NEXUS EDUCATION SERVICES

📍 Suite 1611 16th Floor AIC Burgundy Empire Tower ADB Ave corner Garnet Road Ortigas Center Pasig
☎ Smart: 09998165357 ☎ PLDT: 788-1419 📧 [email protected] 🌐 www.nexusph.net

This is an intellectual property of Nexus Education services. Reproduction and distribution without consent will be sued to the court of Law.
The law: Republic Act No. 8293 [An Act Prescribing the Intellectual Property Code and Establishing the Intellectual Property Office, Providing for Its Powers and Functions, and for Other
Purposes] otherwise known as the Intellectual Property Code of the Philippines

Information Gathering (Reconnaissance)

Ethical Hacking - Reconnaissance. Advertisements. Information Gathering and getting to know the target systems
is the first process in ethical hacking. Reconnaissance is a set of processes and techniques (Footprinting, Scanning
& Enumeration) used to covertly discover and collect information about a target system.

Introduction to Reconnaissance:

Reconnaissance is key to any successful hack. On average, approximately three-fourths of any hack should be
spent performing accurate and precise recon. Reconnaissance is the act of gaining information about our target.
Such as open ports, operating system, what services those ports are running, and any vulnerable applications they
have installed. All of this information will be absolutely vital to choosing an attack. How are we supposed to hack if
we don’t know what we’re getting into?

There are two base types of recon, active and passive. Both have their pros and cons, so let’s cover these types of
recon briefly:

Active Recon:
This type of recon requires that we interact with the target. This recon is faster and more accurate, but it also
makes much more noise. Since we have to interact with the target to gain information, there’s an increased
chance that we’ll get caught by a firewall or one of the network security devices. (Intrusion Detection Systems,
network firewalls, etc.)

Passive Recon:
This type of recon doesn’t require any interaction with the target, so it is far less likely to be detected. The trade
off is that the information gained is not as accurate and it’s much slower than it’s active counterpart. Passive recon
is the act of watching the target. Instead of interacting with them, we can watch their traffic and gain information
without so much as pinging them.
Now that we’ve covered the two base types of recon, let’s go over some of the recon terms that we’ll hear
commonly:

Discovery:
This is the act of discovering possible victims. Discovery is essential to reconnaissance as it tells us who our
potential victims are.

Port Scanning:
As the name implies, this is the act of scanning a range of ports on a victim. A port is used to make connections and
manage communications for net-workable services or applications. Any open port is a possible avenue of attack.
There are multiple kinds of port scans, but those go beyond the scope of this introductory article.

OS Fingerprinting:
OS fingerprinting is the act of attempting to determine a victims operating system. Knowing the victims OS is
crucial to choosing an attack that will work. Attempting a Windows based attack on a Linux victim doesn’t make
much sense.

Now that we know about these terms and methods. Allow me to introduce you to one of the most used and best
active recon tools, nmap. Nmap stands for network mapper.

1
NEXUS EDUCATION SERVICES
📍 Suite 1611 16th Floor AIC Burgundy Empire Tower ADB Ave corner Garnet Road Ortigas Center Pasig
☎ Smart: 09998165357 ☎ PLDT: 788-1419 📧 [email protected] 🌐 www.nexusph.net

This is an intellectual property of Nexus Education services. Reproduction and distribution without consent will be sued to the court of Law.
The law: Republic Act No. 8293 [An Act Prescribing the Intellectual Property Code and Establishing the Intellectual Property Office, Providing for Its Powers and Functions, and for Other
Purposes] otherwise known as the Intellectual Property Code of the Philippines

What is NMAP

Nmap (“Network Mapper”) is an open source tool for network exploration and security auditing. It was designed to
rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to
determine what hosts are available on the network, what services (application name and version) those hosts are
offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in
use, and dozens of other characteristics. While Nmap is commonly used for security audits, many systems and
network administrators find it useful for routine tasks such as network inventory, managing service upgrade
schedules, and monitoring host or service uptime.

The output from Nmap is a list of scanned targets, with supplemental information on each depending on the
options used. Key among that information is the “interesting ports table”. That table lists the port number and
protocol, service name, and state. The state is either open, filtered, closed, or unfiltered. Open means that an
application on the target machine is listening for connections/packets on that port. Filtered means that a firewall,
filter, or other network obstacle is blocking the port so that Nmap cannot tell whether it is open or closed. Closed
ports have no application listening on them, though they could open up at any time. Ports are classified as
unfiltered when they are responsive to Nmap's probes, but Nmap cannot determine whether they are open or
closed. Nmap reports the state combinations open|filtered and closed|filtered when it cannot determine which of
the two states describe a port. The port table may also include software version details when version detection has
been requested. When an IP protocol scan is requested (-sO), Nmap provides information on supported IP
protocols rather than listening ports.

In addition to the interesting ports table, Nmap can provide further information on targets, including reverse DNS
names, operating system guesses, device types, and MAC addresses.

TARGET SPECIFICATION:

Can pass hostnames, IP addresses, networks, etc.

Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
-iL <inputfilename>: Input from list of hosts/networks
-iR <num hosts>: Choose random targets
--exclude <host1[,host2][,host3],...>: Exclude hosts/networks
--excludefile <exclude_file>: Exclude list from file

HOST DISCOVERY:
-sL: List Scan - simply list targets to scan
-sn: Ping Scan - disable port scan
-Pn: Treat all hosts as online -- skip host discovery
-PS/PA/PU/PY[portlist]: TCP SYN/ACK, UDP or SCTP discovery to given ports
-PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes
-PO[protocol list]: IP Protocol Ping
-n/-R: Never do DNS resolution/Always resolve [default: sometimes]
--dns-servers <serv1[,serv2],...>: Specify custom DNS servers
--system-dns: Use OS's DNS resolver
--traceroute: Trace hop path to each host

SCAN TECHNIQUES:
-sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maximon scans
-sU: UDP Scan
-sN/sF/sX: TCP Null, FIN, and Xmas scans

2
NEXUS EDUCATION SERVICES
📍 Suite 1611 16th Floor AIC Burgundy Empire Tower ADB Ave corner Garnet Road Ortigas Center Pasig
☎ Smart: 09998165357 ☎ PLDT: 788-1419 📧 [email protected] 🌐 www.nexusph.net

This is an intellectual property of Nexus Education services. Reproduction and distribution without consent will be sued to the court of Law.
The law: Republic Act No. 8293 [An Act Prescribing the Intellectual Property Code and Establishing the Intellectual Property Office, Providing for Its Powers and Functions, and for Other
Purposes] otherwise known as the Intellectual Property Code of the Philippines

--scanflags <flags>: Customize TCP scan flags

-sI <zombie host[:probeport]>: Idle scan
-sY/sZ: SCTP INIT/COOKIE-ECHO scans
-sO: IP protocol scan
-b <FTP relay host>: FTP bounce scan

PORT SPECIFICATION AND SCAN ORDER:

-p <port ranges>: Only scan specified ports
Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080,S:9
--exclude-ports <port ranges>: Exclude the specified ports from scanning
-F: Fast mode - Scan fewer ports than the default scan
-r: Scan ports consecutively - don't randomize
--top-ports <number>: Scan <number> most common ports
--port-ratio <ratio>: Scan ports more common than <ratio>

SERVICE/VERSION DETECTION:
-sV: Probe open ports to determine service/version info
--version-intensity <level>: Set from 0 (light) to 9 (try all probes)
--version-light: Limit to most likely probes (intensity 2)
--version-all: Try every single probe (intensity 9)
--version-trace: Show detailed version scan activity (for debugging)

SCRIPT SCAN:
-sC: equivalent to --script=default
--script=<Lua scripts>: <Lua scripts> is a comma separated list of
directories, script-files or script-categories
--script-args=<n1=v1,[n2=v2,...]>: provide arguments to scripts
--script-args-file=filename: provide NSE script args in a file
--script-trace: Show all data sent and received
--script-updatedb: Update the script database.
--script-help=<Lua scripts>: Show help about scripts.
<Lua scripts> is a comma-separated list of script-files or
script-categories.

OS DETECTION:
-O: Enable OS detection
--osscan-limit: Limit OS detection to promising targets
--osscan-guess: Guess OS more aggressively

TIMING AND PERFORMANCE:

Options which take <time> are in seconds, or append 'ms' (milliseconds),
's' (seconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m).
-T<0-5>: Set timing template (higher is faster)
--min-hostgroup/max-hostgroup <size>: Parallel host scan group sizes
--min-parallelism/max-parallelism <numprobes>: Probe parallelization
--min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <time>: Specifies
probe round trip time.
--max-retries <tries>: Caps number of port scan probe retransmissions.
--host-timeout <time>: Give up on target after this long
--scan-delay/--max-scan-delay <time>: Adjust delay between probes

3
NEXUS EDUCATION SERVICES
📍 Suite 1611 16th Floor AIC Burgundy Empire Tower ADB Ave corner Garnet Road Ortigas Center Pasig
☎ Smart: 09998165357 ☎ PLDT: 788-1419 📧 [email protected] 🌐 www.nexusph.net

This is an intellectual property of Nexus Education services. Reproduction and distribution without consent will be sued to the court of Law.
The law: Republic Act No. 8293 [An Act Prescribing the Intellectual Property Code and Establishing the Intellectual Property Office, Providing for Its Powers and Functions, and for Other
Purposes] otherwise known as the Intellectual Property Code of the Philippines

--min-rate <number>: Send packets no slower than <number> per second

--max-rate <number>: Send packets no faster than <number> per second

FIREWALL/IDS EVASION AND SPOOFING:

-f; --mtu <val>: fragment packets (optionally w/given MTU)
-D <decoy1,decoy2[,ME],...>: Cloak a scan with decoys
-S <IP_Address>: Spoof source address
-e <iface>: Use specified interface
-g/--source-port <portnum>: Use given port number
--proxies <url1,[url2],...>: Relay connections through HTTP/SOCKS4 proxies
--data <hex string>: Append a custom payload to sent packets
--data-string <string>: Append a custom ASCII string to sent packets
--data-length <num>: Append random data to sent packets
--ip-options <options>: Send packets with specified ip options
--ttl <val>: Set IP time-to-live field
--spoof-mac <mac address/prefix/vendor name>: Spoof your MAC address
--badsum: Send packets with a bogus TCP/UDP/SCTP checksum

OUTPUT:
-oN/-oX/-oS/-oG <file>: Output scan in normal, XML, s|<rIpt kIddi3,
and Grepable format, respectively, to the given filename.
-oA <basename>: Output in the three major formats at once
-v: Increase verbosity level (use -vv or more for greater effect)
-d: Increase debugging level (use -dd or more for greater effect)
--reason: Display the reason a port is in a particular state
--open: Only show open (or possibly open) ports
--packet-trace: Show all packets sent and received
--iflist: Print host interfaces and routes (for debugging)
--append-output: Append to rather than clobber specified output files
--resume <filename>: Resume an aborted scan
--stylesheet <path/URL>: XSL stylesheet to transform XML output to HTML
--webxml: Reference stylesheet from Nmap.Org for more portable XML
--no-stylesheet: Prevent associating of XSL stylesheet w/XML output

MISC:
-6: Enable IPv6 scanning
-A: Enable OS detection, version detection, script scanning, and traceroute
--datadir <dirname>: Specify custom Nmap data file location
--send-eth/--send-ip: Send using raw ethernet frames or IP packets
--privileged: Assume that the user is fully privileged
--unprivileged: Assume the user lacks raw socket privileges
-V: Print version number
-h: Print this help summary page.

EXAMPLES:
nmap -v -A scanme.nmap.org
nmap -v -sn 192.168.0.0/16 10.0.0.0/8
nmap -v -iR 10000 -Pn -p 80

4
NEXUS EDUCATION SERVICES
📍 Suite 1611 16th Floor AIC Burgundy Empire Tower ADB Ave corner Garnet Road Ortigas Center Pasig
☎ Smart: 09998165357 ☎ PLDT: 788-1419 📧 [email protected] 🌐 www.nexusph.net

This is an intellectual property of Nexus Education services. Reproduction and distribution without consent will be sued to the court of Law.
The law: Republic Act No. 8293 [An Act Prescribing the Intellectual Property Code and Establishing the Intellectual Property Office, Providing for Its Powers and Functions, and for Other
Purposes] otherwise known as the Intellectual Property Code of the Philippines

What is Dmitry

DMitry (Deepmagic Information Gathering Tool) is a UNIX/(GNU)Linux Command Line Application coded in C.
DMitry has the ability to gather as much information as possible about a host. Base functionality is able to gather
possible subdomains, email addresses, uptime information, tcp port scan, whois lookups, and more.

The following is a list of the current features:

▪ An Open Source Project.

▪ Perform an Internet Number whois lookup.
▪ Retrieve possible uptime data, system and server data.
▪ Perform a SubDomain search on a target host.
▪ Perform an E-Mail address search on a target host.
▪ Perform a TCP Portscan on the host target.
▪ A Modular program allowing user specified modules
▪ Source: http://mor-pah.net/software/dmitry-deepmagic-information-gathering-tool/
▪ DMitry Homepage | Kali DMitry Repo

Author: James Greig

License: GPLv3
Tools included in the dmitry package
dmitry – Deepmagic Information Gathering Tool

How to use it
root@kali:~# dmitry -h
Deepmagic Information Gathering Tool
"There be some deep magic going on"

dmitry: invalid option -- 'h'

Usage: dmitry [-winsepfb] [-t 0-9] [-o %host.txt] host

-o Save output to %host.txt or to file specified by -o file

-i Perform a whois lookup on the IP address of a host
-w Perform a whois lookup on the domain name of a host
-n Retrieve Netcraft.com information on a host
-s Perform a search for possible subdomains
-e Perform a search for possible email addresses
-p Perform a TCP port scan on a host
* -f Perform a TCP port scan on a host showing output reporting filtered ports
* -b Read in the banner received from the scanned port
* -t 0-9 Set the TTL in seconds when scanning a TCP port ( Default 2 )
*Requires the -p flagged to be passed

5
NEXUS EDUCATION SERVICES
📍 Suite 1611 16th Floor AIC Burgundy Empire Tower ADB Ave corner Garnet Road Ortigas Center Pasig
☎ Smart: 09998165357 ☎ PLDT: 788-1419 📧 [email protected] 🌐 www.nexusph.net

This is an intellectual property of Nexus Education services. Reproduction and distribution without consent will be sued to the court of Law.
The law: Republic Act No. 8293 [An Act Prescribing the Intellectual Property Code and Establishing the Intellectual Property Office, Providing for Its Powers and Functions, and for Other
Purposes] otherwise known as the Intellectual Property Code of the Philippines

WHOIS KALI LINUX COMMAND

“whois command” in Kali Linux is an utility tool to list and find the detailed domain information in all the Linux-
based operating system. If this command is used properly, then it can even identifies Unknown and distant hosts,
and Net-admins.

Some of the attributes in domain details, are:

▪ Registrar
▪ Admin
▪ Tech
▪ Name Server
▪ Geographical Location
▪ IP history
▪
Getting Started with installation first

Inorder to install whois command in Mint, Ubuntu, Debian and Kali type the following command without quotes:

” sudo apt install whois “

Note: Latest versions of Kali Linux Comes pre-loaded with whois client.

And for installing whois command in Fedora,RHEL and CentOS type the following command without quotes:

” sudo yum install whois “

Syntax to use whois command in Kali Linux

whois < name of the website with extention/ ip address >

What is Recon-ng
Recon-ng is a full-featured Web Reconnaissance framework written in Python. Complete with independent
modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-
ng provides a powerful environment in which open source web-based reconnaissance can be conducted quickly
and thoroughly.

Recon-ng has a look and feel similar to the Metasploit Framework, reducing the learning curve for leveraging the
framework. However, it is quite different. Recon-ng is not intended to compete with existing frameworks, as it is
designed exclusively for web-based open source reconnaissance. If you want to exploit, use the Metasploit
Framework. If you want to Social Engineer, us the Social Engineer Toolkit. If you want to conduct reconnaissance,
use Recon-ng! See the Usage Guide for more information.

Recon-ng is a completely modular framework and makes it easy for even the newest of Python developers to
contribute. Each module is a subclass of the “module” class. The “module” class is a customized “cmd” interpreter
equipped with built-in functionality that provides simple interfaces to common tasks such as standardizing output,
interacting with the database, making web requests, and managing API keys. Therefore, all the hard work has been

6
NEXUS EDUCATION SERVICES
📍 Suite 1611 16th Floor AIC Burgundy Empire Tower ADB Ave corner Garnet Road Ortigas Center Pasig
☎ Smart: 09998165357 ☎ PLDT: 788-1419 📧 [email protected] 🌐 www.nexusph.net

This is an intellectual property of Nexus Education services. Reproduction and distribution without consent will be sued to the court of Law.
The law: Republic Act No. 8293 [An Act Prescribing the Intellectual Property Code and Establishing the Intellectual Property Office, Providing for Its Powers and Functions, and for Other
Purposes] otherwise known as the Intellectual Property Code of the Philippines

done. Building modules is simple and takes little more than a few minutes. See the Development Guide for more
information.

Source: https://bitbucket.org/LaNMaSteR53/recon-ng
Recon-ng Homepage | Kali Recon-ng Repo

Author: Tim Tomes

License: GPLv3

Tools included in the recon-ng package

Recon-ng – Web Reconnaissance framework written in Python

root@kali:~# recon-ng --help

usage: recon-ng [-h] [-v] [-w workspace] [-r filename] [--no-check]
[--no-analytics]

recon-ng - Tim Tomes (@LaNMaSteR53) tjt1980[at]gmail.com

optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
-w workspace load/create a workspace
-r filename load commands from a resource file
--no-check disable version check
--no-analytics disable analytics reporting

recon-ng Usage Example

Search for results on xssed.com (use recon/domains-vulnerabilities/xssed) for the target domain (set SOURCE
cisco.com):

root@kali:~# recon-ng

_/_/_/ _/_/_/_/ _/_/_/ _/_/_/ _/ _/ _/ _/ _/_/_/

_/ _/ _/ _/ _/ _/ _/_/ _/ _/_/ _/ _/
_/_/_/ _/_/_/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/ _/ _/ _/ _/_/_/
_/ _/ _/ _/ _/ _/ _/ _/_/ _/ _/_/ _/ _/
_/ _/ _/_/_/_/ _/_/_/ _/_/_/ _/ _/ _/ _/ _/_/_/

/\
/ \\ /\
Sponsored by... /\ /\/ \\V \/\
/ \\/ // \\\\\ \\ \/\
// // BLACK HILLS \/ \\
www.blackhillsinfosec.com

[recon-ng v4.9.4, Tim Tomes (@LaNMaSteR53)]

[76] Recon modules

[8] Reporting modules

7
NEXUS EDUCATION SERVICES
📍 Suite 1611 16th Floor AIC Burgundy Empire Tower ADB Ave corner Garnet Road Ortigas Center Pasig
☎ Smart: 09998165357 ☎ PLDT: 788-1419 📧 [email protected] 🌐 www.nexusph.net

This is an intellectual property of Nexus Education services. Reproduction and distribution without consent will be sued to the court of Law.
The law: Republic Act No. 8293 [An Act Prescribing the Intellectual Property Code and Establishing the Intellectual Property Office, Providing for Its Powers and Functions, and for Other
Purposes] otherwise known as the Intellectual Property Code of the Philippines

[2] Import modules

[2] Exploitation modules
[2] Discovery modules

[recon-ng][default] > use recon/domains-vulnerabilities/xssed

[recon-ng][default][xssed] > set SOURCE cisco.com
SOURCE => cisco.com
[recon-ng][default][xssed] > run

---------
CISCO.COM
---------
[*] Category: Redirect
[*] Example: http://www.cisco.com/survey/exit.html?http://xssed.com/
[*] Host: www.cisco.com
[*] Publish_Date: 2012-02-16 00:00:00
[*] Reference: http://xssed.com/mirror/76478/
[*] Status: unfixed
[*] --------------------------------------------------
[*] Category: XSS
[*] Example:
http://developer.cisco.com/web/webdialer/wikidocs?p_p_id=1_WAR_wikinavigationportlet_INSTANCE_veD7&p<
br>_p_lifecycle=0&p_p_state=normal&p_p_mode=view&p_p_col_id=column-
1&p_p_col_count=1&p_r_p_185834411_no<br>deId=803209&p_r_p_185834411_title=%22%3E%3Ch1%3ECross-
Site%20Scripting%20@matiaslonigro%3C/h1%3E%3Cs<br>cript%3Ealert%28/xss/%29%3C/script%3E
[*] Host: developer.cisco.com
[*] Publish_Date: 2012-02-13 00:00:00
[*] Reference: http://xssed.com/mirror/76294/
[*] Status: unfixed
...

As a responsible ethical hacker, security engineer or penetration tester you should be familiar with the tools to
perform the Information Gathering too

HANDS-ON LAB: Reconnaissance

Lab Objectives:

Lab Duration:
▪ Time: 45 minutes

Lab Environment
▪ You need internet connection

Lab Tasks
▪ To gather information about the victims environment

8
NEXUS EDUCATION SERVICES
📍 Suite 1611 16th Floor AIC Burgundy Empire Tower ADB Ave corner Garnet Road Ortigas Center Pasig
☎ Smart: 09998165357 ☎ PLDT: 788-1419 📧 [email protected] 🌐 www.nexusph.net

This is an intellectual property of Nexus Education services. Reproduction and distribution without consent will be sued to the court of Law.
The law: Republic Act No. 8293 [An Act Prescribing the Intellectual Property Code and Establishing the Intellectual Property Office, Providing for Its Powers and Functions, and for Other
Purposes] otherwise known as the Intellectual Property Code of the Philippines

Tools
▪ Nmap
▪ Dmitry
▪ Whois
▪ Reconng

Step-by-Steps Instructions

INFORMATION GATHERING #1 Nmap

Port scanning using nmap

Step 1. Open a new terminal in NEXUS-KALI then type nmap -T5 -PN -v -A -oA nmapResult 192.168.145.139

-T5 speed of nmap wil execute 1 slowest 5 fastest

-v verbose mode

-PN not to ping for identified active session

-n no DNS resolution

-sS Syn packet type

--top-ports 100

--max limits outstanding row

-oA outputs the result to nmap

Step 2. Review the output or open the file nmapResult

INFORMATION GATHERING #2 Dimitry

Step 1. Open a new terminal and type dmitry -winsepfbo nexusph.net

INFORMATION GATHERING #3 Whois

Step 1. Open a new terminal and type whois www.nexusph.net

INFORMATION GATHERING #4 the harvester

Step 1. Open a new terminal and type theharvester -d nexusph.net

To check all the options type theharvester options

9
NEXUS EDUCATION SERVICES
📍 Suite 1611 16th Floor AIC Burgundy Empire Tower ADB Ave corner Garnet Road Ortigas Center Pasig
☎ Smart: 09998165357 ☎ PLDT: 788-1419 📧 [email protected] 🌐 www.nexusph.net

This is an intellectual property of Nexus Education services. Reproduction and distribution without consent will be sued to the court of Law.
The law: Republic Act No. 8293 [An Act Prescribing the Intellectual Property Code and Establishing the Intellectual Property Office, Providing for Its Powers and Functions, and for Other
Purposes] otherwise known as the Intellectual Property Code of the Philippines

INFORMATION GATHERING #5 Recon-ng

Step 1. Open a new terminal and type recon-ng

Step 2. To load the database type, load infodb

Step 3. To go back, type back

Step 4. You must create a workspace so type, workspaces add mysite

Step 5. Run the brute hosts

load bing domain_web

run
load brute_hosts
run

Step 6. display all the available hosts by typing query select * from hosts

Step 7. To resolve the hostname, type load hosts-hosts/resolve then type run

Step 8. now lets check if the table has been populated with the ip address, type show hosts

Step 9. Lets do a reverse resolve to display the info by typing load hosts-hosts/reverse_resolve then run

Step 10. Fill the geographic locations, type load ipinfodb then type run

Step 11. The let’s examine the content of our table by typing show hosts

Result of Information Gathering: by now you should know how gather information and the tools needed to
display the information you want to sue for penetration testing

Question: As a Nexus Ethical Hacker enumerate all the tools that you used and explain the advantage and
disadvantage of each tool

10