resume Format for Freshers

Resume format For Freshers (Engineers)

Around this time every year, most college graduates start scratching their heads  almost to the point of baldness — wondering how in the world to write their first resume and what type of resume format they choose. As i belong to Engineering Stream and am asked by many of my juniors regarding this specially resume format for freshers engineers. So this post is for all searching about Resume and resume format for freshers engineers.

 

Resume Format for Freshers
Resume Format for Freshers

To write your first resume that works, keep these points in mind,, Specially Resume Format to be followed by Freshers.

Choosing Appropriate Resume Format

The First point is to Select the resume format. Here we provide you various Resume formats. Choose the format which you like. There are three locations where you can download these resume formats. Depending on your personal circumstances, choose achronological, a functional, combination, or a targeted resume. Take the time to customize your resume – it’s well worth the effort.

 

 

And the resume which i prefer the most is here- Resume.doc.

Include All Your Contact Information

It’s important to include all your contact information on your resume so employers can easily get in touch with you. Include your full name, street address, city, state,  zip, home phone number, cell phone number, and email address.

Include Resume Keywords

Your resume should include the same keywords that appear in job descriptions. That way, you will increase chances of your resume matching available positions – and of you being selected for an interview.

Write a Custom Resume

It definitely takes more time to write a custom resume, but it’s worth the effort, especially when applying for jobs that are a perfect match for your qualifications and experience.

Tailor Your Resume Objective

If you include an objective on your resume, it’s important to tailor your resume objective to match the job you are applying for. The more specific you are, the better chance you have of being considered for the job you are interested in.

Tweak for Technology

In this competitive job-seeking environment, job seekers need to make sure that their resume stands out from the pack, is selected by talent management systems, and shows, in a professional, no-nonsense way, that the applicant has taken the time and interest to pursue a specific job opening.

Do not include “no kidding” information

There are many people that like to include statements like “Available for interview” or “References available upon request.” If you are sending a resume to a company, it should be given that you are available for an interview and that you will provide references if requested. Just avoid items that will make the employer think “no kidding!”

Achievements instead of responsibilities

Resumes that include a long list of “responsibilities included…” are plain boring, and not efficient in selling yourself. Instead of listing responsibilities, describe your professional achievements.

For other relevant information on this kindly look through my posts which i shared. Those two articles regarding Resume Building are How to prepare a resume and Top 5 tips for Resume building I would like to give.
Keep Visiting

Reality behind Hacking Facebook, Gmail, Yahoo Accounts

Many of people searching on Google about  How to hack  facebook account , how to hack gmail or yahoo etc. And we got various article on regarding hacking these account. Even free/paid software/program/cracker link is also come for hacking these accounts. But whats the The Reality Of Hacking Facebook, Gmail, or Yahoo Accounts ???

Many people on net impressed by the word “hacking account”they think there is some mind blowing , extra talented people whom known as hacker can do anything , can hack anybuddy account. they have some Super technique to hack anyone account. But in reality the scenario is totally different.
Now the biggest fact about Hacking Facebook, Gmail, Yahoo Accounts are 99% accounts are hacked due to victim’s carelessness/lack of knowledge. And the technique involved for hacking the victim account is Keylogger , Phishing , Social Engineering and Click hijacking.

 

Reality Behind Hacking Facebook , G mail  ,Yahoo Accounts

We usually start like googling this, “how to hack gmail” , “softwares for hacking”, “how to hack facebook” etc. No doubt, they are at the right place. I would have rather use words – they are on the right track but will they open up the right door and gain something or they will just end up becoming a victim them self Reality behind Hacking Facebook, Gmail, Yahoo Accounts

Genrally we have signed up for an account(gmail,yahoo or any other reputed website)
Your password is stored only at two places

1. In website’s database
2. In your mind

Stealing password from the website’s database is quite tough task. i am not saying its impossible , yaa but its impossible for normal person. So the remaining option to steal the password is just from you. So here are some way which you have to keep in your mind to not to loose your Account.

1. Phishing– The most common way of hacking them is phishing.
The common type of phishing is Fake Login Page.
The victim is anyhow anyway made to enter his credentials in fake login page which resembles the genuine login page and gets hacked. For phishing before login you have to just the URL

.2. Keylogger–  Its a most common technique used even by a newbie for hacking account. its simply stores whatever you type. So always use Antivirus for your system.

3. Social Engineering – There is no patch to Human Stupidity.It is the hardest form of attack to defend. the best way to don’t share your password to anyone.i think Social engineering is very vast topic so its better to read all information regarding Social Engineering here.

4. Click Jacking – These days its quite famous technique to steal the password, mainly its used for facebook. many peoples for collecting enourmous likes for status fan page or subscribers , they goes for few website (Click jacking) and share its password. To know exactly about Click Hijacking click here.

Reality Behind Hacking Facebook , G mail  ,Yahoo Accounts

-> Does any free/paid software/program/cracker exist to hack such accounts ?

No .You might get numberless free or preminum softwares which claim to crack email accounts. The softwares just ask you to enter victim’s email and start cracking/generating password. I have already told you about two places where one’s password is. From where the hell ,these softwares would bring passwords for you ? . This kinda stuff is undoubtedly scam/rubbish.

-> Is there any free/premium online service to hack such accounts ?

No.You might have logged on to many websites that claim to crack any
email account for some amount of money. They are completely fraud and be aware of them. Dont lose your money there !!

List of Footprinting tools

hey , welcome back friends Hope you enjoying the session of Footprinting and in this post i share about a List of Footprinting tools

There are various tools which is used for Footprinting like Whois , Nslookup , ARIN , Neo Trace , Visual Route Trace , eMail Tracker Pro , Website watcher , Google Earth , GEO Spider etc.

 

List of Footprinting tools
List of Footprinting tools

These Footprinting tools can also be discuss as classified Categories

Foot printing tools for Inspecting Network

  • Bigbrother

It is designed to see how network is performing in near real time from any web browser.
it display  status information as web ages or WML pages for WAP-enabled devices.

  • BiLe Suite

Itself stand for Bi-directional Link Extraction
It contains a number of PERL scripts that can be used by a Penetration Tester to aid in the enumeration phase of a test

Alchemy Network tool and Advanced Administration tool are network diagnostic Tool.

  • My IP Suite

Its combines domain-to-IP Converter , Batch Ping , Tracert , Whois ,Website Scanner and Connection Monitor as well as an IP-to-country converter into a Single Interface.

Foot printing tools for Whois Tools

(get personal details and contact Info about the domain)

  • Wikto Footprinting tool
  • Whois Lookup
  • Smart Whois
  • Active Whois
  • Lan Whois
  • Country whois and Where Is IP (Geographical location of an IP)
  • ip2 country – utiltiy for converting IP’s address to the country’s name
  • CallerIP

Use callerIP to easily see when someone has connected to the computer , report IP address , adn run a trace on that IP address

Web Data Extractor Tool (to extract the targeted company contact’s data like email, phone, fax etc)

Foot printing tools for Online Whois Tools

  • www.samspade.org
  • www.geektools.com
  • www.whois.net
  • www.demon.net

Foot printing tools for DNS Information Extraction Tools

  • Dns Enumerator

its an automatd sub-domain retrieval tool and it scan google to extract the result

  • Spider Foot

– it will scarpe the the website on that domain as well as search Google, Netcraft,Whois and DNS to build up information

  • Nslookup
  • www.dnsstuff.com – through this you can extract DNS information such as: Mail server extensions , IP addresses.
  • Domain King and Expired Domains – it enable to search through a list of expiring domain names by Keyword, domian , Character lentgh and other criteria.
  • MSR Strider URL Tracer – it enable to scan a domain name to see the third party domains that it serves content from and/or whether the site is being redirected
  • Mozzle Domain pro
  • Domain research Tool

Foot printing tools for Locating Network Range

(Finding the range of IP addreses and Discerning the subnet mask)

  • ARIN 

It allows searches on the whois database to locate information on a network’s autonomous system numbers (ASNs), network-related handles, and other related point of contact (POC)

  • Tracerroute – It reveals the path IP packets travel b/w two systems.
  • 3D traceroute – allows visually traceroute program
  • Neo Trace and Visual route trace – allows visually traceroute program
  • Path Analyzer Pro – it delivers advanced network route tracing.
  • Maltego – its used for information gathering phase of panetration testing
  • Touchgraph –  www.Touchgraph.com ->it allow for the creation and navigation of interactive graphs. (Ideal for organising link or mind mapping)

Foot printing tools for Mail Tracker

  • VisualRoute Mail Tracker – It shows the numbr oh hops made and the respective IP addresses, the node name,location, time zone and network
  • eMail Tracker Pro – the email analysis tootl that enables analysis of an email and its headers abutomatically, and provides graphical results.
  • Read Notify – www.readnotify.com
  • E-Mail Spiders also use for Foot printing
  • Foot printing tools for Locating Network Activity
  • GEO spider – its help you to detect,identify and monitoring your network activity onthe World map.
  • Geowhere – it handle many popular newsgroup to find answers to your queries in an easy and fast manner
  • Google Earth – its put a planet’s worth of imagery and other geo info.
  • List of Search Engine as Footprinting Tools
  • Kartto –  www.kartoo.com
  • Dogpile – www.dogpile.com (Meta Saerch Engine)
  • Webferret – its searches the web quickly and throughly by instantly submiting the search query to multiple search engine
  • Robots.txt as for FootPrinting
  • Website Copier as for Footprinting

Keep visiting !!