4.1 Tool to assess organizational security Flashcards
(39 cards)
Reconnaissance tools: what is traceroute ?
Network diagnostic tool that helps determine the path packets take from a source to a destination. It is primarily used for troubleshooting network connectivity issues, identifying network bottlenecks, and understanding the path taken by packets.
Use Traceroute when you want to trace the path packets take from a source to a destination, identify network hops, measure round-trip times, and troubleshoot network connectivity issues.
Reconnaissance tools: what are the commands in Linux & Windows to traceroute a packet ?
- Windows: tracert
- Linux: traceroute
Reconnaissance tools: what is the mechanics of traceroute (how does it work)?
Takes advantage of ICMP Time to Live (TTL) exceeded error message.
Ex: TTL=1 is the first router, TTL=2 is the second router etc
Reconnaissance tools: what nslookup command for ?
Command-line tool available on many operating systems for querying DNS servers and performing basic DNS lookups. It allows users to manually query DNS servers and retrieve information about domain names, IP addresses, name servers, and other DNS records. Nslookup is commonly used for simple DNS troubleshooting, verifying DNS resolution, and checking DNS configurations. However, its feature set is relatively limited compared to Dig. In recent years, the functionality of nslookup has been largely superseded by more advanced tools like Dig.
Reconnaissance tools: what ipconfig and ifconfig command for ?
Determine IP and network information
- ipconfig: windows
- ifconfig: linux
Reconnaissance tools: what ping command for ?
Test reachability of an IP
Reconnaissance tools: what pathping command for ?
Combines the functionalities of ping and traceroute. It is a Windows-specific command-line utility that measures packet loss, round-trip times, and other network performance metrics. Use PathPing when you need a combination of Ping and Traceroute functionalities. It provides information about latency and packet loss at each hop along the network path, making it useful for diagnosing intermittent connectivity issues and identifying network segments with performance problems.
Reconnaissance tools: what netstat command for ?
It stands for network statistics and show network status and protocol statistics:
- netstat -a: show all active connection
- netstat -b: show binaries (windows)
- netstat -n: do not resolve names
Reconnaissance tools: what is ARP ?
Address Resolution Protocol determine a MAC address based on an IP address (you need the hardware address to communicate)
Reconnaissance tools: is there a command to see MAC address ?
Using the arp command:
- arp -a: view local ARP table
Reconnaissance tools: what curl command for ?
It stands for Client URL and allow to grab the raw data (html) from a websites and display it
Reconnaissance tools: why using curl command ?
To be able to see the source code of a website and search through it
Reconnaissance tools: what is hping ?
Command-line network tool known for packet crafting, network scanning, and testing. It allows you to craft and send customized packets with specific characteristics, such as source and destination IP addresses, ports, protocols, flags, and payloads.
Use Hping when you require advanced network scanning, port scanning, or packet manipulation capabilities for network testing, security assessments, or troubleshooting purposes.
Reconnaissance tools: what is nmap ?
It stands for network mapper. It can port scan, discover OS, service scan, can use script
Reconnaissance tools: what is OSINT ?
OSINT skills are the abilities and knowledge necessary to collect, analyze, and use information from open sources for various purposes.
Ex of OSINT tool: theHarvester
Reconnaissance tools: what is sn1per ?
Penetration testing tool and scanner designed for reconnaissance, vulnerability scanning, and information gathering. It combine many tools: dnsenum, metasploit, nmap, wfuzz, nikto etc
Reconnaissance tools: what can be a problem when you do a scan? how to prevent it ?
Your device can be identify as the source of the scan. To prevent from this, you can scan from a different host (for ex a proxy)
Scaless tool can be use for this type of scan
Reconnaissance tools: what dsnenum command for ?
DNSenum is a specialized tool for DNS enumeration and information gathering. It focuses on discovering DNS-related information about a target domain, such as subdomains, DNS records, zone transfers, reverse DNS lookups, and DNSSEC configurations. DNSenum automates the process of gathering DNS data and provides a comprehensive view of the DNS infrastructure of a domain. It is commonly used in reconnaissance and information gathering during penetration testing and security assessments to identify potential targets and vulnerabilities related to DNS configurations.
Reconnaissance tools: what is nessus for ?
A vulnerability scanner The most popular because it has a very large DB
Reconnaissance tools: what is cuckoo for ?
A sandbox (a virtual env) for malware.
It test a file in a safe environement and can track & trace API calls, network traffic, memory analysis, traffic captures etc
File manipulation tools: what cat command for ?
Show the content of a file on linux machines
File manipulation tools: what head command for ?
View the first part of a file (linux)
Ex: head -n 5 syslog: view the 1st 5 line of syslog file
File manipulation tools: what tail command for ?
View the last part of a file. Same syntax as the head command
File manipulation tools: what grep command for ?
Find text in a file
Ex: grep failed auth.log: find the word ‘failed’ in the auth.log file
