Lesson 3- Footprinting and Gathering Intelligence

Question 1

What OSINT tool is useful for finding known vulnerabilities, default passwords especially on iOT devices

Answer 1

Shodan

Question 2

Name a common DNS Tool that can be used for Windows and Linux

Answer 2

Nslookup

Dig is the Linux tool only and good for reverse lookups

Question 3

What tool can I use for getting details on a company’s domain name such as address, contact numbers, etc.

Answer 3

WhoIS

Question 4

What are some tools for image searches and why are these important

Answer 4

TinEye
Google
Yandex
Bing

compromised images of target organization

Question 5

According to OWASP enumeration is also referred to as

Answer 5

Predictable Resource Location
File or Directory Enumeration

Question 6

What is used to identify unlinked URL’s or IP’s from a website to gain access to unprotected resources

Answer 6

Forced Browsing

typically a manual process

Question 7

Field in a digital signature allowing a host to be identified by multiple host names/subdomains

Answer 7

Subject Alternate Name
(SAN)

Question 8

Where can I find logs of Public Certificate Authorities (CA)

Answer 8

Certificate Transparency (CT) Framework

Question 9

What is the current model of validating a Digital Certificate

Answer 9

Using the Online Certificate Status Protocol (OCSP)

Question 10

What is a process where the web server must validate a certificate called

Answer 10

Stapling the Certificate

Question 11

What is the Linux tool that is great for discovering Metadata and Fingerprinting an organizations and what type of scripting does it use

Answer 11

Metagoofil and Python

flags
-d website - scan for docs
-t PDF - scan for pdf docs
-l 75 - search for 75 docs
-n 25 - download 25 docs
-o dirname - save downloads to dirname directory

Question 12

What is the Graphical OSINT tool (Windows only) that specializes in working with documents that have been downloaded

Answer 12

FOCA

requires a local SQL Server to store data

Question 13

________ in an intuitive tool that can search a company’s visible threat landscape and uses multiple methods such as Google Comodo Social media and banner Grabbing functionality using Shodan

Answer 13

theHarvester

theharvester -d website -b LinkedIn

Question 14

What tool is similar to theHarvester but more robust and uses dozens of different modules

Answer 14

Recon-ng

Modules Inlcude
Whois
PGP key search
Social Medial profiles associations
File crawler
DNS Record enumerator

also used Have | Been Pwnded database

Question 15

What is the CLI Tool that helps users visualize gathered OSINT Data and uses an extensive library. In addition what are these libraries called that automate the querying of public databases

Answer 15

Maltego and Transforms

Question 16

What is the search engine designed to locate and index IoT devices that are connected to the Internet

Answer 16

Shodan

Great for Recon to find IoT devices that can be exploited to gain access

Question 17

What is a common tool for website enumeration

Answer 17

Dirbuster

Question 18

T or F nslookup is not ideal for OSINT gathering since it is not easy to capture data in interactive mode

Answer 18

True
That is when you want to use DIG