Reconnaissance

Footprinting (also known as reconnaissance or scouting) is the technique used for gathering information about computer systems and the entities they belong to. To get this information, a hacker might use various tools and technologies. This information is very useful to a hacker who is trying to crack a whole system.

When used in the computer security lexicon, "Footprinting" generally refers to one of the pre-attack phases; tasks performed prior to doing the actual attack. Some of the tools used for Footprinting are Sam Spade, nslookup, traceroute, Nmap and neotrace.

It allows a hacker to gain information about the target system. This information can be used to carry out further attacks on the system. That is the reason by which it may be named a Pre-Attack, since all the information is reviewed in order to get a complete and successful resolution of the attack.

In security it is bettern known as footprinting.
I like "reconnaissance" better, because it can not be confused with Digital footprint.

Crawling

Crawling is the process of surfing the internet to get the required information about the target. The sites surfed can include the target's website, blogs and social networks. The information obtained by this method will be helpful in other methods too.

WHOIS is a web application used to get information about the target website, such as the administrator's e-mail address and details about the registration. WHOIS is a very large database and contains information of approximately all the websites. It can be searched by domain name.

Search engines

Search engines such as Google can also be used to gather information about the target system. It depends on how well one knows how to use search engines to collect information. If used properly, the attacker can gather lots of information about a company, its career and its policies etc.

Google's Advanced Search and Google Search Operators are particular useful tools.

Other resources are:

• Telephone addreess book
• Company register
• Club register

Traceroute

Information can also be gathered using the command Tracert ("traceroute"), which is used to trace a path between a user and the target system on the networks. That way it becomes clear where a request is being forwarded and through which devices. In Linux systems, the tracepath and traceroute commands are also available for doing traceroute operations.

Negative web search

Negative web search will reveal some other websites when performed on the target website. Negative websites can act as resources for insight about the flaws of the target website.

Information to be Gathered

If the attack is to be performed on a company,then the following information will be gathered.

• Company details,employee details and their email addressses.
• Relation with other companies.
• Project details involving other companies.
• Legal documents of the company.
• News relating company website.
• Patents and Trademarks regarding that particular company.
• Important dates regarding new projects.[[8]][20]

OSINT

Open-source intelligence (OSINT) is data collected from publicly available sources to be used in an intelligence context. In the intelligence community, the term "open" refers to overt, publicly available sources (as opposed to covert or clandestine sources). It is not related to open-source software or public intelligence.

OSINT under one name or another has been around for hundreds of years. With the advent of instant communications and rapid information transfer, a great deal of actionable and predictive intelligence can now be obtained from public, unclassified sources.

Principles

Open Source Intelligence (OSINT) is the collection and analysis of information that is gathered from public, or open, sources. OSINT is primarily used in national security, law enforcement, and business intelligence functions and is of value to analysts who use non-sensitive intelligence in answering classified, unclassified, or proprietary intelligence requirements across the previous intelligence disciplines.

OSINT sources can be divided up into six different categories of information flow:

• Media:, print newspapers, magazines, radio, and television from across and between countries.
• Internet, online publications, blogs, discussion groups, citizen media (i.e. – cell phone videos, and user created content), YouTube, and other social media websites (i.e. – Facebook, Twitter, Instagram, etc.). This source also outpaces a variety of other sources due to its timeliness and ease of access.
• Public Government Data, public government reports, budgets, hearings, telephone directories, press conferences, websites, and speeches. Although this source comes from an official source they are publicly accessible and may be used openly and freely.
• Professional and Academic Publications, information acquired from journals, conferences, symposia, academic papers, dissertations, and theses.
• Commercial Data, commercial imagery, financial and industrial assessments, and databases.
• Grey Literature, technical reports, preprints, patents, working papers, business documents, unpublished works, and newsletters.

OSINT is distinguished from research in that it applies the process of intelligence to create tailored knowledge supportive of a specific decision by a specific individual or group.

• https://en.wikipedia.org/wiki/Footprinting
• https://en.wikipedia.org/wiki/Open-source_intelligence