The 5 stages of ethical hacking + passive reconnaissance Flashcards
What are the 5 stages of ethical hacking?
1) Reconnaisance (active and passive)
2) Scanning & enumeration
3) Gaining access
4) maintaining access
5) covering tracks
What website can you find public bug bounties on?
bugcrowd.com
Name the 4 main assessments in web/host assessment
target validation
finding subdomains
fingerprinting
data breaches
Name 3 target (web/host) validation tools (web/host assessment)
WHOIS
nslookup
dnsrecon
Name 3 subdomain searching tools (web/host assessment)
google Fu
dig
Nmap
Sublist3r
Bluto
crt.sh
Name 5 fingerprinting tools (web/host assessment)
Nmap
Wappalyzer
WhatWeb
BuiltWith
Netcat
Name 3 data breaches tools (web/host assessment)
HaveIBeenPwned
Breach-Parse
WeLeakInfo
Name 4 email address discovering tools
hunter.io
phonebook.cz
voilamorbert.com
clearbit.com
How to discover email addresses? (3 steps)
- google search person if looking for specific person in company
- phonebook.cz / hunter.io -> try to identify the formatting of the email, then try to find person / gestimate
- take email and verify at tools.emailhippo.com or email-checker.net/validate
What is the Breach-parse tool?
CLI program from heath self to find breached info about people
What is one of the best websites to search for breached info?
DeHashed
What website can dehash a hashed password?
hashes.org -> but doesn’t always work
what’s the CLI command of sublist3r to find Tesla subdomains?
sublist3r -d tesla.com
What tool is better but slower than sublist3r?
OWASP Amass (cli tool)
What tool can be used to probe subdomains to see if they’re active?
tomnomnom httprobe
What is Burp suite and what does it do?
web proxy -> intercepts traffic for us -> scans websites passively / or actively if you buy the pro version
Scan your network with Nmap, if you don’t know how, look at page 15 of summary
if you don’t know how, look at page 15 of summary
type nmap –help in Linux CLI and explore some of its features
this card doesn’t have an answer, go to the CLI and just try some Nmap commands out to become familiar with them