Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Choose three (3) tools that will yield information potentially useful for a pene

ID: 3745197 • Letter: C

Question

Choose three (3) tools that will yield information potentially useful for a penetration test. This information must be fundamentally different than previous tools, e.g.; not just another WHOIS tool. Use the lists at: http://osintframework.com/ and/or http://www.subliminalhacking.net/2012/12/27/osint-tools-recommendations-list/ for some tool ideas.

Tool 1:

Name: __________________________

Type of information found: ________________________________________________

How could this be useful in a penetration test? __________________________________

Tool 2:

Name: __________________________

Type of information found: ________________________________________________

How could this be useful in a penetration test? __________________________________

Tool 3:

Name: __________________________

Type of information found: ________________________________________________

How could this be useful in a penetration test? __________________________________

Firm 2:

Name: ______________

Corp. HQ addr: _____________.

Source: __________________

Website: _________________

IP range: __________________.

Source (which WHOIS site?): ____________________

Other domains owned: (Hint: Use a google search to find tools to do this reverse lookup): ______________________, ________________, ________________

Source (which tools did you use?) _____________________

Subdomains on the main website: ______________________, ____________________, __________________, ________________________

Source (which tools did you use?) _____________________

Mail servers: ___________________, ______________________

Does this company host its own mail? _______________.

How do you know? ______________

Explanation / Answer

Tool 1

Name: - Wireshark

Types of information found: This is a network protocol analyzer and effective at providing minute details network protocols, decryption and even packet information.

How this tool could be useful: the information that is retrieved by this tool can be viewed in a GUI mode or through the TShark utility. This tool is good at finding out the vulnerabilities such as SQL injection, buffer overflow, etc. This tool can easily detect and exploit several vulnerabilities.

Tool 2

Name: - Metasploit

Types of information found: this tool is used by PERL. This is one of the widely used penetration testing tools. It provides several ways to figure out vulnerabilities and allow security tester to make changes.

How this tool could be useful: It helps in building Web-based support and also Java GUI. This tool supports lots of exploits and payload such as reverse shell. Moreover, this tool has a built-in sniffer such that it can check the DNS server and also the access points and thereby facilitating attacks.

Tool 3

Name: - W3AF

Types of information found: this is by far the latest tool for application testing from the developers to find out the vulnerabilities. This tool is easier to handle and even effective at finding Web application vulnerabilities.

How this tool could be useful: the tool has got lots of features such as proxy, adding custom headers to request, local DNS cache, cookie handling. Moreover, framework parameter can be saved in a file using its feature and replicate an attack scenario.

Firm 2:

Name: Google

Corp. HQ addr: Mount View, California, United States

Source: www.google.com

Website: www.google.com

IP range: 64.233.160.0 to 64.233.191.255

Source: www.lifewire.com

Other domains own: www.google.co.in, www.google.co.uk, www.google.cn, www.google.co.au

Source (which tool did you use): Metasploit

Mail Servers: yes, Google has their own public mail servers.

Does this company host its own mail: Yes the company hosts its own mail.

How do you know: Every organization uses their own mail servers for internal communication. This will ensure secure communication between employees. Since the mail servers are using domain name these mail servers can be hosted along with the DNS server within the company’s network.

Related Questions

Choose the situation that matches the concept. The price at which the firm will
Question #2438949
Choose the situation that matches the concept. The price at which the firm will
Question #2438952
Choose the socrect statement regarding a paraliel plate capacitor 10.AO The capa
Question #1730944
Choose the statement below that is TRUE O A solution wil torm between two substa
Question #1024557
Choose the statement below that is TRUE. A solution will form between two substa
Question #526082
Choose the statement that best describes glycolysis. A cyclic series of reaction
Question #34086
Choose the statement that correctly describes the rotation and revolution of Mer
Question #114689
Choose the statement that correctly describes the rotation and revolution of Mer
Question #114801
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Choose three (3) of the topics below , do a little research to find out more abo
Next
Choose three companies. Post your thoughts on why you believe the first builds c

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.