Scribd
Upload
20 views47 pages

Module 02 Penetration-Testing

The document outlines the process and tools used in penetration testing, emphasizing the importance of obtaining permission before conducting tests. It lists various tools for information gathering, network analysis, and vulnerability scanning, such as Nmap, Nessus, and Metasploit. Additionally, it highlights techniques for discovering sensitive information through advanced search methods and human interaction.

Uploaded by

yaab0646
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
20 views47 pages

Module 02 Penetration-Testing

The document outlines the process and tools used in penetration testing, emphasizing the importance of obtaining permission before conducting tests. It lists various tools for information gathering, network analysis, and vulnerability scanning, such as Nmap, Nessus, and Metasploit. Additionally, it highlights techniques for discovering sensitive information through advanced search methods and human interaction.

Uploaded by

yaab0646
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Penetration Testing


-


❑ ❑
❑ ❑

❑ ❑


❑ ❑


















❑ Gaining access


• Tools: Nmap, Nessus, OpenVAS


Use advanced search engine
techniques to discover hidden or
Obtain official permission to inadequately protected
conduct penetration testing. information.

Helps identify the systems,


services and resources to be SiteDigger: A tool used to discover vulnerabilities using
tested and define the search engines.
constraints to be respected. GHDB (Google Hacking Database): A database containing
custom search queries to discover sensitive information.
MetaGoofil: A tool for extracting metadata from documents
found via search engines.
Hoovers Inc.: A database containing information
Website analysis to about companies.
to collect information gather information Business Wire: A source of financial information and
about people or about the news about companies.
organizations infrastructure and LexisNexis: A legal database containing information
technologies used about companies and individuals.

gather information about


BlackWidow: A tool for analyzing the structure of websites
senders, recipients, and servers.
and extracting content.
Web Site Copier: A tool for downloading a complete copy of a NSLookup: A tool for discovering the IP address of email servers.
website for offline study. eMailTrackerPro: A tool for tracking the source of emails.
HTTrack: An open-source tool for downloading entire Email Lookup: Tools for searching and validating email addresses.
websites. PoliteMail: A tool for analyzing emails within organizations.
To obtain information
Gather information from the through human
Information about Domain Name System (DNS) to Network analysis to interaction rather
domain name owners learn more about network gather information about than technical
infrastructure. the devices and services attacks.
available on the network.
SmartWhoIs: A tool that provides detailed reports on the Path Analyzer: A tool to analyze the path of data packets through a
registration information for any domain name. network and determine the points they pass through.
Domain Dossier: A tool that searches WHOIS databases to VisualRoute: A tool that visualizes the path of packets through a network
get detailed information about a domain name. and shows the geographic locations of the devices they pass through.
SuperScanner: An advanced scanning tool that can be Network Pinger: A tool used to verify the connectivity of devices over a
used to get detailed information about domain names. network by sending and receiving data packets.

DNSstuff: A comprehensive toolkit for DNS analysis and Shoulder surfing: Monitoring people for sensitive
troubleshooting. information such as passwords.
SamSpade: A tool that offers a variety of networking and Dumpster diving: Searching through trash to obtain
reconnaissance tools, including DNS analysis. discarded documents or information.
NSLookup: A command-line tool that enables users to query the
Eavesdropping: Listening to conversations for confidential
Domain Name System (DNS) to get information about domain
names and their associated IP addresses. information.
Utilities:
Nmap: Scans networks and detects open
services.
Wireshark: Analyzes network traffic.
Metasploit: Tests and exploits
vulnerabilities.
Nessus: Scans for vulnerabilities.
Snort: Detects intrusions.

You might also like