Scribd Logo
Upload

Welcome to Scribd!

  • Experiment No. 2: Name: Bhaskar Kumbhar Roll No.: 6118023 Aim: To Perform The Following Tasks Assigned

    Uploaded by

    Bhaskar Kumbhar
    49 views8 pages
    efewfewfwefefe

    Original Title

    fewfewfe

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    efewfewfwefefe

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    49 views8 pages

    Experiment No. 2: Name: Bhaskar Kumbhar Roll No.: 6118023 Aim: To Perform The Following Tasks Assigned

    Uploaded by

    Bhaskar Kumbhar
    efewfewfwefefe

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 8

    EXPERIMENT NO.

    2
    Name : Bhaskar Kumbhar
    Roll No. : 6118023
    Aim : To perform the following tasks assigned :
    1. To study any 5 Information Gathering Tools of Kali Linux .
    2. To find out 10 websited whose expiry date is about to end using whois and Dmitry
    commands in kali linux.
    3. To understand how fake email is used to gather information.

    Kali Linux
    Kali Linux is a Debian-derived Linux distribution that is maintained by Offensive Security. It
    was developed by Mati Aharoni and Devon Kearns. Kali Linux is a specially designed OS for
    network analysts, Penetration testers, or in simple words, it is for those who work under the
    umbrella of cybersecurity and analysis.

    1. Information gathering Tools in Kali Linux


    Various information gathering tools in Kali Linux are :
    a. Nmap : -
    Nmap is an open-source network scanner that is used to recon/scan networks. It is used to
    discover hosts, ports, and services along with their versions over a network. It sends packets
    to the host and then analyzes the responses in order to produce the desired results. It could
    even be used for host discovery, operating system detection, or scanning for open ports. It
    is one of the most popular reconnaissance tools.

    b. Wireshark : -
    Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting,
    analysis, software and communications protocol development, and education. Originally
    named Ethereal, the project was renamed Wireshark in May 2006 due to trademark issues.
    Wireshark is cross-platform, using the Qt widget toolkit in current releases to implement its
    user interface, and using pcap to capture packets; it runs on Linux, macOS, BSD, Solaris,
    some other Unix-like operating systems, and Microsoft Windows. There is also a terminal-
    based (non-GUI) version called TShark. Wireshark, and the other programs distributed with
    it such as TShark, are free software, released under the terms of the GNU General Public
    License.
    c. Lynis : -
    Lynis is a powerful tool for security auditing, compliance testing, and system hardening. Of
    course, you can also utilize this for vulnerability detection and penetration testing as well.It
    will scan the system according to the components it detects. Lynis is an open source security
    auditing tool. Its main goal is to audit and harden Unix and Linux based systems. It scans the
    system by performing many security control checks.For example, if it detects Apache – it will
    run Apache-related tests for pin point information.

    d. Social Engineering Tools : -


    Social Engineering Toolkit is a collection of tools that could be used to perform social
    engineering attacks. These tools use and manipulate human behavior for information
    gathering. it is a great tool to phish the websites even.
    To use Social Engineering Toolkit:

    • Social Engineering Toolkit comes pre-installed with Kali Linux


    • Just type “setoolkit” in the terminal.
    • Agree to the terms and conditions to start using the social engineering toolkit.
    e. John The Ripper
    John the Ripper is a great tool for cracking passwords using some famous brute for attacks
    like dictionary attack or custom wordlist attack etc. It is even used to crack the hashes or
    passwords for the zipped or compressed files and even locked files as well. It has many
    available options to crack hashes or passwords.
    To use John the Ripper:

    • John the ripper comes pre-installed in Kali Linux.


    • Just type “john” in the terminal to use the tool.

    2) 10 websites whose domain’s expiry day is about to end :


    By using whois , Dmitry, harvest, etc command we can gather complete information
    like domain registration date, domain expiry date, etc.
    By using this information one can buy the domain of the website whose expiry is about
    to end and then demad money from the organization.
    Whois: Whois searches for an object in a WHOIS database. WHOIS is a query and
    response protocol that is widely used for querying databases that store the registered
    users of an Internet resource, such as a domain name or an IP address block, but is also
    used for a wider range of other information.
    Most modern versions of whois try to guess the right server to ask for the specified
    object. If no guess can be made, whois will connect to whois.networksolutions.com for
    NIC handles or whois.arin.net for IPv4 addresses and network names.

    DMitry: DMitry (Deepmagic Information Gathering Tool) is a UNIX/(GNU)Linux


    Command Line Application coded in C. DMitry has the ability to gather as much
    information as possible about a host. Base functionality is able to gather possible
    subdomains, email addresses, uptime information, tcp port scan, whois lookups, and
    more.

    TheHarvester: TheHarvester is a tool for gathering e-mail accounts, subdomain names,


    virtual hosts, open ports/ banners, and employee names from different public sources
    (search engines, pgp key servers).It is a really simple tool, but very effective for the early
    stages of a penetration test or just to know the visibility of your company in the Internet.
    Some of the websites whose domain is about to expire are using whois command:
    • facebook.com
    Expiry date : March 2028

    • google.com
    Expiry date : September 2018

    • mhssce.com
    Expiry date : July 2021

    • tcs.com
    Expiry date : November 2030

    • linkedin.com
    Expiry date : November 2022
    • mygov.in
    Expiry date : April 2022

    • classroom.google.com
    Expiry date : July 2021

    • virtualbox.org
    Expiry date : October 2021

    • meet.google.com
    Expiry date : October 2021

    • whatsapp.com
    Expiry date : September 2027

    Some of the websites whose domain is about to expire are using dmitry command:
    • facebook.com
    Expiry date : March 2028
    • google.com
    Expiry date : September 2018

    • tcs.com
    Expiry date : November 2030

    • linkedin.com
    Expiry date : November 2022

    • mygov.in
    Expiry date : April 2022

    • virtualbox.org
    Expiry date : October 2021
    3) Fake Mail
    Information gathering is an art which can also be done by sending fake mails.
    There are many fake mailing websites which can be used for sending email by acting as
    some other person.We can also gather any important information like account details,
    mobile number, etc. by using this method.

    Identification of Fake Mails


    1. The message is sent from a public email domain
    2. The domain name is misspelt
    3. The email is poorly written
    4. It includes suspicious attachments or links
    5. The message creates a sense of urgency

    CONCLUSION :
    Thus, gathered the information in the form of fake email, by using information gathering
    tools like dmitry and whois. Also studied the information gathering tools in kali linux.

    You might also like