Chapter 1 Tool Questions

Which is a security oriented fuzzer that leverages compile-time instrumentation and generic algorithms to discover tests cases that trigger new code paths. A.) NETCAT B.) NESSUS C.) AFL D.) WiFite

Answer: AFL First tool to combine the techniques in a simple to use tool.

Which of the following is a cross-platform IDE for reverse-engineering (decompiling/editing) & recompiling of android application binaries within a single user-interface. A.) APK Studio B.) OWASP C.) SET D.) APL

Answer: APK Studio It features a friendly layout, with a code editor which support syntax highlighting for Android SMALI (*. smali) code files.

Which tool is a parallelized password cracker which supports numerous protocols to attack. It is very fast and flexible, and new modules are easy to add. A.) Kismet B.) Hydra C.) WhoIS D.) SET

Answer: Hydra Hydra works by using a set of methods to crack passwords using different approaches of generating possible passwords.

In addition to being a disassembler, which tool is also a powerful and versatile debugger. It supports multiple debugging targets and can handle remote applications, via a "remote debugging server". A.) IDA B.) APKX C.) DirBuster D.) Nmap

Answer: IDA The Interactive Disassembler is a disassembler for computer software which generates assembly language source code from machine-executable code. I

What tool provides a powerful new way to write exploits, analyze malware, and reverse engineer binary files. A.) Kismet B.) OllyDbg C.) Immunity Debugger D.) Imune Debug

Answer: Immunity Debugger

Which is a collection of Python classes for working with network protocols that is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself. A.) Impacket B.) CeWL C.) Censys D.) Impo

Answer: Impacket It is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itsel

Which tool is leading post-exploitation tool that dumps passwords from memory, as well as hashes, PINs and Kerberos tickets? A.) John the Ripper B.) Hashcat C.) SearchSploit D.) Mimikatz

Answer: Mimikatz Mimikatz is an open-source application that allows users to view and save authentication credentials like Kerberos tickets.

Which tool is a general-purpose command-line tool for reading, writing, redirecting, and encrypting data across a network? A.) NETCAT B.) Ncat C.) Shodan D.) proxychains

Answer: Ncat This is a computer networking utility for reading from and writing to network connections using TCP or UDP.

What tool is a Python wrapper to popular free dex converters and Java decompilers. Extracts Java source code directly from the APK. Useful for experimenting with different converters/decompilers without having to worry about classpath settings and command line args. A.) APKX B.) IDA C.) Mimikatz D.) AP

Answer: APKX What is an APX file? Image created by Ability Photopaint Studio, a drawing program included with Ability Office; support multiple editing layers as well as brushes, fills, shapes, and other standard raster graphic editing features; can be used for generating graphics used in Ability Write documents (. AWW files).

Which of the following is a a network software suite consisting of a detector, packet sniffer, WEP and WPA/WPA2-PSK cracker and analysis tool for 802.11 wireless LAN? Hint: Tool for auditing networks. A.) OWASP B.) Nikto C.) Aircrack-ng D.) YASCA

Answer: Aircrack-ng It focuses on different areas of WiFi security:

Social engineering toolkit that hooks the script with the browsers for further attacks. Once configured, the * page will be generated, which can then be used to make the target system as zombies. A.) YASCA B.) SET C.) GDB D.) BeEf

Answer: BeEf BeEf is another social engineering toolkit in BT5. BeEf is one of the perfect tools for pen-testers, providing practical client side attack vectors. BeEf hooks the script with the browsers for further attacks. Once the beef has been configured, the beef page will be generated, which can then be used to make the target system as zombies. There are various types of attacks which can be performed using BeEf, such as launching a Firefox based DOS attack, exploiting using MSF, redirecting the webpage to the fake page, logging the keystrokes, etc. Once the victim opens the malicious url (which is created by BeEf), the pen tester can harvest important pieces of information about the target machine, such as OS, Browser, its version, the key strokes which can be used to perform further attacks based on the browser or the OS. For example if the browser is IE 8, then pen testers can use the exploit like CSS Parser Exploit.

Which of the following is a integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities. A.) Recon-ng B.) NETCAT C.) BurpSuite D.) Nesses

Answer: Burp Suite Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.

Which tool is a password recovery tool for Microsoft Windows. It can recover many kinds of passwords using methods such as network packet sniffing, cracking various password hashes by using methods such as dictionary attacks, brute force and cryptanalysis attacks. A.) Cain and Abel B.) AFL C.) The Destroyer D.) APKX

Answer: Cain and Abel Cain and Abel (often abbreviated to Cain)

Which tool spiders a given url to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Ripper. A.) CeWL B.) BurpSuite C.) sqlmap D.) Maltego

Answer: CeWL It is a ruby app which spiders a given url to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Ripper.

Which tool is a public search engine that enables researchers to quickly ask questions about the hosts and networks that compose the Internet? A.) Nessus B.) WHOIS C.) Censys D.) Nmap

Answer: Censys Censys scans the most ports and houses the biggest certificate database in the world, to provide the freshest and most thorough view of your assets; both known and unknown.

Which tool would you use to scan ports to determine both known and unknown assets? A.) Nessus B.) Censys C.) Nmap D.) Censys

Answer: Censys Censys scans the most ports and houses the biggest certificate database in the world.

Which tool is a multi threaded java application designed to brute force directories and files names on web/application servers. A.) Mimikatz B.) DirBuster C.) SnarQuebe D.) APKX

Answer: DirBuster DirBuster is an application within the Kali arsenal that is designed to brute force web and application servers.

Which tool enables scanning for security vulnerabilities in Android applications by taking the role of a native Android application and interacting with the Dalvik Virtual? A.) Windbg B.) Drozer C.) DirBuster D.) OllyDbg

Answer: Drozer Drozer is a framework for Android security assessments developed by MWR Labs. This provides tools to help you use, share and understand public Android exploits.

This tool is similar to Metasploit, but specific to PowerShell? A.) Empire B.) Mimikatz C.) Pass the hash D.) Responder

Answer: Empire According to the official website, Empire is "a pure PowerShell post-exploitation agent built on cryptologically-secure communications and a flexible architecture. Empire implements the ability to run PowerShell agents without needing powershell.exe, rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz, and adaptable communications to evade network detection, all wrapped up in a usability-focused framework." Basically, Empire is a tool that is similar to Metasploit but specific to PowerShell. It allows you to run PowerShell scripts in memory and make a connection back to your machine.

Which tool is used mainly to find metadata and hidden information in the documents its scans? A.) Shodan B.) FOCA C.) Maltego D.) Hydra

Answer: FOCA (Fingerprinting Organizations with Collected Archives)

What is the SpotBugs plugin for security audits of Java web applications. A.) FindBugs/find-sec-bugs B.) Bugger C.)BeEF D.) APK

Answer: FindBugs/find-sec-bugs The SpotBugs plugin for security audits of Java web applications. It can detect 135 different vulnerability types with over 816 unique API signatures. Extensive references are given for each bug patterns with references to OWASP Top 10 and CWE.

What tool allows you to see what is going on `inside' another program while it executes -- or what another program was doing at the moment it crashed? A.) Imune Debug B.) Immunity Debugger C.) Kismet D.) GDB

Answer: GDB GDB can do four main kinds of things (plus other things in support of these) to help you catch bugs in the act: Start your program, specifying anything that might affect its behavior. Make your program stop on specified conditions. Examine what has happened, when your program has stopped. Change things in your program, so you can experiment with correcting the effects of one bug and go on to learn about another.

Which tool is password recovery tool and is also considered to be a password cracker? A.) Hashcat B.) Drozer D.) Peach C.) DirBuster

Answer: Hashcat Hashcat is a password recovery tool. It had a proprietary code base until 2015, but is now released as open source software. Versions are available for Linux, OS X, and Window

What tool a password cracking tool? A.) John the Ripper B.) Wireshark C.) Nikto D.) Proxychains

Answer: John the Ripper This is a free password cracking software tool. Originally developed for the Unix operating system.

Which is a multipurpose debugger for the Microsoft Windows computer operating system, distributed by Microsoft? A.) WinDbg B.) DBG C.) Drozer D.)WinWat

Answer: WinDbg WinDbg is a kernel-mode and user-mode debugger that is included in Debugging Tools for Windows.

Which of the following is a 802.11 layer2 wireless network detector, sniffer, and intrusion detection system? A.) Kismet B.) Hydra C.) Nslookup D.) SonarQube

Answer: Kismet Kismet is a wireless network and device detector, sniffer, wardriving tool, and WIDS (wireless intrusion detection) framework. Kismet works with Wi-Fi interfaces, Bluetooth interfaces, some SDR (software defined radio) hardware like the RTLSDR, and other specialized capture hardware

Which tool is software used for open-source intelligence and forensics? Hint: It is an interactive data mining tool that renders directed graphs for link analysis. A.) Patator B.) Hashcat C.) OllyDbg D.) Maltego

Answer: Maltego Maltego is a software used for open-source intelligence and forensics, developed by Paterva. Maltego focuses on providing a library of transforms for discovery of data from open sources, and visualizing that information in a graph format, suitable for link analysis and data mining.

Which tool can perform brute force testing and is a speedy parallel login brute forcer? A.) Medusa B.) Hashcat C.) Mimikatz D.) Ncat

Answer: Medusa Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer.

Which is a remote security scanning tool which scans a computer and raises an alert if it discovers any vulnerabilities that malicious hackers could use to gain access to any computer you have connected to a network. A.) WiFite B.) Hping C.) Nikto D.) Nessus

Answer: Nessus Nessus is a remote security scanning tool, which scans a computer and raises an alert if it discovers any vulnerabilities that malicious hackers could use to gain access to any computer you have connected to a network. It does this by running over 1200 checks on a given computer, testing to see if any of these attacks could be used to break into the computer or otherwise harm it.

Which tool will test a web server in the quickest time possible, and is obvious in log files or to an IPS/IDS. A.) IDA B.) Burp Suite C.) WHOIS D.) Nikto

Answer: Nikto

Which is an Open Source Web Server Scanner that can perform comprehensive tests against web servers for multiple items such as dangerous files, programs and outdated versions of a server?? A.) AFL B.) Hydra C.) Nikto D.)NMAP

Answer: Nikto: Nikto is not designed as a stealthy tool. It will test a web server in the quickest time possible, and is obvious in log files or to an IPS/IDS. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.

Which is a free and open-source network scanner used to discover hosts and services on a computer network by sending packets and analyzing the responses. A.) Patator B.) Ncat C.) NETCAT D.) Nmap

Answer: Nmap Nmap (Network Mapper) is a free and open-source network scanner created by Gordon Lyon (also known by his pseudonym Fyodor Vaskovich). Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses.

Which tool is a network administration command-line tool available for querying the Domain Name System to obtain domain name or IP address mapping, or other DNS records. A.) Censys B.) FOCA C.) W3AF D.) NsLookup

Answer: NsLookup Nslookup is a simple but very practical command-line tool, which is principally used to find the IP address that corresponds to a host, or the domain name that corresponds to an IP address (a process called "Reverse DNS Lookup"). ...

Which tool stands for "name server look up." A.) Nessus B.) Nmap C.) Nslookup D.) Nikto

Answer: Nslookup The name nslookup stands for "name server look up."

Which of the following is an open-source web application security scanner. It is intended to be used by both those new to application security as well as professional penetration testers. A.) OWASP ZAP B.) WHOIS C.) Sqlmap D.) Maltego

Answer: OWASP ZAP (short for Zed Attack Proxy) The world's most popular free, open source web security tool.

What tool is an x86 debugger that emphasizes binary code analysis, which is useful when source code is not available. It traces registers, recognizes procedures, API calls, switches, tables, constants and strings, as well as locates routines from object files and libraries. A.) Kismet B.) WiFite C.) OllyDbg D.) Burp Suite

Answer: OllyDbg OllyDbg is commonly used by malware analysts and reverse engineers because it's easy to use and it has many plug-ins that extend its capabilities.

Which tool is a full feature-vulnerability scanner which can perform comprehensive security testing of an IP address. A.) OpenVas B.) Hashcat C.) OllyDbg D.) Ncat

Answer: OpenVas OpenVAS (Open Vulnerability Assessment System, originally known as GNessUs) is a software framework of several services and tools offering vulnerability scanning and vulnerability management.

Which tool is a multi-purpose brute-forcer, with a modular design and a flexible usage. A.) Patator B.) OWASP ZAP C.) Responder D.) Prey

Answer: Patator Patator was written out of frustration from using Hydra, Medusa, Ncrack, Metasploit modules and Nmap NSE scripts for password guessing attacks.

Which of the following is a automated security testing platform that prevents zero-day attacks by finding vulnerabilities in hardware and software? A.) Drozer B.) Peach C.) GDB D.) Patator

Answer: Peach The Peach Fuzzer Platform, paired with our industry-focused Peach Pits, can test virtually any system for unknown vulnerabilities. From common test targets to complex proprietary systems, Peach Fuzzer is up for the job. "PEACH PITS" Select a prewritten test definition to get fuzzing today. Or, create your own Peach Pits to fuzz proprietary systems, software, and protocols.

What is a series of Microsoft PowerShell scripts that can be used in post-exploitation scenarios during authorized penetration tests? A.) SearchSploit B.) PowerSploit C.) PowerFul D.) Peach

Answer: PowerSploit PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment.

What tool forces any TCP connection made by any given application. to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy. A.) NETCAT B.) Aircrack-ng C.) Drozer D.) ProxyChains

Answer: ProxyChains ProxyChains is a UNIX program, that hooks network-related libc functions in dynamically linked programs via a preloaded DLL and redirects the connections.

Which tool is a full-featured Web Reconnaissance framework written in Python? Hint: Similar interface to Metasploit and is complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion. A.) Metasploit B.) Recon-ng C.) Censys D.) OpenVas

Answer: Recon-ng Recon-ng is a full-featured Web Reconnaissance framework written in Python. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can be conducted quickly and thoroughly.

What is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication. Hint: You can use the tool to essentially say 'yeah, this is me' to all of the LLMNR and NBT-NS requests that you see, and then traffic will be directed to you. A.) Responder B.) Reco C.) PowerSploit D.) WinDbg

Answer: Responder Responder is a great tool that every pentester needs in their arsenal. If a client/target cannot resolve a name via DNS it will fall back to name resolution via LLMNR (introduced in Windows Vista) and NBT-NS. Now, assuming we have Responder running we will essentially say 'yeah, this is me' to all of the LLMNR and NBT-NS requests that we see, and then traffic will be directed to us. If you want to target a specific IP/range of IPs, you can edit Responder.conf and change the RespondTo argument

What is a toolkit used for social engineering? A.) YASCA B.) Sonar C.) SET D.) SearchSploit

Answer: SET The Social-Engineer Toolkit (SET) is specifically designed to perform advanced attacks against the human element. SET was designed to be released with the https://www.social-engineer.org launch and has quickly became a standard tool in a penetration testers arsenal.

Which tool is a cryptographic network protocol for operating network services securely over an unsecured network? A.) NETCAT B.) SSH C.) Telnet D.) RDP

Answer: SSH Typical applications include remote command-line, login, and remote command execution, but any network service can be secured with SSH. It is a method for secure remote login from one computer to another.

What tool gives you the power to perform detailed offline searches through your locally checked-out copy of the repository? Hint: It is a command-line search tool for Exploit-DB, which also allows you to bring a copy of Exploit-DB with you. A.) APK B.) SearchSploit C.) Drozer D.) Searcher

Answer: SearchSploit "Searchsploit" is a command-line search tool for Exploit-DB, which also allows you to bring a copy of Exploit-DB with you. SearchSploit provides you with the ability to perform detailed offline searches in locally saved repositories.This capability is particularly useful for security assessment of the network without Internet access. Many vulnerabilities contain links to binary files that are not included in the standard repository but can be found in our Exploit-DB binaries.

Which tool is a search engine that lets the user find specific types of computers connected to the internet using a variety of filters. Some have also described it as a search engine of service banners, which are metadata that the server sends back to the client A.) Shodan B.) Recon-ng C.) TheHarvester D.) Nmap

Answer: Shodan Shodan is a search engine for Internet-connected devices.

Which of the following is an open-source platform for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages. A.) W3af B.) SonarQube C.) Censys D.) Son

Answer: SonarQube Formerly Sonar) is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages.

What tool is an open source software that is used to detect and exploit database vulnerabilities and provides options for injecting malicious codes into them? A.) Kismet B.) FOCA C.) Shodan D.) Sqlmap

Answer: Sqlmap It is a penetration testing tool that automates the process of detecting and exploiting SQL injection flaws providing its user interface in the terminal.

What is a Ruby-based, modular penetration testing platform that enables you to write, test, and execute exploit code. Hint: At its core, the Framework is a collection of commonly used tools that provide a complete environment for penetration testing and exploit development. A.) Ruby B.) Impacket C.) Responder D.) Metasploit

Answer: The Metasploit Framework The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is owned by Boston, Massachusetts-based security company Rapid7. The world's most used penetration testing framework

Which tool allows you to gather information like emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers, and SHODAN computer database. A.) Shodan B.) Recon-ng C.) theHarvester D.) Hping

Answer: TheHarvester this tool was developed in python.

Which tool is an open-source web application security scanner? A.) W3af B.) Nmap C.) Medusa D.) GDB

Answer: W3af w3af (web application attack and audit framework) is an open-source web application security scanner. The project provides a vulnerability scanner and exploitation tool for Web applications. It provides information about security vulnerabilities for use in penetration testing engagements. The scanner offers a graphical user interface and a command-line interface.

Which tool is a query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block or an autonomous system. A.) Wireshark B.) Recon-ng C.) NsLookup D.) WHOIS

Answer: WHOIS A WHOIS lookup is a way for you to search the public database for information about a specific domain, such as the expiration date, current registrar, registrant information, etc.

What is the "set it and forget it" wireless auditing tool?

Answer: WiFite

which of the following is an automated wireless attack tool? A.) WiFite B.) BeFT C.) Responder D.) Patator

Answer: WiFite To attack multiple WEP, WPA, and WPS encrypted networks in a row. This tool is customizable to be automated with only a few arguments. Wifite aims to be the "set it and forget it" wireless auditing tool.

Which tool is a network protocol analyzer? A.) Empire B.) OllyDbg C.) Wireshark D.) Nessus

Answer: Wireshark Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, the project was renamed Wireshark in May 2006 due to trademark issues.

What is an open-source tool that can help you analyze program source code. ▫ It leverages several static analysis tools. A.) YASCA B.) CeWL C.) TheHarvester D.) Niko

Answer: YASCA Yasca can scan source code written in Java, C/C++, HTML, JavaScript, ASP, ColdFusion, PHP, COBOL, .NET, and other languages

Which tool is a command-line oriented TCP/IP packet assembler/analyzer. Hint: Its a free packet generator and analyzer for the TCP/IP protocol distributed. A.) Hping B.) WinDbg C.) Anali D.) DirBuster

Answer: hping Hping is a free TCP/IP packet generator and analyzer created by Salvatore Sanfilippo (also known as Antirez) that is similar to the ping utility; however, it has more functionality than the sending of a simple ICMP echo request that ping is usually used for. Hping can be used to send large volumes of TCP traffic at a target while spoofing the source IP address, making it appear random or even originating from a specific user-defined source.