Sunday, February 13, 2011

Why network footprinting?

Since our initial release of Yeti (once again, thank you for all the support thus far) we have had a number of suggestions, bug reports and critiques from keen users, all of this is greatly appreciated by the team at SensePost.
A number of you have asked us "why bother?, why bother writing yet another network footprinting tool?"
This is a great question, especially in an industry where numerous tools exist that do the same job.
We believe in the necessity to have good, solid Internet intelligence gatherers is on the increase. For small companies, such as a mom and pop shop, the requirement is much less than a multinational company with presence all over the Internet.
Cloud computing is compounding this necessity. Developers are embracing the instant availability of uncountable cycles of processing and storage, to serve up hot gourmet applications and services. But how much of this is officially sanctioned and comply with company security policies?
This is a question we often get asked by risk managers, and with Yeti we can give them solid answers. In short, many companies don't understand what they have out there on the Internet.
An example of this was when recently, we performed a footprinting exercise for a client, that focused heavily on the WHOIS data. We broke the results down into its most granular form, even focusing on the registrant and registrar data. This particular client then picked up that a rogue business unit was operating outside of senior management control and knowledge and leveraging off the parent company's name and brand.
This was picked up through the registrant email being different from the rest. Small detail but increasingly significant.
Secondly, we at SensePost believe in the most effective way of performing a task. Sure, you can do what Yeti achieves using command line techniques, but let's be honest here and admit this process is tedious and laborious. One shouldn't struggle in getting the data - one should rather put effort into analysing the results and applying them to the problem at hand.
Remember, technology scales - people don't. There is no shame in making use of technology to do manual labour.
Thirdly, at SensePost, the necessity was also driven by a depreciated Bidiblah. The 'Blah' was the flagship tool for fingerprinting for many years and, at the time, ahead in its class. But recently it has had problems walking up stairs and we now feel it's time for it to spend long days playing cards in a retirement home.
A question that hasn't been asked of us yet is: "Why should we follow the blog?, I don't care about your product!". Simply put, we will be using this blog to keep you updated about all aspects of Yeti's development, techniques that can be used and any other interesting tips we think you'd enjoy knowing about. Several of the techniques used in Yeti consist of rudimentary command line driven derivatives and these techniques will be discussed at a future date.
So there you have it, our approach at SensePost to footprinting is now available as a tool for the community.
Happy digging.

No comments:

Post a Comment