Differentiate between active and passive reconnaissance.
Active: Direct interaction with the target (e.g., ping, port scan).
Passive: Gathering data without contacting the target (e.g., public databases, social media).
Name three tools or methods for passive reconnaissance.
WHOIS lookups, Google Dorking, social media profiling.
What is the purpose of the WHOIS database?
It stores domain registration details like registrar, owner, and contact info, useful for gathering target info.
Give an example of Google Dorking syntax.
site:example.com filetype:pdf "confidential" – finds PDF files on example.com containing "confidential."
What is DNS enumeration?
Gathering DNS records (MX, NS, A, TXT, etc.) to learn about a domain’s structure, mail servers, and subdomains.
What is “Shodan,” and how is it used?
A search engine for internet-connected devices, used to find exposed or vulnerable systems.
Why is footprinting important in ethical hacking?
It helps identify potential attack vectors, understand the target’s infrastructure, and plan effective penetration tests.