Posted: August 25th, 2021
OSINT Techniques: Question – Answer
Name
Institutional Affiliation
OSINT Techniques: Question – Answer
Question 1: Using Nmap, scan scanme.nmap.orgURL:
Network Mapper (Nmap) is an application used to explore and audit the security of a network. Initially, the tool was developed to facilitate rapid scanning of large networks. However, it also works well with single hosts(Bazzell,2014). The device uses a raw set of IP packets to establish the existing types of hosts on a particular network, the type of services, application name, and type of version being offered by the hosts. Equally, the exploration output from the tool identifies the operating system, established applications running, and the types of packet filters or firewalls that are in use, among other characteristics (Bazzell,2014). In this assessment, Nmap tool is used to scan across the URL: scanme.nmap.org. An Nmap scan listscriticalinformation such as the ports table, which lists port number and the protocol, the service name as well as the state(Chauhan& Panda,2015). A port’s state is either open, closed/unfiltered,or filtered. The results of the scan are displayed under Table 1 below.
Figure 1: Report of Nmap Scan for URL: scanme.nmap.org
Command line:>nmap scanme.nmap.org
Figure 1
Figure 2
By using a command, # nmap -T4 -F 195.88.229.107, the results obtained shows the following about the two ports.
PORT STATE SERVICE
139/tcp open netbios -ssn
445/tcp open Microsoft – ds
-A command stands for aggressive search, and it informs nmap to do an operating system (OS) and version check. Command -T4 stands for speed and it tells nmap to increase the speed of scanning. Usually, the speed template is in a range of 0 for the slow systems and 5 for the fast operations.
c) Identify the OS detection, version detection, and traceroute of the same URL
Once the aggressive command, #nmap -A -T4 scanme.nmap.org is applied, the following results are obtained:
Figure 3: OS Detection
Figure 3 shows that the operating system (OS) is Linux; CPE: cpe:/o.linux: linux_kernel.
Figure 4Version Detection
From Figure 4, it can be shown that the detected version of the OS is OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.13 (Ubuntu Linux; protocol 2.0).
Figure 5 Traceroute
Under Figure 5 is the traceroute obtained using port 80/tcp.
Question 2: Using open-source intelligence or Reconnaissance method, identify all the emails address available on public domain for @labtrobe.edu.au
For easy identification of emails on the above public domain, the Harvester tool is used to help retrieve the information. The device is an inbuilt application in Linux(Layton & Watters, 2016). The following is the process involved in performing the email identification process.
The application is commanded through the Kali Linux window to get information from google, twitter and Bing sites as the main target sources. The following command was used to retrieve the emails from google:
root@kali: # the harvester -d @labtrobe.edu.edu -l 500 -b google.com
The letter d refers to the type of domain where information is required, l is for the limit of the quantity of information, in this case, and 500 searches are required while b specifies the site, that is, google.
Results on Google
The second step involved the search for emails connected to the same domain on Bing. The following commands were used to complete the process, and results shown as follows:
root@kali: # theharvester -d @labtrobe.edu.edu -l 500 -b bing.com
Figure 6
Emails found
Figure 7
Results on Bing
Lastly, the same process was repeated to help retrieve emails registered or have ever been used on the same domain on twitter. The command used on twitter is: root@kali: # the harvester -d @labtrobe.edu.edu -l 500 -b twitter.com. The following are the results;
Figure 8
Results on Twitter
The other step-involved search for emails connected to the same domain on Bing. The following commands were used to complete the process, and results shown as follows:
root@kali: # the harvester -d @labtrobe.edu.edu -l 500 -b twitter.com
Figure 9 Results on Twitter
References
Bazzell, M. (2014). Open source intelligence techniques: Resources for searching and analyzing online information. Charleston, S.C: CCI Publishing.
Chauhan, S. & Panda, N. (2015). Hacking web intelligence: open source intelligence and web reconnaissance concepts and techniques. Waltham, MA: Syngress, an imprint of Elsevier.
Layton, R. & Watters, P. (2016). Automating open source intelligence: algorithms for OSINT. Waltham, MA: Elsevier.
Place an order in 3 easy steps. Takes less than 5 mins.