CIS 4350
SpiderFoot
A tool with a graphical user interface (GUI) that queries more than 100 OSINT sources to grab intelligence on email addresses names, IP addresses, domain names, web servers, and more.
Recon-ng
Automate footprinting with this powerful, advanced frameworkusing search engines, social media, and many other sources.
White Pages
Conduct reverse phone number lookups and retrieve addressinformation.
Maltego
Discover relevant files, email addresses, and other importantinformation with this powerful graphic user interface (GUI) tool.
FOCA
Extract metadata from documents on websites to revealthe document creator's network logon and email address, information on IP addresses of internal devices, and more.
Whois
Gather IP and domain information.
netcat (command available on all *nix systems; can be downloaded for Windows platforms from the N MAP website)
Read and write data to ports over a network.
wget (command available on all *nix systems; can be downloaded for Windows platforms from Wget for Windows HTML site)
Retrieve HTTP, HTTPS, and FTP files over the Internet.
To find information about the key IT personnel responsible for a company's domain, you might use which of the following tools? a. Whois b.Whatis c. Domain Dossier d. Nbtslat
c. Domain Dossier
Which of the following enables you to view all host computers on a network? a. SOA b. ipconfig c. Zone Transfers d. HTTP HEAD method
c. Zone transfer.
Which of the following enables you to view all host computers on a network? a.S O A b.ipconfig c.Zone transfers d.HTTP HEAD method
c. Zone transfers Zone transfers enable an individual to view all host computers on a network. It basically gives an organization's network diagram.
What command-line tool can be used to harvest DNS information? a.dns-get b.dug c.dig d.axfer
c. dig The dig command-line tool can be used to harvest information.
A cookie can store information about a website's visitors. TRue or False?
true
Spear phishing
• Combines social engineering with exploiting vulnerabilities • Attack is directed at specific people in an organization • Comes from someone the recipient knows • Mentions topics of mutual interest
Footprinting (may also be called reconnaissance)
• Finding information on a company's network • Passive and nonintrusive
Many attackers do "case the joint"
• Look over the location • Find weaknesses in security systems • Determine what types of locks and alarm systems are used
Tactics used by social engineers
• Persuasion • Intimidation • Coercion • Extortion/blackmailing
Shoulder surfer
• Reads what users enter on keyboards • Logon names • Passwords • PINs
Techniques to gain information from unsuspecting people
• Urgency • Quid pro quo • Status quo • Kindness • Position
With just a URL, you can determine the following that a company is using:
• Web server • OS • Names of IT personnel
OSINT Framework
A collection of OSINT tools presented in an interactive web-basedmind map that organizes the information visually. You canexpand nodes to find collections of tools suited for the task youwant to accomplish.
HTTPS operates on port
443
HTTP operates on port _______
80
dig (Command available on all *nix systems;can be downloaded for Windows platforms from the BIND 9 website. dig is contained inthe BIND download, so download BIND.)
Perform DNS zone transfers; replaces the nslookup command.
Google Groups
Search for email addresses in technical or nontechnicalnewsgroup postings.
WayBackMachine
Search through previous versions of the website to uncover historical information about a target.
Spyse
Spyse is a cybersecurity search engine. You can use it to search entire domains or individual systems for vulnerabilities, IPs, DNS records, domains, and more. Spyse claims to be "themost complete Internet assets registry for every cybersecurity professional."
Zed Attack Proxy
This is a useful website analysis tool that can crawl throughremote websites and even produce a list of vulnerabilities for aremote website.
Domain Dossier
This web tool is useful in gathering IP and domain information (including whois, DNS, and traceroute).
Google and Google HackingDatabase (GHDB), also called Google Dorks
Uncover files, systems, sites, and other information about a target using advanced operators and specially crafted queries. Some of these queries can be found at.
Netcraft Site Report
Uncover the underlying technologies that a website operates on.
TheHarvester
Used for finding email addresses, subdomains, IPs, URLs, employee names, and more. This is a command line only tool.
Which of the following contains host records for a domain? a. DNS b. WINS c. Linux server d. UNIX web clients
a. DNS
Which of the following is a fast and easy way to gather information about a company? a. Conduct port scanning b. Perform a zone transfer of the company's DNS server c. view the company's website. d. Look for company ads in public publications.
c. View the company's website
Which of the following is a good website for gathering information on a domian? a. www.google.com b. whois.domaintools.com at https://centralops.net/co/ c. www.arin.net d. All of the above
d. All of the above.
To determine a company's primary DNS server, you can look for a DNS server containing which of the following? a.Cname record b.Host record c.PTR record d.S O A record
d. S O A record To determine a company's primary DNS server, you can look for a DNS server containing a Start of Authority (S O A) record.
_____ is one of the components most vulnerable to network attacks. a.TCP/IP b.WINS c.DHCP d.DNS
d.DNS DNS is the network component responsible for resolving hostnames to IP addresses and vice versa. It is a major area of potential vulnerability for network attacks.