Ethical Hacking – Theory Assignment

Rachit Patekar | TY CSE-CSF | Roll No. 33 | PRN: 1032222764

Batch: Sr No. 21-40

Explore the following tools with any 3 commands

Dmitry, spiderfoot, ike-scan, nikto, any tool of your choice (choosing httrack).

1. Dmitry (Deepmagic Information Gathering Tool)

Purpose of Dmitry

Dmitry is a passive and active reconnaissance tool used in cybersecurity to collect publicly
available information about a domain, IP address, or host. It helps security professionals by:

 Extracting WHOIS information about a domain (e.g., owner details, registration date,
expiration).
 Discovering email addresses linked to the domain.
 Identifying subdomains, which can reveal less-secure entry points.
 Checking for open ports and potential security risks.
Commands and Explanations

1. Email Address Enumeration

dmitry -e www.mitwpu.edu.in

o This attempts to harvest publicly available email addresses associated with the
domain.
o If the domain does not expose emails, the scan may return no results.

2. Port Scanning

dmitry -p www.mitwpu.edu.in

o Checks for open ports on the target host.

o Open ports can indicate running services, which might have vulnerabilities.
3. WHOIS Lookup

dmitry -w www.mitwpu.edu.in

o Retrieves WHOIS records for the domain, including:

 Registrant details (owner of the domain).
 Nameservers (DNS servers controlling the domain).
 Registration and expiration dates.’
4. Subdomain Enumeration

dmitry -s www.mitwpu.edu.in

o Scans for subdomains that might host additional services.

o Example: A university might have subdomains like library.mitwpu.edu.in or
portal.mitwpu.edu.in.
2. SpiderFoot
Purpose of SpiderFoot

SpiderFoot is a fully automated OSINT tool that collects and analyzes information about a target
from hundreds of public sources. It can:

 Extract WHOIS data, subdomains, email addresses, and phone numbers.

 Identify breached credentials from leaked databases.
 Discover social media accounts linked to an organization.
 Detect IP addresses and hosting providers of a website.

Commands and Explanations

1. GUI Opening

spiderfoot -l 127.0.0.1:5001

o This runs the GUI window of SpiderFoot on the specified IP and port.
o It contains the history of all spiderfoot scans performed.
2. OSINT Data Collection

Command: spiderfoot -s example.com

 Runs a scan to collect OSINT data.

 Displays collected domain information, IPs, and leaked credentials (if any).
3. DNS Enumeration

Command: spiderfoot -m sfp_dnsresolve,sfp_dnsbrute -s example.com

 Runs DNS resolution and brute-force enumeration.

 Lists resolved IP addresses and subdomains.
4. SSL & Subdomain Discovery

Command: spiderfoot -m sfp_crt -s example.com

 Uses Certificate Transparency logs to find subdomains.

 Lists subdomains and SSL certificates linked to example.com.
3. IKE-Scan
Purpose of IKE-Scan

IKE-Scan is a tool for detecting IPsec VPN endpoints. It helps security professionals by:

 Identifying VPN services running on a network.

 Checking for weak authentication settings.
 Detecting pre-shared key vulnerabilities in VPNs.

Commands and Explanations

1. IKE Service Discovery

ike-scan example.com

 Scans the target for IKE-enabled VPN services.

 Returns IKE responses if the target is a VPN server.

2. VPN Vendor Identification

ike-scan -M example.com

 Performs a main mode scan to identify VPN vendor information.

 Displays VPN vendor details like Cisco, Fortinet, or Palo Alto.
3. Aggressive Mode Detection

ike-scan -A example.com

 Sends aggressive mode requests to detect pre-shared key authentication.

 Shows whether the target VPN is using aggressive mode authentication.

4. Port-Specific IKE Scan

ike-scan -P 500 example.com

 Scans for IKE services on UDP port 500 (default for IKE traffic).
 Identifies VPN endpoints using IKE over port 500.

Details of the scanned IP (for reference).

4. Nikto
Purpose of Nikto

Nikto is a web vulnerability scanner that identifies security flaws in web applications. It can
detect:

 Outdated web servers with known exploits.

 Misconfigurations that expose sensitive data.
 Common vulnerabilities like XSS and SQL injection.

Commands and Explanations

1. Basic Web Scan

nikto -h http://www.mitwpu.edu.in

o Identifies security weaknesses in the web server.

o Lists security flaws such as outdated software and dangerous files.
2. SSL Vulnerability Scan

nikto -ssl -h example.com

o Scans a website over HTTPS for vulnerabilities.

o Outputs SSL-related issues and vulnerabilities.
3. SQL Injection and XSS Testing

nikto -h http://www.mitwpu.edu.in -Tuning 4

o Targets SQL injection and cross-site scripting.

o Displays SQL injection, command injection, and other exploit results.
4. Full Web Security Scan

nikto -h http://www.mitwpu.edu.in -C all

o Runs an exhaustive security test.

o Checks for web server misconfigurations using all available tests.
o Reports security misconfigurations, directory listings, and weak SSL settings.
5. HTTrack
Purpose of HTTrack

HTTrack is a powerful website mirroring tool that allows users to download entire websites for
offline viewing and analysis. It preserves the structure, links, and media files of the website,
making it useful for:

 Offline browsing when internet access is unavailable.

 Website analysis to study design, structure, and security.
 Extracting specific file types, such as PDFs or images.
 Monitoring website changes by comparing old and new versions.
 Backing up websites before modifications.

HTTrack works by crawling a website and saving all linked pages, resources, and assets to a
local directory while maintaining the original structure.

Commands and Explanations

1. Mirror an Entire Website

httrack "http://www.mitwpu.edu.in" -O "/home/kali/Downloads/mitwpu_mirror"

 This command downloads the entire website (www.mitwpu.edu.in) and saves it in the
specified directory (/home/kali/Downloads/mitwpu_mirror).
 The tool will download HTML pages, images, JavaScript, CSS files, and other assets,
allowing offline browsing.
 The website structure will remain intact, meaning users can navigate pages just like they
would online.
2. Exclude Specific File Types

httrack "http://www.mitwpu.edu.in" "-*.jpg -*.png -*.gif" -O "/home/kali/Downloads/mitwpu_mirror"

 This downloads the website excluding images (jpg, png, gif).

 Useful when images aren’t necessary, reducing download size and saving bandwidth.
 The website will still function normally but without images.

3. Download Specific File Types

httrack "http://www.mitwpu.edu.in" -O "/home/kali/Downloads/mitwpu_mirror_files" "+.jpg"

"+.pdf" "+*.zip"

 Downloads all .jpg, .pdf and .zip files.

 Useful for extracting specific types of content from a website.

4. Limit Download Speed to Avoid Detection

httrack "http://www.mitwpu.edu.in" -O "/home/kali/Downloads/mitwpu_mirror" --max-rate=100000

 This restricts the download speed to 100 KB/s.

 Some websites detect and block aggressive crawlers if they download too fast.
 By setting a lower bandwidth limit, HTTrack operates more stealthily and avoids
detection.
The resulting files created of the mirrored website: