Exploring Module 02 of EC Council’s CEH: Footprinting and Reconnaissance

Footprinting serves as the initial phase in assessing the security status of a target organization’s IT infrastructure. Engaging in footprinting and reconnaissance activities can collect extensive information about a computer system, network, and any connected devices. Footprinting creates a detailed security profile for an organization and should be carried out systematically.

Footprinting and Reconnaissance

Module 01 of EC Council’s CEH : Introduction to Ethical Hacking
Module 2 of EC Council’s CEH: Footprinting and Reconnaissance introduces footprinting concepts and provides insights into the footprinting methodology.

What is Footprinting?

Footprinting is the first step of any attack on an information system in which attackers collect information about a target network to identify various ways to intrude into the system or network.

Types of Footprinting

Information Obtained in Footprinting

Information Obtained in Footprinting

Footprinting Methodology

Footprinting Methodology

Google Hacking Database

The Google Hacking Database (GHDB) is a comprehensive resource that contains a collection of advanced Google search queries, often referred to as Google Dorks. These queries are designed to find security loopholes and expose sensitive information accessible through Google searches.

Techniques for Footprinting through Search Engine

1. Advanced Search: Footprinting using advanced Google hacking techniques involves leveraging specific Google search queries to find sensitive information or security vulnerabilities within a target’s infrastructure. It’s a part of passive information gathering, as it doesn’t involve direct interaction with the target’s systems. Here’s how it’s typically done:

The syntax to use an advanced search operator is operator: search_term

Some of the popular Google advanced search operators include:

site: Narrow the search results to a specific website or domain. site:example.com
intitle: Finds pages with specific text in the title tag example: intitle:login page
inurl: Locates URLs containing a specified keyword. Example: inurl:admin
intext: Searches for pages containing certain text in their content. Example: intext:confidential

2. Advanced Image Search:

Description: Helps in finding images related to the target, including images of employees, infrastructure, or inadvertently uploaded documents.

Tools: Google Images (Advanced Search), Bing Images.

3. Reverse Image Search:

Description: Useful for identifying the source or additional occurrences of an image, aiding in locating where else a particular image is being used.

Tools: Google Images, Reverse Image Search By Imagetotext.me , TinEye.

4. Meta Search Engine:

Description: Aggregates results from multiple search engines, broadening the search scope and providing a more comprehensive set of results.

Tools: Dogpile, Metacrawler.

5. Video Search Engine:

Description: Tailored for finding videos, useful for uncovering video content related to the target, like interviews and presentations.

Tools: Bing Video Search, DuckDuckGo Video Search.

6. FTP Search Engine:

Description: Aids in locating files on FTP servers, revealing downloadable data, software, or documents not indexed by standard web search engines.

Tools: Global File Search, Napalm FTP Indexer.

7. IoT Search Engine:

Description: Designed to find Internet of Things (IoT) devices, revealing information about a target’s IoT infrastructure, including potentially unsecured devices.

Tools: Shodan, Censys.

CEH with InfosecTrain

Ethical hacking is a complex and multi-phase process that requires deep knowledge and security certifications. Professionals can improve their security assessment and network architecture skills through ethical hacking courses, such as the Certified Ethical Hacker certification training provided by InfosecTrain. This training provides individuals with the essential skills and methods needed to perform sanctioned hacking into organizations.

TRAINING CALENDAR of Upcoming Batches For Certified Ethical Hacker AI Certification Training

Start Date	End Date	Start - End Time	Batch Type	Training Mode	Batch Status
06-Jun-2026	12-Jul-2026	19:00 - 23:00 IST	Weekend	Online	[ Open ]
04-Jul-2026	09-Aug-2026	09:00 - 13:00 IST	Weekend	Online	[ Open ]

AUTHOR
Pooja Rawat ()

“ Pooja Rawat is a seasoned Cybersecurity and AI Governance Senior Research Specialist and Technical Writer with 5 years of experience in delivering high-impact technical content. She specializes in converting complex security concepts, ranging from cloud security and GRC to AI resilience, into accessible and actionable documentation for both technical and non-technical audiences. Currently, Pooja leads high-impact research projects at Infosec Train, focusing on AI Risk Management Frameworks (NIST AI RMF, ISO/IEC 42001) and Generative AI Security. With a strong background in cybersecurity research, she has successfully authored strategic whitepapers, checklists, certification preparation guides, and compliance guides that bridge the gap between technical engineering and user-centric documentation. Pooja holds a B.Tech degree in Instrumentation & Control Systems from HNBGU, India. During her academic and professional journey, she has demonstrated a strong commitment to continuous learning and knowledge sharing. She has completed specialized training in ISC2 Certified in Cybersecurity (CC) and Cybersecurity Fundamentals. Her dedication to academic and professional enrichment is further reflected in her strategic focus on SEO & Content Strategy as well as Strategic Product Branding, ensuring her technical research remains impactful and market-relevant. “