MODULE 2: Footprinting & Reconnaissance Flashcards
Which Google advanced search operator displays the web pages stored in the google cache?
[cache:]
Which Google advanced search operator lists web pages that have links to the specified web page?
[link:]
Which Google advanced search operator lists web pages that are similar to the specified web page?
[related:]
Which Google advanced search operator presents some information that google has about a particular web page?
[info:]
Which Google advanced search operator restricts the results to those websites in the given domain?
[site:]
Which Google advanced search operator restricts the results to those websites containing all the search keywords in the title?
[allintitle:]
Which Google advanced search operator restricts the results to documents containing the search keyword in the title?
[intitle:]
Which Google advanced search operator restricts the results to those containing all the search keywords in the URL?
[allinurl:]
Which Google advanced search operator restricts the results to documents containing the search keyword in the url?
[inurl:]
Which Google advanced search operator finds results for a specific location?
[location:]
What is an authoritative source for querying the google search engine, contains a dynamic list of google dorks that hackers may find useful?
The Google Hacking Database (GHDB)
What tool can be used to perform enumeration of LinkedIn?
theHarvester
What tool can a hacker utilize to mirror an entire website for testing in an offline environment?
HTTrack
What website is referred to as a “Way-Back machine” that can be used to view old versions of websites as far back as 1996?
Archive.org
What tool allows hackers to compile word lists to use in brute force attacks from a target website?
CeWL
What type of databases are maintained by regional internet registries and contain personal information of domain owners?
Whois
Which regional internet registry is used for north America?
ARIN
What regional internet registry is used for France/Europe?
RIPE NCC
What type of records provide important information about the location and type of servers/hosts in a target network?
DNS Records
Match the DNS record type to its description:
- A Service Records
- MX Indicates authority for a domain
- NS Points to a host’s IP address
- CNAME Points to domain’s mail server
- SOA Responsible Person
- SRV Unstructured text records
- PTR Canonical naming allows aliases to a host
- RP Points to a hosts name server
- HINFO Maps IP address to a host name
- TXT Host information record, includes CPU and OS
- A 6. Service Records
- MX 5. Indicates authority for a domain
- NS 1. Points to a host’s IP address
- CNAME 2. Points to domain’s mail server
- SOA 8. Responsible Person
- SRV 10. Unstructured text records
- PTR 4. Canonical naming allows aliases to a host
- RP 3. Points to a hosts name server
- HINFO 7. Maps IP address to a host name
- TXT 9. Host information record, includes CPU and OS
Between (A) and (AAAA) DNS records, which one maps to a 32 bit IPv4 address vs. a 128 bit IPv6 address?
A - IPv4
AAAA - IPv6
What DNS record previously covered is also used to provide authentication of mail sent and received by the same email system?
TXT (SPF, DKIM)
What tool works on the concept of the ICMP protocol and the use of the TTL field in the header of ICMP packets to discover the routers on the path to a target host?
traceroute(nix)/tracert(win)
What tool can be used to determine the relationships and real world links between people, groups, organizations, websites, infrastructure, ect.?
Maltego
What search engine tool provides a full view of every server and device exposed to the internet?
Censys
