+1-415-670-9189
info@expertsmind.com
Explore several scanning and enumeration tools
Course:- Software Engineering
Reference No.:- EM132281407




Assignment Help
Expertsmind Rated 4.9 / 5 based on 47215 reviews.
Review Site
Assignment Help >> Software Engineering

You need to make report based on the given 2 labs.

Client -Anthem

Lab 1: Passive Reconnaissance

Introduction
Passive reconnaissance is the act of gathering information about a target without actually using or interacting with the target. It's like spying on the target with binoculars or interviewing acquaintances or coworkers of the target, but not starting a conversation with the target just yet.

In a real-world situation, a hacker will conduct passive reconnaissance to gather information that can be used to formulate an attack against users and systems. Passive reconnaissance is typically followed by the scanning and enumeration phase, in which the hacker attempts to actively probe the systems identified during passive reconnaissance. Passive reconnaissance is also sometimes referred to as open-source intelligence gathering (OSINT), as it uses publicly available sources to collect intelligence on a target.

In this lab, you will form customized search queries using Google's search operators. With WHOIS queries, you will learn how to query Internet registration authorities about registered domains. In later parts of the lab, you will use two hacking tools, theHarvester and Maltego, to collect and organize information from indexed databases. Finally, you will bypass LinkedIn's privacy settings.

This lab has several parts, which should be completed in the order specified.

1. In the first part of the lab, you will use Google's search operators to identify information about targets.

2. In the second part of the lab, you will use Google's Advanced Search options to form customized search queries that can assist in locating vulnerabilities.

3. In the third part of the lab, you will learn to query Internet registration authorities for information available about registered domains.

4. In the fourth part of the lab, you will use the Kali Linux machine you created in the "Introduction to the Lab Environment" lab to collect information about a domain using theHarvester, a data-collection tool built into Kali.

5. In the fifth part of the lab, you will use the Kali Linux machine you created in the "Introduction to the Lab Environment" lab to gather information from multiple sources and graphically organize information using Maltego.

6. In the sixth part of the lab, you will explore a hidden vulnerability in LinkedIn's privacy settings.

7. Finally, you will explore the virtual environment on your own to answer a set of questions that allow you to use the skills you learned in the lab to conduct independent, unguided work, similar to what you will encounter in a real-world situation.

Learning Objectives

Upon completing this lab, you will be able to:

• Use customized Google searches to perform focused vulnerability searches.
• Use hacking tools to scrape information from public databases.
• Query Internet registration authorities for domain information.
• Use Maltego to identify publicly available e-mail addresses and domain names.
• Explore and circumvent privacy settings in a social network.

Lab 2:

Preparing to strike at a target involves careful investigation. The hacker first learns all he or she can from open sources before actually touching the target system. That process is called passive reconnaissance. Eventually, the hacker exhausts the available resources and has to actually probe the target system, thus initiating scanning and enumeration.

The final step before the actual exploit, scanning and enumeration involves learning about a target system from the system itself. The hacker sets about probing a target system to see what services might be open and running, what vulnerabilities might exist, and which weaknesses might be exploitable. Due to the nature of scanning and enumeration, the hacker runs the risk of his or her activities being discovered and stopped by the target. For this reason, the black-hat hacker will want to gather as much information as he or she can as quickly as possible. Because a white-hat, or ethical, hacker has a written directive from the target itself, he or she may be less concerned with timing.

In this lab, you will explore several scanning and enumeration tools, including some you may already know. You will use Nmap and its graphical user counterpart, Zenmap, to gather data about the network, and you will capture that traffic using Wireshark. You will use OpenVAS, a popular open source vulnerability scanner, to further explore a vulnerable system. You will create and run a customized scan and examine the results. Finally, you will start two penetration tools, Metasploit and Armitage, import the Nmap report, and further explore the system. This lab has four parts, which should be completed in the order specified:

1. In the first part of the lab, you will use Zenmap and Nmap, the original command-line version, to actively probe your local area network and export the scan results to a file.

2. In the second part of the lab, you will use the OpenVAS vulnerability scanner to run an in-depth vulnerability scan of the target machine and generate a report showing the identified and prioritized system weaknesses.

3. In the third part of the lab, you will use Metasploit, a common penetration testing tool, and Armitage, the graphical user interface (GUI) for Metasploit, to further explore the target system.

4. Finally, if assigned by your instructor, you will explore the virtual environment on your own to answer a set of challenge questions that allow you to use the skills you learned in the lab to conduct independent, unguided work, similar to what you will encounter in a real-world situation.

Learning Objectives
Upon completing this lab, you will be able to:
• Understand the benefits of and tactics for conducting scanning and enumeration.
• Perform network and system scans and export the results.
• Capture network traffic and investigate packet-level data.
• Understand how to start and configure Metasploit and its supporting services.
• Perform and customize vulnerability scans and interpret the results.

Answered:-

Verified Expert

This project is about vulnerability assessment project. On this project, we solved two lab activities. Different software tools and techniques are used for carrying out the lab activity. Different vulnerability assessment software is used for identifying the vulnerabilities. And they are reported in this project.



Put your comment
 
Minimize


Ask Question & Get Answers from Experts
Browse some more (Software Engineering) Materials
Suppose you are tasked with coming up with a system development approach for the following project: John's shoe store which operates a chain of local stores in Chicago wants
Will these remote access capabilities assist or hinder mobile device investigations - Explain. In addition, what are the ethical implications of such technologies? Use biblic
What does SDLC stand for? What are the phases of the SDLC? Explain in one or two sentences of your own words what happens in each phase. If problems occur during the SDLC
For this conference, explain what a specific vulnerability is, describe a famous attack that leveraged it (For example, the Morris worm leveraged the buffer overflow vulnera
Discover the shining coyote experience in journey to ixtlan. Examine from Edinger's perspective. Explain the complete process of life cycle.
Describe how the SDLC pertains to the development of this application. Describe the tasks that need to be accomplished in each phase. Indicate who should perform the tasks:
Using IEEE and ACM Database, research on why it is important to use WHITE BOX AND BLACK BOX testing technique to evaluate a software module. This assignments needs to be at
What are the overall goals of the challenged process that you selected? What is the context and importance of the business process and system? What is the scop