02 CEH: Footprinting & Reconnaissance

Which Google Hacking operator displays web pages stored in the Google cache?

cache

What tool allows you to create a custom wordlist based on the content of one or more webpages?

cewl

What is WhitePages used for?

People searching

What is pipl used for?

People searching

What is the Regional Internet Registry for Europe and the Middle East?

RIPE NCC

What type of DNS record's purpose is to map a *responsible person*?

RP record

What 2 tools does the material recommend for finding IP geolocation information?

1. IP2Location 2. IP Location Finder

Which *OSRFramework tool* allows an attacker to check for a user profile on up to 290 platforms (social media, etc.)?

usufy.py

What 3 tools does the material recommend for extracting metadata from various types of files (pdf, doc, xls, ppt, docx, pptx, xlsx, etc.)

1. Metagoofil 2. Exiftool 3. Web Data Extractor

What are the 2 Usenet newsgroups the material recommends for finding valuable information about the target organization?

1. Newshosting 2. Eweka

What 3 tools does the material recommend for extracting linked images, scripts, iframes, and URLs of a target website?

1. Octoparse 2. Netpeak Spider 3. Link Extractor

What 2 tools/services does the material recommend for spidering target websites to collect information about the target organization, like employee names and email addresses?

1. Web Data Extractor 2. ParseHub

What are the 4 email tracking tools recommended by the material?

1. eMailTrackerPro 2. Infoga 3. Mailtrack 4. PoliteMail

What is Intelius used for?

People searching

What 4 tools/services does the material recommend for footprinting the technologies behind websites?

1. BurpSuite 2. Zaproxy 3. Wappalyzer 3. Website Informer

What 3 tools does the material recommend for downloading a website into a local directory, recursively building all directories, HTML, images, flash, videos, and other files from the server to your computer?

1. HTTRack 2. Web Site Copier 3. NCollector Studio

What is the extension of Cisco VPN configuration files?

.pcf

What is Dice?

A job site service

What DNS enumeration tool can query a target domain for MX and NS records, perform an Authoritative Transfer (AXFR) query to discover subdomains, and can brute force subdomains using the top 20,000 subdomains from the Alexa Top 1 Million subdomains list? This tool also includes an email enumeration feature that can use search engines, the Email Hunter service, and the haveibeenpwned API.

Bluto

What tool provides Internet security services, including anti-fraud and anti-phishing services, application testing, and PCI testing?

Netcraft

What type of DNS record is a service record?

SRV record

Which of the following utilities is used by Recon-Dog to detect technologies existing in the target system? 1. Whois lookup 2. wappalyzer.com 3. shodan.io 4. findsubdomains.com

wappalyzer.com

What is netcraft.com used for?

Subdomain discovery

What is sublist3r used for?

Subdomain discovery

Which *OSRFramework tool* allows an attacker to check for the existence of a series of phones?

phonefy.py

What Google Hacking operator lists web pages that are similar to the specified web page?

related:<web page>

Which *OSRFramework tool* allows an attacker to query the included OSRFramework-included platforms (Github, Twitter, etc.)?

searchfy.py

Which Google Hacking operator restricts the results to those websites in the given domain?

site

What Google search query can you use to find mail lists dumped on pastebin.com?

site:pastebin.com intext:*@*.com:*

What tool does the material recommend for finding other domains that share the same web server?

Reverse IP Domain Check

What DNS record types indicates the authority for a domain of the target DNS server?

SOA

What type of DNS record's purpose is to indicate the authority for a domain?

SOA record

What flag of Sublist3r allows the user to specify a comma-separated list of search engines?

-e

What kind of *footprinting* involves gathering information about a target *with direct interaction*?

Active footprinting

What 2 tools does the material recommend for performing user-directed spidering of websites?

1. BurpSuite 2. WebScarab

What is theHarvester used for?

1. Gathering email addresses 2. LinkedIn enumeration

What 2 tools does the material recommend for locating the network range of the target organization?

1. The ARIN Whois database search tool 2. Regional Internet Registry (RIR)

What 2 tools does the material recommend for monitoring websites for updates and changes?

1. WebSite-Watcher 2. VisualPing

Which of the following is the Google dork that helps an attacker find the configuration pages for online VoIP devices? 1. intitle:"Login Page" intext:"Phone Adapter Configuration Utility" 2. intitle:"SPA504G Configuration" 3. intitle:"Sipura.SPA.Configuration" -.pdf 4. inurl:/voice/advanced/ intitle:Linksys SPA configuration

3. intitle:"Sipura.SPA.Configuration" -.pdf

Which of the following Google dorks is used by an attacker to find Cisco VPN client passwords? 1. filetype:pcf "cisco" "GroupPwd" 2 .filetype:pcf vpn OR Group 3. "Config" intitle:"Index of" intext:vpn 4. "[main]" "enc_GroupPwd=" ext:txt

4. "[main]" "enc_GroupPwd=" ext:txt

What is Crunchbase?

A business profile site

What is opencorporates?

A business profile site

What is Simply Hired?

A job site service

What type of DNS record's purpose is to serve as a canonical hostname to an IP address, allowing multiple alias hostnames to map to a particular IP address?

CNAME record

What is the Regional Internet Registry for Africa?

AFRINIC

What is the Regional Internet Registry for Asia and Australia?

APNIC

What is the Regional Internet Registry for the United States and Canada?

ARIN

What subdomain discovery tool uses the Alexa Top 1 Million subdomains list?

Bluto

What is ExoneraTor used for?

Browsing and searching the deep and dark web

What is Tor Browser used for?

Browsing and searching the deep and dark web

What tool is an advanced social search engine that displays shared activity across all major social networks including Twitter, Facebook, LinkedIn, Google Plus, and Pinterest?

BuzzSumo

What tool does the material recommend for performing a reverse DNS lookup?

DNSRecon

What form of social engineering indicates looking for valuable information in the target's physical property?

Dumpster diving

What form of social engineering indicates unauthorized listening?

Eavesdropping

The purpose of *what* is to *monitor the delivery of emails to an intended recipient* for the purpose of gathering information about the recipient, such as their IP address, geolocation, browser, and operating system details?

Email tracking

What deep and dark web searching tool helps an attacker obtain information about official government or federal databases and navigate anonymously without being traced?

ExoneraTor

What tool is mainly used to find metadata and hidden information in the documents it scans?

Fingerprinting Organizations with Collected Archives (FOCA)

What is *MEDUSA* used for?

Gathering OSINT data from social media platforms

What is EmailSpider used for?

Gathering email addresses

What type of DNS record's purpose is to include information about a host, including CPU type and operating system?

HINFO record

What form of social engineering indicates pretending to be an authorized person?

Impersonation

What tool can perform DNS enumeration and uses Shodan to perform queries?

InstaRecon

What is the Regional Internet Registry for Mexico and South America?

LACNIC

What footprinting tool can be used to determine the relationships and real world links between people, groups of people, organizations, websites, Internet infrastructure, documents, etc.?

Maltego

What is *Hootsuite* used for?

Managing profiles across multiple social media platforms

What web services is a repository that contains a collection of user-submitted notes or messages on various subjects and topics?

NNTP Usenet newsgroups

What type of DNS record's purpose is to point to the domain's name server?

NS record

Which of the following features in FOCA allows an attacker to find more servers in the same segment of a determined address? 1. IP resolution 2. Web search 3. PTR scanning 4. DNS search

PTR scanning

What framework includes applications related to username checking, DNS lookups, information leaks research, deep web search, regular expressions extraction, etc.?

OSRFramework

What type of DNS record's purpose is to map an IP address to a hostname?

PTR record

What kind of *footprinting* involves gathering information about a target *without direct interaction*?

Passive footprinting

What traceroute tool delivers network route tracing with performance tests, DNS, Whois, and network resolution?

Path Analyzer Pro

What is BeenVerified used for?

People searching

What is PeekYou used for?

People searching

What is the web reconnaissance framework with independent modules and database interaction which provides an environment in which open source, web-based reconnaissance can be conducted?

Recon-ng

What tool allows you to discover a target user on various social networking sites, along with complete URLs?

Sherlock

What tool is used to search a vast number of social networking sites for a target username?

Sherlock

What form of social engineering indicates secret observing?

Shoulder surfing

What tool allows you to search for content in social networks in real-time and provides deep analytics data?

SocialSearcher

What type of DNS record's purpose is to include unstructured, arbitrary text?

TXT record

What service allows you to visit archived versions of websites?

The Internet Archive's Wayback Machine: https://archive.org

What is the subset of the deep web that enables anyone to navigate anonymously without being traced

The dark web

What is the network of web pages and contents that are hidden and unindexed and thus cannot be accessed using traditional web browsers and search engines?

The deep web

What traceroute tool identifies the geographical location of routers, servers, and other IP devices to give a visual representation of the route?

VisualRoute

What tool provides detailed tracking and analysis data of a website?

Web-Stat

What is the query and response protocol used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system?

Whois lookup

What Internet marketing company provides tools to assist sales representatives with researching target markets, planning territories, and generating new business leads?

ZoomInfo

What Google Hacking operator restricts the results to those websites containing all the search keywords in the title?

allintitle

What Google Hacking operator restricts the results to those containing all the search keywords in the URL?

allinurl

Which *OSRFramework tool* allows an attacker to check for the existence of a domain(s)?

domainfy.py

Which *OSRFramework tool* allows an attacker to use regular expressions to extract entities?

entify.py

Which Google Hacking operator filters the results for files that end in a particular extension?

filetype:<extension>

What Google Hacking operator presents some information that Google has about a particular web page?

info

What tool is used for gathering email account information from different public sources and checking whether an email was leaked using the haveibeenpwned.com API?

infoga

What Google Hacking operator restricts the results to documents containing the search keyword in the title?

intitle

What Google Hacking operator restricts the results to documents containing at least one of the search in the URL?

inurl

Which one of the following is a Google search query used for VoIP footprinting to extract Cisco phone details? 1. inurl:"NetworkConfiguration" cisco 2. inurl:"ccmuser/logon.asp" 3. intitle:"D-Link VoIP Router" "Welcome" 4. inurl:/voice/advanced/ intitle:Linksys SPA configuration

inurl:"NetworkConfiguration" cisco

What Google dork returns a list of FTP servers by IP address, which are mostly Windows NT servers with guest login capabilities?

inurl:~/ftp://193 filetype:(php | txt | html | asp | xml | cnf | sh) ~'/html'

What Google Hacking operator lists web pages that have links to the specified web page?

link:<web page>

What Google Hacking operator finds information for a specific location?

location

Which *OSRFramework tool* allows an attacker to check for the existence of a given email address?

mailfy.py

What tool does the material recommend for performing enumeration on LinkedIn?

theHarvester