The 5 stages of ethical hacking + passive reconnaissance Flashcards
What are the 5 stages of ethical hacking?
1) Reconnaisance (active and passive)
2) Scanning & enumeration
3) Gaining access
4) maintaining access
5) covering tracks
What website can you find public bug bounties on?
bugcrowd.com
Name the 4 main assessments in web/host assessment
target validation
finding subdomains
fingerprinting
data breaches
Name 3 target (web/host) validation tools (web/host assessment)
WHOIS
nslookup
dnsrecon
Name 3 subdomain searching tools (web/host assessment)
google Fu
dig
Nmap
Sublist3r
Bluto
crt.sh
Name 5 fingerprinting tools (web/host assessment)
Nmap
Wappalyzer
WhatWeb
BuiltWith
Netcat
Name 3 data breaches tools (web/host assessment)
HaveIBeenPwned
Breach-Parse
WeLeakInfo
Name 4 email address discovering tools
hunter.io
phonebook.cz
voilamorbert.com
clearbit.com
How to discover email addresses? (3 steps)
- google search person if looking for specific person in company
- phonebook.cz / hunter.io -> try to identify the formatting of the email, then try to find person / gestimate
- take email and verify at tools.emailhippo.com or email-checker.net/validate
What is the Breach-parse tool?
CLI program from heath self to find breached info about people
What is one of the best websites to search for breached info?
DeHashed
What website can dehash a hashed password?
hashes.org -> but doesn’t always work
what’s the CLI command of sublist3r to find Tesla subdomains?
sublist3r -d tesla.com
What tool is better but slower than sublist3r?
OWASP Amass (cli tool)
What tool can be used to probe subdomains to see if they’re active?
tomnomnom httprobe
