User Account

All Pages

Explore several scanning and enumeration tools

Assignment Help Software Engineering
Reference no: EM132281407

You need to make report based on the given 2 labs.

Client -Anthem

Lab 1: Passive Reconnaissance

Introduction
Passive reconnaissance is the act of gathering information about a target without actually using or interacting with the target. It's like spying on the target with binoculars or interviewing acquaintances or coworkers of the target, but not starting a conversation with the target just yet.

In a real-world situation, a hacker will conduct passive reconnaissance to gather information that can be used to formulate an attack against users and systems. Passive reconnaissance is typically followed by the scanning and enumeration phase, in which the hacker attempts to actively probe the systems identified during passive reconnaissance. Passive reconnaissance is also sometimes referred to as open-source intelligence gathering (OSINT), as it uses publicly available sources to collect intelligence on a target.

In this lab, you will form customized search queries using Google's search operators. With WHOIS queries, you will learn how to query Internet registration authorities about registered domains. In later parts of the lab, you will use two hacking tools, theHarvester and Maltego, to collect and organize information from indexed databases. Finally, you will bypass LinkedIn's privacy settings.

This lab has several parts, which should be completed in the order specified.

1. In the first part of the lab, you will use Google's search operators to identify information about targets.

2. In the second part of the lab, you will use Google's Advanced Search options to form customized search queries that can assist in locating vulnerabilities.

3. In the third part of the lab, you will learn to query Internet registration authorities for information available about registered domains.

4. In the fourth part of the lab, you will use the Kali Linux machine you created in the "Introduction to the Lab Environment" lab to collect information about a domain using theHarvester, a data-collection tool built into Kali.

5. In the fifth part of the lab, you will use the Kali Linux machine you created in the "Introduction to the Lab Environment" lab to gather information from multiple sources and graphically organize information using Maltego.

6. In the sixth part of the lab, you will explore a hidden vulnerability in LinkedIn's privacy settings.

7. Finally, you will explore the virtual environment on your own to answer a set of questions that allow you to use the skills you learned in the lab to conduct independent, unguided work, similar to what you will encounter in a real-world situation.

Learning Objectives

Upon completing this lab, you will be able to:

• Use customized Google searches to perform focused vulnerability searches.
• Use hacking tools to scrape information from public databases.
• Query Internet registration authorities for domain information.
• Use Maltego to identify publicly available e-mail addresses and domain names.
• Explore and circumvent privacy settings in a social network.

Lab 2:

Preparing to strike at a target involves careful investigation. The hacker first learns all he or she can from open sources before actually touching the target system. That process is called passive reconnaissance. Eventually, the hacker exhausts the available resources and has to actually probe the target system, thus initiating scanning and enumeration.

The final step before the actual exploit, scanning and enumeration involves learning about a target system from the system itself. The hacker sets about probing a target system to see what services might be open and running, what vulnerabilities might exist, and which weaknesses might be exploitable. Due to the nature of scanning and enumeration, the hacker runs the risk of his or her activities being discovered and stopped by the target. For this reason, the black-hat hacker will want to gather as much information as he or she can as quickly as possible. Because a white-hat, or ethical, hacker has a written directive from the target itself, he or she may be less concerned with timing.

In this lab, you will explore several scanning and enumeration tools, including some you may already know. You will use Nmap and its graphical user counterpart, Zenmap, to gather data about the network, and you will capture that traffic using Wireshark. You will use OpenVAS, a popular open source vulnerability scanner, to further explore a vulnerable system. You will create and run a customized scan and examine the results. Finally, you will start two penetration tools, Metasploit and Armitage, import the Nmap report, and further explore the system. This lab has four parts, which should be completed in the order specified:

1. In the first part of the lab, you will use Zenmap and Nmap, the original command-line version, to actively probe your local area network and export the scan results to a file.

2. In the second part of the lab, you will use the OpenVAS vulnerability scanner to run an in-depth vulnerability scan of the target machine and generate a report showing the identified and prioritized system weaknesses.

3. In the third part of the lab, you will use Metasploit, a common penetration testing tool, and Armitage, the graphical user interface (GUI) for Metasploit, to further explore the target system.

4. Finally, if assigned by your instructor, you will explore the virtual environment on your own to answer a set of challenge questions that allow you to use the skills you learned in the lab to conduct independent, unguided work, similar to what you will encounter in a real-world situation.

Learning Objectives
Upon completing this lab, you will be able to:
• Understand the benefits of and tactics for conducting scanning and enumeration.
• Perform network and system scans and export the results.
• Capture network traffic and investigate packet-level data.
• Understand how to start and configure Metasploit and its supporting services.
• Perform and customize vulnerability scans and interpret the results.

Verified Expert

This project is about vulnerability assessment project. On this project, we solved two lab activities. Different software tools and techniques are used for carrying out the lab activity. Different vulnerability assessment software is used for identifying the vulnerabilities. And they are reported in this project.

Reference no: EM132281407

Questions Cloud

The equal pay act : The Equal Pay Act of 1963. Under ADA, an employer is not required:
Discuss tough conditions that affected the victorian society : Use the works of two authors of the Victorian period to discuss at least four tough conditions that affected the Victorian society.
What is the value of optimal capital structure : What is the value of Optimal Capital Structure Inc. before restructuring?
Risk reviews to be conducted throughout project life cycle : De?ne a process to be followed for risk reviews to be conducted throughout the project life cycle. What is being done to communicate risks?
Explore several scanning and enumeration tools : CSCI 632 Ethical Hacking - Liberty University - explore the virtual environment on your own to answer a set of challenge questions
Test the claim that exercise program has no effect on weight : GEOG 362 Statistical Methods Lab Assignment, Concordia University, Canada. Test the claim that the exercise program has no effect on weight
Integrate qualitative-quantitative risk analysis techniques : Integrate qualitative and quantitative risk analysis techniques to identify methods for evaluating the probability of a risk event.
Discuss issue of womens rights at the turn-of-the-century : The work of literature must be a story/novel/play/poem that you have read on your own or that you plan to read during the research phase of this project;
Was the most e?ective method applied to determine risk : Were qualitative or quantitative methods used? Was the most e?ective method applied to determine risk?

Reviews

Write a Review

Software Engineering Questions & Answers

  Research report on software design

Write a Research Report on software design and answer diffrent type of questions related to design. Report contain diffrent basic questions related to software design.

  A case study in c to java conversion and extensibility

A Case Study in C to Java Conversion and Extensibility

  Create a structural model

Structural modeling is a different view of the same system that you analyzed from a functional perspective. This model shows how data is organized within the system.

  Write an report on a significant software security

Write an report on a significant software security

  Development of a small software system

Analysis, design and development of a small software system.

  Systems analysis and design requirements

Systems Analysis and Design requirements

  Create a complete limited entry decision table

Create a complete limited entry decision table

  Explain flow boundaries map

Explain flow boundaries map the dfd into a software architecture using transform mapping.

  Frame diagrams

Prepare a frame diagram for the software systems.

  Identified systems and elements of the sap system

Identify computing devices, which could be used to support Your Improved Process

  Design a wireframe prototype

Design a wireframe prototype to meet the needs of the personas and requirements.

  Explain the characteristics of visual studio 2005

Explain the characteristics of Visual Studio 2005.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd