Using PTES and open-source tools as a way to conduct external footprinting security assessments for intelligence gathering

Abstract

The first phase in a security assessment activity (legitimate or not) consists in the information gathering procedures that need to be conducted about a specific target. Information gathering, also known as footprinting, is the process of collecting all available and accessible information about a specific target to assess. While conducting a security assessment, this is one of the most important stages and usually involves the examination, collection and classification of large volumes of data from the target. The Penetration Testing Execution Standard (PTES), provides the description of the processes that are necessary to conduct penetration-testing assessments in a generic and integrated manner in all the different stages that compose such penetration testing process. However, the particular focus of this article consists in the analysis of the standard and its recommendations on what concerns footprinting processes and how to provide some contributions in terms of the practical applicability, namely on the usage of open-source footprinting applications, in the implementation of PTES recommendations.