Introduction
Reconnaissance is a form of information gathering, and it is the first step in hacking. Excessive information can help hackers perform attacks on a target organization. Hence, in this exercise, we will analyze a website and identify the amount of information exposed by them online.
Instructions
Begin by gathering information about websites and identifying the vulnerabilities in the application. The steps below will guide you through the process. (If you would like to print out the instructions, you will find a PDF of the steps linked at the bottom of the page.)
Open the link Netcraft. https://www.netcraft.com/
Scroll down the page to the Whats that site running? text box, type the name of your Website and select on the arrow button. (Some suggested websites are: Scanme http://scanme.nmap.org/ and Hack Me. https://hack.me/)
Review the following information from the resulting window in Netcraft: (some high-level labels may vary). Ensure that you are familiar with each of the labels meaning.
Domain name
Age of the domain
IP Address
Technology (server-side; client-side, etc.)
Hosting Company
NameServer
Hosting Server
Based on the high-level technology labels, identify the vulnerabilities of the Website using the given link Search Vulnerability Database. Steps for using the National Vulnerability Database (NVD):
Open the link.
Type the keyword in the keyword textbox and click on the Search button (leave defaults). For example, if you type Javascript, it will identify all the vulnerabilities in Javascript.
Take a screenshot of your Netcraft results that will be included in your paper (details below).
Once you have gathered your information, write a 1-2 page paper that addresses the following:
What as the latest and most serious vulnerability in the technology as noted in the NVD?
How is this information useful in identifying threats to the system?
How can this information be used to protect the system?
Remember to include a screenshot of your Netcraft results.
