User Account

All Pages

Explore several scanning and enumeration tools

Assignment Help Software Engineering
Reference no: EM132281407

You need to make report based on the given 2 labs.

Client -Anthem

Lab 1: Passive Reconnaissance

Introduction
Passive reconnaissance is the act of gathering information about a target without actually using or interacting with the target. It's like spying on the target with binoculars or interviewing acquaintances or coworkers of the target, but not starting a conversation with the target just yet.

In a real-world situation, a hacker will conduct passive reconnaissance to gather information that can be used to formulate an attack against users and systems. Passive reconnaissance is typically followed by the scanning and enumeration phase, in which the hacker attempts to actively probe the systems identified during passive reconnaissance. Passive reconnaissance is also sometimes referred to as open-source intelligence gathering (OSINT), as it uses publicly available sources to collect intelligence on a target.

In this lab, you will form customized search queries using Google's search operators. With WHOIS queries, you will learn how to query Internet registration authorities about registered domains. In later parts of the lab, you will use two hacking tools, theHarvester and Maltego, to collect and organize information from indexed databases. Finally, you will bypass LinkedIn's privacy settings.

This lab has several parts, which should be completed in the order specified.

1. In the first part of the lab, you will use Google's search operators to identify information about targets.

2. In the second part of the lab, you will use Google's Advanced Search options to form customized search queries that can assist in locating vulnerabilities.

3. In the third part of the lab, you will learn to query Internet registration authorities for information available about registered domains.

4. In the fourth part of the lab, you will use the Kali Linux machine you created in the "Introduction to the Lab Environment" lab to collect information about a domain using theHarvester, a data-collection tool built into Kali.

5. In the fifth part of the lab, you will use the Kali Linux machine you created in the "Introduction to the Lab Environment" lab to gather information from multiple sources and graphically organize information using Maltego.

6. In the sixth part of the lab, you will explore a hidden vulnerability in LinkedIn's privacy settings.

7. Finally, you will explore the virtual environment on your own to answer a set of questions that allow you to use the skills you learned in the lab to conduct independent, unguided work, similar to what you will encounter in a real-world situation.

Learning Objectives

Upon completing this lab, you will be able to:

• Use customized Google searches to perform focused vulnerability searches.
• Use hacking tools to scrape information from public databases.
• Query Internet registration authorities for domain information.
• Use Maltego to identify publicly available e-mail addresses and domain names.
• Explore and circumvent privacy settings in a social network.

Lab 2:

Preparing to strike at a target involves careful investigation. The hacker first learns all he or she can from open sources before actually touching the target system. That process is called passive reconnaissance. Eventually, the hacker exhausts the available resources and has to actually probe the target system, thus initiating scanning and enumeration.

The final step before the actual exploit, scanning and enumeration involves learning about a target system from the system itself. The hacker sets about probing a target system to see what services might be open and running, what vulnerabilities might exist, and which weaknesses might be exploitable. Due to the nature of scanning and enumeration, the hacker runs the risk of his or her activities being discovered and stopped by the target. For this reason, the black-hat hacker will want to gather as much information as he or she can as quickly as possible. Because a white-hat, or ethical, hacker has a written directive from the target itself, he or she may be less concerned with timing.

In this lab, you will explore several scanning and enumeration tools, including some you may already know. You will use Nmap and its graphical user counterpart, Zenmap, to gather data about the network, and you will capture that traffic using Wireshark. You will use OpenVAS, a popular open source vulnerability scanner, to further explore a vulnerable system. You will create and run a customized scan and examine the results. Finally, you will start two penetration tools, Metasploit and Armitage, import the Nmap report, and further explore the system. This lab has four parts, which should be completed in the order specified:

1. In the first part of the lab, you will use Zenmap and Nmap, the original command-line version, to actively probe your local area network and export the scan results to a file.

2. In the second part of the lab, you will use the OpenVAS vulnerability scanner to run an in-depth vulnerability scan of the target machine and generate a report showing the identified and prioritized system weaknesses.

3. In the third part of the lab, you will use Metasploit, a common penetration testing tool, and Armitage, the graphical user interface (GUI) for Metasploit, to further explore the target system.

4. Finally, if assigned by your instructor, you will explore the virtual environment on your own to answer a set of challenge questions that allow you to use the skills you learned in the lab to conduct independent, unguided work, similar to what you will encounter in a real-world situation.

Learning Objectives
Upon completing this lab, you will be able to:
• Understand the benefits of and tactics for conducting scanning and enumeration.
• Perform network and system scans and export the results.
• Capture network traffic and investigate packet-level data.
• Understand how to start and configure Metasploit and its supporting services.
• Perform and customize vulnerability scans and interpret the results.

Verified Expert

This project is about vulnerability assessment project. On this project, we solved two lab activities. Different software tools and techniques are used for carrying out the lab activity. Different vulnerability assessment software is used for identifying the vulnerabilities. And they are reported in this project.

Reference no: EM132281407

Questions Cloud

The equal pay act : The Equal Pay Act of 1963. Under ADA, an employer is not required:
Discuss tough conditions that affected the victorian society : Use the works of two authors of the Victorian period to discuss at least four tough conditions that affected the Victorian society.
What is the value of optimal capital structure : What is the value of Optimal Capital Structure Inc. before restructuring?
Risk reviews to be conducted throughout project life cycle : De?ne a process to be followed for risk reviews to be conducted throughout the project life cycle. What is being done to communicate risks?
Explore several scanning and enumeration tools : CSCI 632 Ethical Hacking - Liberty University - explore the virtual environment on your own to answer a set of challenge questions
Test the claim that exercise program has no effect on weight : GEOG 362 Statistical Methods Lab Assignment, Concordia University, Canada. Test the claim that the exercise program has no effect on weight
Integrate qualitative-quantitative risk analysis techniques : Integrate qualitative and quantitative risk analysis techniques to identify methods for evaluating the probability of a risk event.
Discuss issue of womens rights at the turn-of-the-century : The work of literature must be a story/novel/play/poem that you have read on your own or that you plan to read during the research phase of this project;
Was the most e?ective method applied to determine risk : Were qualitative or quantitative methods used? Was the most e?ective method applied to determine risk?

Reviews

Write a Review

Software Engineering Questions & Answers

  List six phases of system development life cycle in order

List the six phases of the System Development Life Cycle (SDLC) in order. For each phase, describe three tasks that occur during that phase.

  Explain which change model would follow for the short-term

Provide rationale for your decision and discuss the effects that these changes would have on the employees, managers, and executives within the organization.

  Create a simple class diagram from the list of classes

CIS5302 Professional Skills for Business Analysis Assignment. Define and understand the Requirements - Create a simple class diagram from the list of classes

  Draw a high-level dfd of the veterinary hospital

Draw a Context Diagram of the Veterinary Hospital Registration system from the perspective of the personnel at the Veterinary Hospital - Draw a High-Level DFD of the Veterinary Hospital Registration system from the perspective of the personnel at t..

  Discuss two future trends in system development

Discuss two future trends in system development. How do you think they will affect the future development of systems in the health care industry

  Explain important or interesting design decisions you made

Place a explaining any important or interesting design decisions you made, such as identification and creation of composite entities or weak entities.

  Prepare a level 0 data flow diagram for the materials

Prepare a systems flowchart for the materials requirements planning process only.- Prepare a level 0 data flow diagram for the materials requirements planning process only.

  Web-based medical centre administration system

COIT13230 - Application Development Project - You are required to develop a web based system to administer functionalities in a typical Australian medical

  Security policies and implementation issues

Information systems security organizations or officers enforces security policies that the program level, while the front-line supervisors enforce it at an employee level.

  Write balanced transportation problem to minimize sum

With customer 1 penalty cost of 490 is incurred; with customer 2, $80; and with customer 3, $110. Write balanced transportation problem to minimize the sum of shortage and shipping cost.

  Business requirements

Describe the scope and analyze how to control the scope. Speculate and give justifications for how to control scope. Identify possible risks, constraints, and assumptions.

  Can a system ever be completely decoupled

Can a system ever be completely "decoupled"? That is, can the degree of coupling be reduced so much that there is no coupling between components?

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd