Question

1. Research the following five (5) tools below that could be using during a penetration test:
   1. Nmap
   2. Wireshark
   3. John the Ripper
   4. Maltego
   5. Recon-ng

For each tool, answer the following questions:

6. 1) What does the tool do?
7. 2) Why is the tool favored by attackers for badness?
8. 3) How can the tool be used by a Defender for good?
9. 4) What risk does the tool present if used incorrectly on the organization?

Answer 1

N-map

1.Nmap tool also called as Network Mapper, used for vulnerability scanning and network discovery. Generally,Network administrators use N-map finding open ports and detecting security risks

2.N-map is a reconnaissance tool.It is used used to gather information about a site before launching a attack.if the attacker gather this information,the total network is compromised so that it leads to a attack.

3.when we do N-map scan,it provides information on the systems and services that are running on open ports.Through open ports ,the attacker attacks easily. when we find out that open ports,its mandatory to close the open port for better security

4.When Nmap is used improperly, sometimes it get sued, fired, expelled, jailed, or banned by ISP.

Wireshark

1.Wireshark is a network analysis tool.It captures packets from the system and display them in human-readable format.It is also used to inspect the network traffic and analyze the traffic flow.

2.Generally attackers used wireshark to capture and examine data that is flowing across your network. If any data not encrypted is readable,attackers stole that unencrypted data ,even passwords and other sensitive data,so that information is stealed

3.Wireshark is used to check the network traffic in our systems anf if any seems to be vulnerable,recognising that vulnerability and taking necessary action.

4.Whenever scanning is done, we have to close the wireshark.otherwise if someone entered the network and starts managing your system,data is stealed using your system's wireshark by the atacker on your system.

John the Ripper

1.John the Ripper is a password cracking tool.It is used for password testing and breaking programs. It combines a number of password crackers into one package to autodetects password hash types.

2.Key for storing the data is use password and the password must be in encrypted form.Blackhat hackers use this tool for their wrong usage

3.John the Ripper autodetects the encryption on the hashed data and compares with large plain-text file that contains passwords.It performs  hashing on each password, and then stopping it when it finds a match.

4.Legally one have to use the password cracking.If it is found threat by cyber security team.he is prisoned to jail.

Maltego

1.Maltego tool is used for open-source intelligence and forensics.

2.Generally it is used ,information gathering on people.the attackers gather information like email id's, their public information, files publicly uploaded like photos etc., that can be used for performing brute force etc.

3.online investigations for finding relationships between pieces of information from various sources located on the Internet.

4.One cant use it for unlawful or illegally ( collecting email addresses for sending spam).

Recon-ng

1.Recon-ng tool is used for information gathering with its independent modules other modules which can help in gathering the information of the target.

2.Recong-ng is a similar interface like metasploit.First thing is both the white hat expert and the bad guys will do an information-gathering process.This will lead to either a good-stronger defense or falling victim to different kinds of cyber attacks launched against your organization.

3.Recong-ng is a reconnaissance tool .It has an interface similar to Metasploit. If you run recon-ng from the command line, you directly enter into a shell like environment where you can configure options, perform recon and output results to different report types.

4.If used this tool illegally,severe actions are taken by the government.