Skip to content

03. Website Footprinting With Netcraft

Web enumeration using the Netcraft extension, along with important aspects to examine and how to interpret them.

Netcraft is a powerful tool for gathering information about websites, focusing on security, hosting, and infrastructure details. It provides insights useful for cybersecurity, reconnaissance, and analysis.

Steps to Use Netcraft Extension

  1. Install the Netcraft Extension:
    • Available for browsers like Chrome, Firefox, and Edge.
    • Download and enable it from the browser's extension store.
  2. Visit the Target Website:
    • Navigate to the target website for which you want to gather information.
  3. Analyze the Data:
    • Use the Netcraft toolbar or interface to view gathered details.

Key Information to Look At

1. Network Details

  • Purpose: Understand the hosting and IP infrastructure of the website.
  • What to Look For:
    • IP address of the website.
    • ASN (Autonomous System Number) of the hosting provider.
    • Location of the server (geographical).
    • ISP (Internet Service Provider) details.

  • Example:

    Target: example.com
IP: 192.0.2.1
ASN: AS15169 (Google LLC)
Location: Mountain View, CA, USA
ISP: Google Fiber

2. SSL/TLS Information

  • Purpose: Assess the security measures in place for data encryption.
  • What to Look For:
    • SSL/TLS version used (e.g., TLS 1.3, TLS 1.2).
    • Cipher suites in use.
    • Protocol support (e.g., HTTPS).

  • Example:

    Target: example.com
SSL/TLS Version: TLS 1.3
Cipher: AES_256_GCM_SHA384
Protocols: HTTPS

3. SSL Certification

  • Purpose: Verify authenticity and assess potential vulnerabilities in SSL certificates.
  • What to Look For:
    • Certificate issuer (CA, e.g., Let's Encrypt, DigiCert).
    • Validity period (start and expiration dates).
    • Wildcard or SAN (Subject Alternative Names) details.

  • Example:

    Issuer: DigiCert Inc
Valid From: 2025-01-01
Expiry: 2025-12-31
SAN: example.com, www.example.com

4. Hosting History

  • Purpose: Track changes in hosting providers or server locations.
  • What to Look For:
    • Previous hosting providers.
    • Changes in server IP or geographical location over time.
    • Potential vulnerabilities due to migrations.

  • Example:

    Hosting History:
2023-01-01: Hosted by Amazon AWS, US
2024-01-01: Moved to Cloudflare, UK

5. Web Tracker

  • Purpose: Identify trackers for analytics or advertising.
  • What to Look For:
    • Third-party tracking tools (Google Analytics, Facebook Pixel).
    • Potential privacy concerns or data leaks.

  • Example:

    Web Trackers:
Google Analytics
Facebook Pixel
Hotjar

6. Site Technology

  • Purpose: Determine technologies used for the website's backend and frontend.
  • What to Look For:
    • Server type (e.g., Apache, Nginx).
    • Programming languages (e.g., PHP, Python).
    • CMS (Content Management System) used (e.g., WordPress).

  • Example:

    Site Technology:
Server: Apache 2.4
Language: PHP 7.4
CMS: WordPress 6.0

Notes Summary

Aspect Details to Note Example
Network IP, ASN, ISP, server location IP: 192.0.2.1, ASN: AS15169, Location: USA
SSL/TLS Version, ciphers, protocol TLS 1.3, AES_256_GCM_SHA384
SSL Certification Issuer, validity, SAN details Issuer: DigiCert, Validity: 2025-01-01 to 2025-12-31, SAN: example.com
Hosting History Past hosting providers, location changes Hosted by AWS (2023), moved to Cloudflare (2024)
Web Tracker Analytics and advertising tools Google Analytics, Facebook Pixel
Site Technology Server type, programming languages, CMS Apache 2.4, PHP 7.4, WordPress 6.0

By combining these details, you can create a detailed profile of the target website, which can be useful for various purposes, including cybersecurity assessments and competitive analysis.