This was an excellent read.\u00a0 Reconnaissance is the first step in the MITRE ATT&CK chain.\u00a0 It helps attackers find vulnerabilities on internal systems.\u00a0 Many times this is done by analyzing public facing web servers.\u00a0 There is a myriad of information to be gained from web-servers.\u00a0 These systems will show services and banners and the exact software versions that are being run on the server.\u00a0 The article referenced many tools to accomplish this.\u00a0 Some of these I have heard of and used in the past such as Shodan, and others I have not heard of such as Recon-ng.<\/p>\n
Shodan is very useful as it will scan an IP and tell you what ports are open and many times what services are running on the website such as Apache, IIS, Nginx, etc.\u00a0 You need the IP address of the site you want to scan.\u00a0 Generally you can just plug a website URL into a DNS lookup tool and get the IP that way, then just plug it into Shodan.\u00a0 Recon-ng, according to the article is a command line tool that is included in Kali.\u00a0 It is a python script that works like Metasploit that queries Google and Shodan for information on a given a site for services and open ports.\u00a0 The article goes on to mention that once you determined a particle service is running such as Apache 2.4.4, http:\/\/www.cvedetails.com will allow you to research any know vulnerabilities against that service.<\/p>\n
<\/p>\n
Questions for the class:<\/p>\n
While Nmap and OpenVAS are standard programs for port scanning and basic enumeration, why are open source reconnaissance tools like Shodan and Google searches a better starting point in terms of stealth?<\/p>\n","protected":false},"excerpt":{"rendered":"
This was an excellent read.\u00a0 Reconnaissance is the first step in the MITRE ATT&CK chain.\u00a0 It helps attackers find vulnerabilities on internal systems.\u00a0 Many times this is done by analyzing public facing web servers.\u00a0 There is a myriad of information to be gained from web-servers.\u00a0 These systems will show services and banners and the exact […]<\/p>\n","protected":false},"author":25060,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[1],"tags":[],"class_list":{"0":"post-6656","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-uncategorized","7":"entry"},"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/community.mis.temple.edu\/mis5211sec702fall2020\/wp-json\/wp\/v2\/posts\/6656","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/community.mis.temple.edu\/mis5211sec702fall2020\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/community.mis.temple.edu\/mis5211sec702fall2020\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5211sec702fall2020\/wp-json\/wp\/v2\/users\/25060"}],"replies":[{"embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5211sec702fall2020\/wp-json\/wp\/v2\/comments?post=6656"}],"version-history":[{"count":1,"href":"https:\/\/community.mis.temple.edu\/mis5211sec702fall2020\/wp-json\/wp\/v2\/posts\/6656\/revisions"}],"predecessor-version":[{"id":6657,"href":"https:\/\/community.mis.temple.edu\/mis5211sec702fall2020\/wp-json\/wp\/v2\/posts\/6656\/revisions\/6657"}],"wp:attachment":[{"href":"https:\/\/community.mis.temple.edu\/mis5211sec702fall2020\/wp-json\/wp\/v2\/media?parent=6656"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5211sec702fall2020\/wp-json\/wp\/v2\/categories?post=6656"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5211sec702fall2020\/wp-json\/wp\/v2\/tags?post=6656"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}