EX.

NO: 1 INSTALL KALI LINUX ON VIRTUAL BOX

DATE:

Aim:
To Install Kali Linux on Virtual Box .
Procedure:
Step 1 : Open the Virtual box website . Go to https:// www.virtualbox.org/ in your
computer’s Internet browser . This is the website from which you’ll download the
Virtual Box Setup file

Step 2 : Open web Browser and Go to Kali.org .

Step 3 : Click on the Download and Select the Kali for Virtual Box and Download .
Step 4 : From the Download Location and Extract the .zip file.
 Step 5 : Click on the Extracted file and Double Click on the file.

Step 6 : Click the Start Button to Start The Virtual Machine And Enter User name: Kali and
Password : Kali.
Result :
Thus to Install Kali Linux on Virtual Box was Successfully Installed.
 2. Explore Kali Linux and bash scripting

Aim

Explore Kali Linux and bash scripting

Bash Scripting
The GNU Bourne-Again Shell (Bash) is a powerful tool and scripting engine. We can do
automate many tasks on command-line.
Introduction to Bash Scripting
A Bash script is a plain-text file that contains a series of commands that are
executed as if they had been typed on terminal window.
In general, Bash scripts have an optional extension of .sh for identification
(but it can be run without extension name), begin wit #!/bin/bash and must
have executable permission set before the script can be executed. Let's write
a simple "Hello World" Bash script on a new file using any text editor,
named it hello-world.sh and write the following contains inside it:
#!/bin/bash
# Hello World on Bash Script.
echo "Hello World!"

Now we need to make this script executable by running following command:

chmod +x hello-world.sh
In the following screenshot we can see the output of the above command:

bash hello-world.sh
We can see that our script shows output of "Hello World!" on our terminal as we
can see in the following screenshot:

The chmod command, with +x flag is used to make the bash script executable and
bash along with scriptname.sh we can run it.
 Reading User Input
Command-line arguments are a form of user input, but we can also capture interactive user input
during a script is running with the read command.
We are going to use read to capture user input and assign it to a variable, as we did in the
following screenshot:

2. Explore Kali Linux and bash scripting

A Script to Greet and Display Current Date
Aim:
To write a Bash script that greets the user, asks for their name, and displays the current date
and time.
Algorithm:
1. Start
Begin the script with a shebang (#!/bin/bash) to specify the Bash shell.
2. Print a Greeting Message
Use the echo command to display a welcome message to the user.
3. Capture User Input
 o Use the read command to ask the user for their name.
o Store the input in a variable (e.g., name).
4. Personalized Greeting
Use the captured name to display a personalized greeting.
5. Get Current Date and Time
o Use the date command to fetch the current date and time.
o Display it using the echo command.
6. End the Script
Print a farewell message.

#!/bin/bash

# Greet the user

echo "Hello! Welcome to the Bash script."

# Ask for the user's name

read -p "What is your name? " name

# Display a personalized greeting

echo "Nice to meet you, $name!"

# Display the current date and time

echo "The current date and time is: $(date)"

# Display the system's uptime

echo "System uptime: $(uptime -p)"

# End the script

echo "Have a great day, $name!"
Save and Run:
1. Save the script to a file, e.g., greet.sh.
2. Make it executable:
chmod +x greet.sh
3. Run the script:
./greet.sh

Result
This script covers basic concepts like printing messages, capturing user input, and executing
commands.
 2.(i)Explore Kali Linux and write a script to compare two numbers
Aim:
To write a Bash script in Kali Linux that accepts two numbers from the user, compares them,
and displays whether the first number is greater than, less than, or equal to the second
number.

Algorithm:
1. Start
Begin the script with a shebang (#!/bin/bash) to specify the Bash shell.
2. Input Numbers
o Use the read command to prompt the user for the first number.
o Store the input in a variable (e.g., num1).
o Repeat the same process for the second number and store it in another variable
(e.g., num2).
3. Compare Numbers
Use if, elif, and else conditional statements:
o Check if num1 is equal to num2 using [ "$num1" -eq "$num2" ].
o Check if num1 is greater than num2 using [ "$num1" -gt "$num2" ].
o If neither condition is true, conclude that num1 is less than num2.
4. Display Results
Use the echo command to display the appropriate message based on the comparison.
5. End
Exit the script after displaying the result.
Program
#!/bin/bash
# Prompt the user to enter the first number
read -p "Enter the first number: " num1

# Prompt the user to enter the second number

read -p "Enter the second number: " num2

# Compare the numbers

if [ "$num1" -eq "$num2" ]; then
echo "The numbers are equal."
elif [ "$num1" -gt "$num2" ]; then
echo "The first number ($num1) is greater than the second number ($num2)."
else
echo "The first number ($num1) is less than the second number ($num2)."
fi
Save and Run:

1. Save the script to a file, e.g., compare_numbers.sh.

2. Make it executable:
chmod +x compare_numbers.sh
3. Run the script:
 ./compare_numbers.sh
Sample Output:
1. If num1 = 10 and num2 = 20:
Enter the first number: 10
Enter the second number: 20
The first number (10) is less than the second number (20).

2. If num1 = 15 and num2 = 15:

Enter the first number: 15

Enter the second number: 15
The numbers are equal.
Result
This script demonstrates how to use conditional statements in Bash to compare two integers.
 ExNo:3 Perform open source intelligence gathering using Netcraft, Whois
Lookups, DNS Reconnaissance, Harvester and Maltego
Aim:
To Perform open source intelligence gathering using Netscraft, whois lookups, DNS
Reconnaissance, Harvester and Maltego.
Procedure:
1. Netcraft
Purpose: Gather information about a website’s hosting, subdomains, and technologies.
Steps:
1. Go to Netcraft Site Report:
o Open your browser and visit Netcraft Site Report.
2. Search for the Target Domain:
o In the search bar, type the target domain name (e.g., example.com) and press
Enter.
3. Analyze the Results:
o Look for:
 Hosting Provider: Shows who hosts the website.
 Server Technologies: Displays server-side technologies (e.g., Apache,
Nginx).
 IP Address: Current IP of the domain.
 Subdomains: Possible subdomains detected by Netcraft.
4.Export Data:
 Manually copy the information or take screenshots for documentation.
Output for www.google.com
1. Hosting Provider: Google LLC
o Shows which company is hosting the website.
2. Server Software: gws (Google Web Server)
o Indicates the software used to manage the website.
3. SSL/TLS Certificate: Issued by Google Trust Services LLC
o Confirms the site is using secure HTTPS communication and the authority
providing the SSL certificate.
4. Domain Name Information:
o Registrar: MarkMonitor Inc.
o Date Registered: [specific date]
5. Popularity:
o Global Rank: Top 10 websites globally.
6. Technologies Used:
o Shows technologies like JavaScript libraries, frameworks, or CMS.

Screenshots
2. WHOIS Lookups
Purpose: Gather domain registration details.
Steps :

1. Visit a WHOIS Lookup Service:

o Go to Whois Lookup or similar sites.
2. Search for the Domain:
o Enter the target domain name (e.g., example.com) and press Enter.

3. Review the Information:

o Check:
 Registrant Information (if available).
 Registrar: The company managing the domain.
 Nameservers: DNS servers used by the domain.
 Important Dates: Creation, expiration, and update dates.
4. Save Results:
o Download or screenshot the results for your records.

4. DNS Reconnaissance
 Nslookup

nslookup is a command-line tool used for querying the Domain Name System (DNS) to
obtain information about a domain name or an IP address. It’s commonly used to troubleshoot
DNS-related issues or find details about specific domains.

How nslookup Works

 When you type a domain name (e.g., example.com) in the nslookup tool, it sends a query
to a DNS server.
 The DNS server responds with the IP address or other related information about the
domain.

Steps to Use nslookup:

1. Open the Command Prompt or Terminal
 On Windows: Search for "Command Prompt."
 On macOS/Linux: Open the Terminal.

2. Type the nslookup Command

Use the syntax:
nslookup [domain-name]

For example:

nslookup www.google.com

3. Analyze the Output

The tool will display details about the domain, including:

 The DNS server used for the query.

 The IP address(es) associated with the domain.

Basic Query:
Command:
Copy code
nslookup google.com
Output:
Server: dns.google
Address: 8.8.8.8
Non-authoritative answer:
Name: google.com
Address: 142.250.190.78
Output
The Harvester
Open source intelligence (OSINT) gathering is the process of collecting information from publicly
available sources to analyze and generate intelligence. Tools like Harvester and Maltego are commonly
used for OSINT.
For Windows>>
The Harvester
The Harvester is a tool designed to gather emails, subdomains, IPs, and URLs using various public data
sources such as search engines and PGP key servers.
Installation
To install The Harvester, follow these steps:
Commands:
# Clone the repository
git clone https://github.com/laramies/theHarvester.git

# Navigate to the directory

cd theHarvester

>venv\Scripts\activate

# Install the dependencies

pip install -r requirements.txt
Usage
To use The Harvester, you can run a command like the following:
Command:
# Basic usage
Python theHarvester.py -d example.com -l 500 -b google

# Parameters:
# -d: Domain to search
# -l: Limit the number of results to work with
# -b: Data source (e.g., google, bing, linkedin, etc.)
Maltego
Maltego is a powerful tool for link analysis and data mining, which is commonly used for OSINT. It
provides a graphical representation of the relationships between pieces of information.
Installation
You can download Maltego from the official website. Choose the appropriate version for your operating
system and follow the installation instructions.

After Installation
Usage
Once installed, you can use Maltego to perform various OSINT tasks. Here is a basic workflow:
1. Create a New Graph: Open Maltego and create a new graph.
2. Add Entities: Add entities such as domains, email addresses, or IP addresses.
 3. Run Transforms: Use transforms to gather information about the entities. Transforms can be run
by right-clicking on an entity and selecting the desired transform.
4. Analyze the Graph: Analyze the relationships and connections between entities based on the
gathered data.
Example: Using The Harvester and Maltego Together
1. Gather Data with The Harvester: First, use The Harvester to collect initial data about a domain.
Command:
python3 theHarvester.py -d example.com -l 500 -b google -f example_com_report
This command will generate a report (example_com_report.html) with the gathered data.
1. Import Data into Maltego: Open Maltego and import the data from the report generated by The
Harvester.
 Create a new graph in Maltego.
 Use the import function to load the data from the HTML or CSV report.
 Run additional transforms on the imported entities to gather more information.
By combining The Harvester and Maltego, you can efficiently gather and analyze OSINT data from
various sources, providing a comprehensive view of the target information.
YouTube reference:
https://youtu.be/KzP1Aml3uoA?si=iPsuvxIK2KvEVyEG

For Linux>>

The Harvester
Installation on Linux
1. Install Dependencies:
Ensure you have Python and pip installed on your system. You can install them using the
following commands:
Command:
sudo apt update
sudo apt install python3 python3-pip
2. Clone The Harvester Repository:
Clone the repository from GitHub and navigate to the directory:
Command:
git clone https://github.com/laramies/theHarvester.git
cd theHarvester
3. Install Required Python Packages:
Install the required packages using pip:
Command:
pip3 install -r requirements.txt
Usage
To use The Harvester, you can run a command like the following:
Command:
# Basic usage
python3 theHarvester.py -d example.com -l 500 -b google

# Parameters:
# -d: Domain to search
# -l: Limit the number of results to work with
# -b: Data source (e.g., google, bing, linkedin, etc.)

Maltego
Maltego is a powerful tool for link analysis and data mining, which is commonly used for OSINT. It
provides a graphical representation of the relationships between pieces of information.
Installation
You can download Maltego from the official website.( https://www.maltego.com/downloads/) Choose the
appropriate version for your operating system and follow the installation instructions.
Usage
Once installed, you can use Maltego to perform various OSINT tasks. Here is a basic workflow:
5. Create a New Graph: Open Maltego and create a new graph.
6. Add Entities: Add entities such as domains, email addresses, or IP addresses.
7. Run Transforms: Use transforms to gather information about the entities. Transforms can be run
by right-clicking on an entity and selecting the desired transform.
8. Analyze the Graph: Analyze the relationships and connections between entities based on the
gathered data.
Example: Using The Harvester and Maltego Together
2. Gather Data with The Harvester: First, use The Harvester to collect initial data about a domain.
Command:
python3 theHarvester.py -d example.com -l 500 -b google -f example_com_report
This command will generate a report (example_com_report.html) with the gathered data.
2. Import Data into Maltego: Open Maltego and import the data from the report generated by The
Harvester.
 Create a new graph in Maltego.
 Use the import function to load the data from the HTML or CSV report.
 Run additional transforms on the imported entities to gather more information.
By combining The Harvester and Maltego, you can efficiently gather and analyze OSINT data from
various sources, providing a comprehensive view of the target information.
YouTube reference:
https://youtu.be/KzP1Aml3uoA?si=iPsuvxIK2KvEVyEG

Installation on Linux
1. Download Maltego:
Go to the Maltego download page and download the appropriate version for Linux.
2. Install Maltego:
After downloading, you can install Maltego using the following commands:
Command:
# Navigate to the directory where the Maltego .deb file is located
cd /path/to/downloads

# Install the .deb package using dpkg

sudo dpkg -i maltego*.deb

# Resolve any dependencies

sudo apt-get install -f
Usage
1. Create a New Graph:
Open Maltego from your applications menu and create a new graph.
2. Add Entities:
Add entities such as domains, email addresses, or IP addresses by dragging them onto the graph.
3. Run Transforms:
Use transforms to gather information about the entities. Transforms can be run by right-clicking
on an entity and selecting the desired transform.
4. Analyze the Graph:
Analyze the relationships and connections between entities based on the gathered data.
Example: Using The Harvester and Maltego Together
1. Gather Data with The Harvester:
First, use The Harvester to collect initial data about a domain.
Command:
python3 theHarvester.py -d example.com -l 500 -b google -f example_com_report
This command will generate a report (example_com_report.html) with the gathered data.
2. Import Data into Maltego:
Open Maltego and import the data from the report generated by The Harvester.
o Create a new graph in Maltego.
o Use the import function to load the data from the HTML or CSV report.
o Run additional transforms on the imported entities to gather more information.
By combining The Harvester and Maltego, you can efficiently gather and analyze OSINT data from
various sources, providing a comprehensive view of the target information.