Course 35 - Footprinting and Reconnaissance | Episode 6: Information Gathering with theHarvester in Kali Linux

Course 35 - Footprinting and Reconnaissance | Episode 7: Information Gathering and Domain Reconnaissance Lab

In this lesson, you’ll learn about: reconnaissance using Recon-ng1. What is Recon-ng? * A full-featured web reconnaissance framework * Pre-installed on Kali Linux * Designed to automate OSINT and domain reconnaissance 🔹 Core Concept * Works like a framework (similar to Metasploit) * Uses modules to perform different recon tasks 👉 Purpose: * Build a structured database of target intelligence 2. Tool Overview * Recon-ng 🔹 Key Capabilities * Domain intelligence gathering * Contact harvesting * Subdomain discovery * File and directory enumeration 👉 Advantage: * Organizes results into a workspace database 3. Workspace & Domain Setup🔹 Initial Steps * Create a workspace * Add target domain 👉 Why it matters: * Keeps recon data organized and reusable 4. Contact Harvesting🔹 Module: whois_pocs * Extracts: * Names * Email addresses * Locations 👉 Use Case: * Build a target profile * Useful for: * Social engineering * OSINT correlation 5. Host Discovery & Stealth🔹 Module: bing_domain_web * Finds: * Hosts * Indexed subdomains 🔹 Stealth Feature * Recon-ng introduces delays (sleep) between requests 👉 Benefit: * Mimics human browsing * Reduces detection risk * Avoids IP blocking 6. Subdomain Brute-Forcing🔹 Module: brute_hosts * Uses wordlists to guess subdomains 🔹 Output * Hidden subdomains * Associated IP addresses 👉 Importance: * Expands the attack surface * Reveals hidden infrastructure 7. Sensitive File Discovery🔹 Module: interesting_files * Searches for: * robots.txt * Backup files * Config files 👉 Why it matters: * May expose: * Hidden directories * Internal paths * Misconfigurations 8. Analyzing Server Responses🔹 HTTP Status Codes * 404 → Resource not found (client-side issue) * 300-series → Redirection 👉 Insight: * Helps understand: * Server behavior * Application structure 9. Cybersecurity Use Case🔹 Reconnaissance Phase * Early stage of: * Penetration testing * Bug bounty hunting 🔹 What You Achieve * Map: * Domains * Subdomains * Contacts * Infrastructure 👉 Outcome: * Clear view of the target environment Key Takeaways * Recon-ng is a modular recon framework * Uses workspaces to organize intelligence * Automates multiple OSINT tasks * Includes stealth techniques to avoid detection * Provides structured data for further testing Big PictureRecon-ng helps you:👉 Move from raw data → structured intelligence databaseMental Model * Recon-ng → “Collect + organize recon data” * Analysis → “Turn data into actionable insights” You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy [https://linktr.ee/cybercode_academy]

Course 35 - Footprinting and Reconnaissance | Episode 6: Information Gathering with theHarvester in Kali Linux

In this lesson, you’ll learn about: information gathering using theHarvester1. What is theHarvester? * A reconnaissance tool used for Open Source Intelligence (OSINT) * Built into Kali Linux * Designed to collect publicly available data about a target 🔹 Core Function * Gathers: * Email addresses * Subdomains * IP addresses * Hostnames 👉 Purpose: * Build a digital footprint of the target before active testing 2. Tool Overview * theHarvester 🔹 Data Sources * Search engines: * Google * Bing * External services: * Shodan 👉 Value: * Combines multiple sources into one unified result set 3. Basic Command Usage🔹 Essential Flags * -d → Target domain * -l → Limit number of results * -b → Data source (e.g., google, bing, shodan) * -f → Save output to file 🔹 Example CommandtheHarvester -d microsoft.com -l 100 -b google -f results 👉 What this does: * Searches Google * Collects up to 100 results * Saves output locally 4. Advanced Querying🔹 Additional Flags * -s → Start position of search results 👉 Use Case: * Continue collecting data beyond initial results * Avoid duplicate data 🔹 Shodan IntegrationtheHarvester -d microsoft.com -b shodan 👉 Benefit: * Finds: * Exposed devices * Services * Technical infrastructure 5. Analyzing Results🔹 Key Findings * Subdomains: * news.microsoft.com * support.microsoft.com * IP Addresses: * Associated with infrastructure 🔹 Why It Matters * Reveals: * Attack surface * Entry points * Hidden assets 6. Cybersecurity Use Case🔹 Reconnaissance Phase * First step in: * Penetration testing * Bug bounty hunting 🔹 What You Gain * Target structure understanding * Identification of: * Weak subdomains * Exposed services 👉 Impact: * Better planning for: * Scanning * Exploitation Key Takeaways * theHarvester is a powerful OSINT tool * Uses multiple public sources for data collection * Command-line flags control precision and scope * Results reveal critical reconnaissance insights * Forms the foundation of ethical hacking workflows Big PicturetheHarvester helps you:👉 Move from no knowledge → mapped digital footprintMental Model * theHarvester → “Collect target data” * Analysis → “Understand the attack surface” You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy [https://linktr.ee/cybercode_academy]

Course 35 - Footprinting and Reconnaissance | Episode 5: Website Mirroring and Footprinting with HTTrack

In this lesson, you’ll learn about: website mirroring using HTTrack for footprinting1. What is Website Mirroring? * The process of creating a local copy of a website * Used for: * Footprinting * Reconnaissance * Offline analysis 👉 Goal: * Analyze the target without interacting with the live system repeatedly 2. Tool Overview * HTTrack 🔹 What HTTrack Does * Downloads: * HTML pages * Images * Scripts (JavaScript, CSS) 👉 Result: * A fully browsable offline version of the website 3. Lab Environment Setup🔹 Environment Used * Virtual lab (Cyber Lab) * Windows 7 Virtual Machine 👉 Why this setup: * Safe environment * Pre-configured tools * No risk to real systems 4. Installation & Initial Configuration🔹 Steps * Run: * httrack-3.48.19.exe 🔹 Project Setup * Project Name: * Example: PAB * Category: * Example: intranet * Target: * Website URL 👉 This defines: * What you are copying * How the project is organized 5. Advanced Configuration🔹 Proxy Settings * Configure proxy: * Port 8080 👉 Why: * Required in lab environments * Ensures proper network routing 🔹 Mirroring Depth (Critical Setting) * Max Depth * Limits how deep HTTrack follows links * External Depth * Controls external site crawling 👉 Importance: * Prevents: * Huge downloads * Long execution times 6. Analyzing the Mirrored Website🔹 Comparison * Local copy vs original: * Mostly identical * Some UI elements may be missing 👉 Reason: * Depth limitations * Dynamic content not fully captured 7. Cybersecurity Use Case🔹 Source Code Analysis * Inspect: * HTML * JavaScript * CSS 🔹 What to Look For * Hardcoded IP addresses * Hidden endpoints * API calls * Misconfigurations 👉 Value: * Helps identify: * Weak points * Entry paths * Technology stack Key Takeaways * HTTrack enables offline website analysis * Mirroring helps reduce interaction with live targets * Proper configuration (depth, proxy) is essential * Source code analysis reveals hidden vulnerabilities * This is a key step in web application reconnaissance Big PictureWebsite mirroring helps you:👉 Move from surface browsing → deep analysis * Not just seeing the site * But understanding how it works internally Mental Model * HTTrack → “Copy the website” * Analysis → “Understand the website” You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy [https://linktr.ee/cybercode_academy]

Course 35 - Footprinting and Reconnaissance | Episode 4: Email and Domain Information Mapping

In this lesson, you’ll learn about: Maltego for visual footprinting and OSINT analysis1. What is Maltego? * Maltego * A tool used for: * Information gathering (OSINT) * Footprinting * Visual link analysis 👉 Key idea: * Instead of raw data → Maltego gives you a visual map of relationships 2. Lab Setup (Kali Linux Environment)🔹 Platform * Kali Linux 🔹 Setup Steps * Install Maltego Community Edition * Register an account * Launch and create a new graph 👉 The graph is your workspace where: * Entities (emails, domains, IPs) are connected visually 3. Email Reconnaissance in Maltego🔹 Process * Add an email entity to the graph * Run transforms (automated queries) 🔹 Example Data Source * Have I Been Pwned 🔹 What You Discover * Data breaches linked to the email * Associated accounts or services * Connections to other entities 👉 Value: * Helps identify: * Compromised credentials * Attack vectors 4. Domain-Level Investigation🔹 Example Target * Microsoft (microsoft.com) 🔹 What Maltego Can Find * Associated email addresses * Subdomains * Infrastructure components 👉 This builds: * A complete map of the organization’s digital presence 5. Visualization Power🔹 What Makes Maltego Unique * Displays relationships between: * Emails * Domains * IP addresses * Organizations 🔹 Unexpected Insights * Can reveal: * Physical locations * Cities * Additional contextual data 👉 Result: * A clear attack surface map instead of scattered data 6. Why Maltego is Important * Automates OSINT collection * Correlates data from multiple sources * Makes complex relationships easy to understand Key Takeaways * Maltego is a visual OSINT and footprinting tool * Uses transforms to gather and connect data * Email analysis can reveal breach exposure * Domain analysis maps full infrastructure * Visualization helps identify hidden relationships Big PictureMaltego helps you:👉 Move from data collection → intelligence visualization * Not just gathering info * But understanding how everything is connected Mental Model * Raw tools → give data * Maltego → gives insight + connections You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy [https://linktr.ee/cybercode_academy]

Course 35 - Footprinting and Reconnaissance | Episode 3: Exploring Shodan and the Google Hacking Database

In this lesson, you’ll learn about: Shodan and Google Dorking (GHDB) in footprinting1. Shodan (Internet-Wide Device Discovery)🔹 What is Shodan? * Shodan * A search engine designed to find: * Internet-connected devices * Exposed services 🔹 What You Can Discover * IP addresses * Open ports * Operating systems * Device types (e.g., routers, cameras, servers) 🔹 Example Use Case * Searching for: * Cisco routers * Filtering by: * Geographic location 👉 Why it matters: * Helps identify: * Exposed infrastructure * Potential attack surface 2. Key Shodan Capabilities * Advanced filters: * Location-based searches * Service-specific queries * Real-world visibility into: * Global internet exposure 👉 Insight: * Many systems are: * Misconfigured * Publicly accessible 3. Google Dorking (GHDB)🔹 What is GHDB? * Google Hacking Database * A collection of: * Advanced Google search queries (dorks) 🔹 Purpose * Find: * Sensitive files * Misconfigured web pages * Hidden data 4. Common Google Dorking Techniques🔹 File Type Searches * Example: * .xlsx (Excel files) 👉 Can reveal: * Reports * Credentials (sometimes) * Internal data 🔹 Targeted Queries * Use operators like: * site: * filetype: * intitle: 5. Practical Considerations🔹 Handling Limitations * Google may: * Trigger CAPTCHA (human verification) * Requires: * Careful, slow searching 🔹 Navigating Results * Review multiple pages * Refine queries for accuracy 6. Legal & Ethical Use * Always: * Stay within authorized scope * Use tools for: * Security research * Defensive purposes 👉 Important: * These tools are powerful: * Misuse can lead to legal consequences Key Takeaways * Shodan reveals internet-exposed devices and services * GHDB enables precision searching for sensitive data * Both tools are critical for OSINT and footprinting * Advanced search techniques improve accuracy * Ethical usage is mandatory Big PictureThese tools help you:👉 Move from basic information → deep exposure analysis * Shodan → “What devices are exposed?” * GHDB → “What data is publicly accessible?” Mental Model * Shodan → Infrastructure visibility * Google Dorking → Data discovery You can listen and download our episodes for free on more than 10 different platforms: https://linktr.ee/cybercode_academy [https://linktr.ee/cybercode_academy]