K. J.

Somaiya College of Engineering, Mumbai-77

(A Constituent College of Somaiya Vidyavihar University)

Title: Perform reconnaissance using network information gathering tool

Books/ Journals/ Websites referred:

1. Web Penetration Testing with Kali Linux, Joseph Muniz, Aamir Lakhani, Packt Publishing, 2013.

2. Hacking Exposed 7: Network Security Secrets and Solutions, George Kurtz, Joel Scambray, and
Stuart McClure, McGraw Hill, 2012.

Introduction:

1. Nmap

With Nmap, security professionals can find live hosts on a network and perform port scanning. This
app is helpful for many reasons such as identifying open ports which are vulnerable to attack by
hackers, or finding the operating system in use so that vulnerabilities may be exploited.

2. Metasploit

The Metasploit framework is a powerful tool for cybersecurity professionals while conducting
information-gathering tasks. What makes it unique is the fact that it is very easy to use. It can be used
by both ethical hackers and cybercriminals to identify vulnerabilities on networks and servers.
It allows testers to scan systems for vulnerabilities, conduct network reconnaissance, launch exploits,
and more. Exploit modules—allow testers to target a specific, known vulnerability. Metasploit has a
large number of exploit modules, including buffer overflow and SQL injection exploits.

Page No. 1Department of Computer EngineeringHon-VAPT/Jan-May 2024

 K. J. Somaiya College of Engineering, Mumbai-77
(A Constituent College of Somaiya Vidyavihar University)

3. Wireshark

Wireshark is one of the most well-known and often used packet sniffing tools available today. It is
used by cybersecurity professionals, network administrators and hackers to collect information from
networks. Network packets contain a wealth of information, and Wireshark captures this data for
later analysis. Learning how to use Wireshark is essential if you wish to conduct information gathering
on a network.

Wireshark is a network protocol analyzer, or an application that captures packets from a network
connection, such as from your computer to your home office or the internet. Packet is the name
given to a discrete unit of data in a typical Ethernet network. Wireshark is the most often-used packet
sniffer in the world.

Implementation details:

1. Nmap

Page No. 2Department of Computer EngineeringHon-VAPT/Jan-May 2024

 K. J. Somaiya College of Engineering, Mumbai-77
(A Constituent College of Somaiya Vidyavihar University)

Page No. 3Department of Computer EngineeringHon-VAPT/Jan-May 2024

 K. J. Somaiya College of Engineering, Mumbai-77
(A Constituent College of Somaiya Vidyavihar University)

2. Metasploitable

Page No. 4Department of Computer EngineeringHon-VAPT/Jan-May 2024

 K. J. Somaiya College of Engineering, Mumbai-77
(A Constituent College of Somaiya Vidyavihar University)

Page No. 5Department of Computer EngineeringHon-VAPT/Jan-May 2024

 K. J. Somaiya College of Engineering, Mumbai-77
(A Constituent College of Somaiya Vidyavihar University)

3. Wireshark

Page No. 6Department of Computer EngineeringHon-VAPT/Jan-May 2024

 K. J. Somaiya College of Engineering, Mumbai-77
(A Constituent College of Somaiya Vidyavihar University)

Page No. 7Department of Computer EngineeringHon-VAPT/Jan-May 2024

 K. J. Somaiya College of Engineering, Mumbai-77
(A Constituent College of Somaiya Vidyavihar University)

Conclusion: Explored various tools that are used for information gathering and also performed basic
reconnaissance.

Page No. 8Department of Computer EngineeringHon-VAPT/Jan-May 2024