CAPEC-169: Footprinting

Description
An adversary engages in probing and exploration activities to identify constituents and properties of the target.
Extended Description

Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. Although similar to fingerprinting, footprinting aims to get a more holistic view of a system or network, whereas fingerprinting is more targeted to a specific application or operating system. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.

Severity :

Very Low

Possibility :

High

Type :

Meta
Relationships with other CAPECs

This table shows the other attack patterns and high level categories that are related to this attack pattern.

CAPEC-292: Host Discovery Host Discovery CAPEC-300: Port Scanning Port Scanning CAPEC-309: Network Topology Mapping Network Topology Mapping CAPEC-497: File Discovery File Discovery CAPEC-529: Malware-Directed Internal Reconnaissance Malware-Directed Internal Reconnaissance CAPEC-573: Process Footprinting Process Footprinting CAPEC-574: Services Footprinting Services Footprinting CAPEC-575: Account Footprinting Account Footprinting CAPEC-576: Group Permission Footprinting Group Permission Footprinting CAPEC-577: Owner Footprinting Owner Footprinting CAPEC-580: System Footprinting System Footprinting CAPEC-646: Peripheral Footprinting Peripheral Footprinting CAPEC-694: System Location Discovery System Location Discovery
Prerequisites

This table shows the other attack patterns and high level categories that are related to this attack pattern.

  • An application must publicize identifiable information about the system or application through voluntary or involuntary means. Certain identification details of information systems are visible on communication networks (e.g., if an adversary uses a sniffer to inspect the traffic) due to their inherent structure and protocol standards. Any system or network that can be detected can be footprinted. However, some configuration choices may limit the useful information that can be collected during a footprinting attack.
Skills required

This table shows the other attack patterns and high level categories that are related to this attack pattern.

  • Low The adversary knows how to send HTTP request, run the scan tool.
Taxonomy mappings

Mappings to ATT&CK, OWASP and other frameworks.

ATTACK | Browser Bookmark Discovery ATTACK | Gather Victim Host Information ATTACK | Active Scanning
Resources required

The adversary requires a variety of tools to collect information about the target. These include port/network scanners and tools to analyze responses from applications to determine version and configuration information. Footprinting a system adequately may also take a few days if the attacker wishes the footprinting attempt to go undetected.

Related CWE

A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Visit http://capec.mitre.org/ for more details.