Footprinting and Reconnaissance

Question 1

What is Sherlock? (Software)

Answer 1

Sherlock is a tool to search a vast number of social networking sites for a target username. This tool helps the attacker to locate the target user on various social networking sites along with the complete URL

Question 2

What is BeRoot? (Software)

Answer 2

BeRoot is a post-exploitation tool to check for common misconfigurations which can allow an attacker to escalate their privileges.

Question 3

What is OpUtils? (Software)

Answer 3

SNMP enumeration protocol that helps to monitor, diagnose and troubleshoot IT resources.

Question 4

What is Passive Footprinting

Answer 4

Passive footprinting involves gathering information about the target without direct interaction. It is mainly useful when the information gathering activities are not to be detected by the target. Performing passive footprinting is technically difficult, as active traffic is not sent to the target organization from a host or anonymous hosts or services

Question 5

What is Active Footprinting?

Answer 5

Active footprinting involves gathering information about the target with direct interaction. In active footprinting, the target may recognize the ongoing information gathering process, as we overtly interact with the target network. Active footprinting requires more preparation than passive footprinting, as it may leave traces that may alert the target organization.

Question 6

What is Intelius? (Software)

Answer 6

Attackers can use the Intelius people search online service to search for people belonging to the target organization.

Question 7

What is TinEye? (Software)

Answer 7

A reverse image search service.

Question 8

What is Mention? (Software)

Answer 8

Mention is an online reputation tracking tool that helps attackers in monitoring the web, social media, forums, and blogs to learn more about the target brand and industry

Question 9

Which Google query can be used to find Cisco VPN client passwords?

Answer 9

“[main]” “enc_GroupPwd=” ext:txt

Question 10

Which Google query can be used to find configuration pages for online VoIP devices?

Answer 10

intitle:”Sipura.SPA.Configuration” -.pdf

Question 11

What is Professional Toolset? (Software)

Answer 11

Professional Toolset (https://tools.dnsstuff.com) and DNS Records (https://network-tools.com) are DNS footprinting tools

Question 12

What is Infoga? (Software)

Answer 12

Infoga is a tool used for gathering email account information from different public sources and it checks if an email was leaked using the haveibeenpwned.com API

Question 13

What is Octoparse? (Software)

Answer 13

Octoparse offers automatic data extraction, as it quickly scrapes web data without coding and turns web pages into structured data

Question 14

What is Metagoofil? (Software)

Answer 14

Metagoofil extracts metadata of public documents (pdf, doc, xls, ppt, docx, pptx, and xlsx) belonging to a target company

Question 15

What is an advanced Google search query that returns a list of FTP servers by IP address, which are mostly Windows NT servers with guest login capabilities?

Answer 15

inurl:~/ftp://193 filetype:(php | txt | html | asp | xml | cnf | sh) ~’/html’

Question 16

What is Shoulder Surfing?

Answer 16

Shoulder surfing is the technique of observing or looking over someone’s shoulder as he/she keys in information into a device. Shoulder surfing helps penetration tester to find out passwords, personal identification numbers, account numbers, and other information. Penetration tester sometimes even uses binoculars or other optical devices, or install small cameras to record actions performed on victim’s system, to obtain login details and other sensitive information.

Question 17

What is an advanced Google search query used for VoIP footprinting to extract Cisco phone details?

Answer 17

inurl:“NetworkConfiguration” cisco

Question 18

What is Recon-Dog?

Answer 18

Recon-dog is an all-in-one tool for all basic information gathering needs. It uses APIs to collect information about the target system.

Features:
Censys: Uses censys.io to gather a massive amount of information about an IP address.
NS lookup: Performs name server lookup
Port scan: Scans most common TCP ports
Detect CMS: Can detect 400+ content management systems
Whois lookup: Performs a Whois lookup
Detect honeypot: Uses shodan.io to check if the target is a honeypot
Find subdomains: Uses findsubdomains.com to find subdomains
Reverse IP lookup: Performs a reverse IP lookup to find domains associated with an IP address
Detect technologies: Uses wappalyzer.com to detect 1000+ technologies
All: Runs all utilities against the target

Question 19

Which flag do you pass to sublist3r to use custom search engines (comma delimited)?

Answer 19

-e

Question 20

Which feature in FOCA allows an attacker to find more servers in the same segment of a determined address?

Answer 20

PTR scanning