Passive Information Gathering

Question 1

What is whois?

Answer 1

Whois is a TCP service, tool, and a type of database that can provide information about a domain name, such as the name server and registrar. This information is often public since registrars charge a fee for private registration.

Question 2

How to gather basic information about website “megacorpone.com” using whois?

Answer 2

whois megacorpone.com

Question 3

How to do whois reverse lookup?

Answer 3

whois ip address

Question 4

How to search with site operator “megacorpone.com”?

Answer 4

site: megacorpone.com

Question 5

How to declare PHP filetype for searching in google?

Answer 5

filetype:php

Question 6

How to search in google for php file on domain megacorpone.com?

Answer 6

site:megacorpone.com filetype:php

Question 7

What SIEM mean?

Answer 7

Security Information and Event Management.

Question 8

What is SIEM tools designed for?

Answer 8

Monitor applications and network traffic for malicious activities. Usually these tools are only available on internal networks.

Question 9

How to find interesting non-HTML pages on megacorpone.com?

Answer 9

site:megacorpone.com -filetype:html

Question 10

What is the exclude operator in Google Hacking?

Answer 10

-

Question 11

How to use Google to find directory listings?

Answer 11

intitle: “index of” “parent directory”

Question 12

What is GHDB?

Answer 12

Google Hacking Database

Question 13

What is netcraft?

Answer 13

Netcraft is an Internet services company based in England offering a free web portal that performs various information gathering functions. The use of services such as those offered by Netcraft is considered a passive technique since we never interact with our target directly.

Question 14

What is recon-ng?

Answer 14

recon-ng is a module-based framework for web-based information gathering. Recon-ng displays the results of a module to the terminal but it also stores them in a database. Much of the power of recon-ng lies in feeding the results of one module into another, allowing us to quickly expand the scope of our information gathering.

Question 15

How to start recon-ng?

Answer 15

recon-ng

Question 16

How to search recon-ng marketplace for GitHub modules?

Answer 16

marketplace search github

Question 17

How to get information on a module with path recon/domains-hosts/google_site_web on recon-ng?

Answer 17

marketplace info recon/domains-hosts/google_site_web

Question 18

How to install a module on recon-ng with path recon/domains-hosts/google_site_web?

Answer 18

marketplace install recon/domains-hosts/google_site_web

Question 19

How to load module in recon-ng with path recon/domains-hosts/google_site_web?

Answer 19

[recon-ng][default] > modules load recon/domains-hosts/google_site_web

Question 20

How to set a source “megacorpone.com” in recon-ng?

Answer 20

[recon-ng][default][google_site_web] > options set SOURCE megacorpone.com
SOURCE => megacorpone.com

Question 21

How to run a module in recon-ng?

Answer 21

[recon-ng][default][google_site_web] > run

Question 22

How to show hosts in recon-ng?

Answer 22

[recon-ng][default] > show hosts

Question 23

How to obtain module information for recon/hosts-hosts/resolve?

Answer 23

[recon-ng][default] > marketplace info recon/hosts-hosts/resolve

Question 24

How to install the resolve module with path recon/hosts-hosts/resolve?

Answer 24

[recon-ng][default] > marketplace install recon/hosts-hosts/resolve

Question 25

How to install and view recon/hosts-hosts/resolve?

Answer 25

[recon-ng][default] > modules load recon/hosts-hosts/resolve

[recon-ng][default][resolve] > info

Question 26

How to show hosts after multiple modules using recon-ng?

Answer 26

[recon-ng][default][resolve] > show hosts

Question 27

What is shodan?

Answer 27

Shodan is a search engine that crawls devices connected to the Internet including but not limited to the World Wide Web. This includes the servers that run websites but also devices like routers and IoT devices.

Question 28

How to search MegaCorp One’s domain with Shodan?

Answer 28

hostname:megacorpone.com

Question 29

How to check if MegaCorp One servers running SSH using Shodan?

Answer 29

hostname: megacorpone.com port:”22”

Question 30

What Security Headers do?

Answer 30

Analyze HTTP response headers and provide basic, analysis of the target site’s security posture.

Question 31

What SSL Server Test do?

Answer 31

This tool analyzes a server’s SSL/TLS configuration and compares it against current best practices. It will also identify some SSL/TLS related vulnerabilities, such as Poodle or Heartbleed.

Question 32

What is Pastebin?

Answer 32

Pastebin is a website for storing and sharing text. Many people use Pastebin because it is ubiquitous and simple to use. But since Pastebin is a public service, we can use it to search for sensitive information.

Question 33

What theHarvester do?

Answer 33

Gathers emails, names, subdomains, IPs, and URLs from multiple public data sources.

Question 34

What option ‘-d’ do in theHarvester?

Answer 34

Specify target domain.

Question 35

What option ‘-b’ do in theHarvester?

Answer 35

Set the data source to search.

Question 36

How to run theHarvester on megacorpone.com and set the data source to search as google?

Answer 36

theharvester -d megacorpone.com -b google

Question 37

How to use theHarvester to enumerate emails addresses for megacorpone.com?

Answer 37

theHarvester -d megacorpone.com -b google.com

Question 38

What is TLD?

Answer 38

Top Level Domain

Question 39

How to use harvester to search megacorpone.com through baidu?

Answer 39

theHarvester -d megacorpone.com -b baidu

Question 40

How to use harvester to search megacorpone.com through LinkedIn?

Answer 40

theHarvester -d megacorpone.com -b linkedin

Question 41

How to use harvester to search megacorpone.com through twitter?

Answer 41

theHarvester -d megacorpone.com -b twitter

Question 42

How to use harvester to search megacorpone.com through virustotal?

Answer 42

theHarvester -d megacorpone.com -b virustotal

Question 43

How to use harvester to search megacorpone.com through netcraft?

Answer 43

theHarvester -d megacorpone.com -b netcraft

Question 44

How to use harvester to search megacorpone.com through yahoo?

Answer 44

theHarvester -d megacorpone.com -b yahoo

Question 45

What is Social-Searcher?

Answer 45

Social-Searcher is a search engine for social media sites. A free account will allow a limited number of searches per day. Social-searcher can be a quick alternative to setting up API keys on multiple more specialized services.

Question 46

What Twofi do?

Answer 46

Twofi scans a user’s Twitter feed and generates a personalized wordlist used for password attacks against that user. While we will not run any attacks during passive information gathering, we can run this tool against any Twitter accounts we have identified to have a wordlist ready when needed. Twofi requires a valid Twitter API key.

Question 47

What is linkedin2username?

Answer 47

linkedin2username is a script for generating username lists based on LinkedIn data. It requires valid LinkedIn credentials and depends on a LinkedIn connection to individuals in the target organization. The script will output usernames in several different formats.

Question 48

What is Stack Overflow?

Answer 48

Stack Overflow is a website for developers to ask and answer coding related questions.

Question 49

What OSINT Framework includes?

Answer 49

OSINT Framework includes information gathering tools and websites in one central location. Some tools listed in the framework cover more disciplines than information security.

Question 50

What is Maltego?

Answer 50

Maltego is a very powerful data mining tool that offers an endless combination of search tools and strategies.

Question 51

What Maltego do?

Answer 51

Maltego searches thousands of online data sources, and uses extremely clever “transforms” to convert one piece of information into another.