CEH Practical Guide
  • Certified Ethical Hacker (CEH v12 and CEH V13) Practical Guide: Complete Study Resources & Tips
  • Module 2. Footprinting and Reconnaissance
    • 1. Footprinting through Search Engines
    • 2. Perform Footprinting Through Internet Research Services
    • 3. Footprinting through Social Networking sites
    • 4. Website Footprinting
    • 5. WHOIS Footprinting
    • 6. DNS Footprinting
    • 7. Network footprinting
    • 8. Email Footprinting
    • 9. Footprinting using footprinting tools
    • 10. Perform Footprinting using AI
  • Module 3. Scanning Networks
    • 1. Host Discovery
    • 2. Port and Service Discovery
    • 3. Perform OS Discovery
    • 4. Scan beyond Firewalls and IDS
    • 5. Network scanning using various tools
    • 6. Perform Network Scanning using AI
  • Module 4. Enumeration
    • 1. Netbios Enumeration (Port 137)
    • 2. SNMP Enumeration (Port 161,162)
    • 3. LDAP Enumeration (Port 389)
    • 4. NFS Enumeration
    • 5. DNS Enumeration
    • 6. SMTP Enumeration
    • 7. RPC, SMB and FTP Enumeration
    • 8. Enumeration using various tools
    • 9. Perform Enumeration using AI
  • Module 5. Vulnerability Assessment
    • 1. Perform Vulnerability Research with Vulnerability Scoring Systems and Databases
    • 2. Perform Vulnerability Assessment using Various Vulnerability Assessment Tools
    • 3. Perform Vulnerability Analysis using AI
  • Module 6. System Hacking
    • 1. Gain access to the system
    • 2. Privilege Escalation
    • 3. Maintain Remote Access and Hide Malicious Activities
    • 4. Clear Logs to hide the Evidence of Compromise
    • 5. Active Directory (AD) Attacks
  • Module 7. Malware Threats
    • 1. Gain access to systems with Trojans
    • 2. Infect the system using Virus
    • 3. Perform Static Malware Analysis
    • 4. Perform Dynamic Malware Analysis
  • Module 8. Sniffing
    • 1. Perform Active Sniffing
    • 2. Perform Network Sniffing using Various Sniffing Tools
    • 3. Detect Network Sniffing
  • Module 9. Social Engineering
    • 1. Perform Social Engineering using tools
    • 2. Detect a Phishing attack
    • 3. Audit Organization security for phishing attacks
    • 4. Social Engineering using AI
  • Module 10. Denial of Service
    • 1. Perform DOS and DDOS with various techniques
    • 2. Detect and Protect DOS and DDOS attacks
  • Module 11. Session Hijacking
    • 1. Perform Session Hijacking
    • 2. Detect Session Hijacking
  • Module 12. Evading IDS, antivirus and Honeypots
    • 1. Intrusion Detection using various tools
    • 2. Evade Firewall using Evasion Techniques
  • Module 13. Hacking Web Servers
    • 1. Footprint the Webserver
    • 2. Perform Webserver attacks
    • 3. Perform a Web Server Hacking using AI
  • Module 14. Hacking Web Applications
    • 1. Footprint the Web Infrastructure
    • 2. Perform Web applications Attacks
    • 3. Detect Web Vulnerabilities using using web application security tools
    • 4. Perform Web Application Hacking using AI
  • Module 15. SQL Injection
    • 1. Perform SQL Injection attacks
    • 2. Detect SQL Vulnerabilities using different tool
    • 3. Perform SQL Injection using AI
  • Module 16. Hacking Wireless Networks
    • 1. Footprint a wireless Network
    • 2. Perform Wireless Traffic Analysis
    • 3. Perform Wireless Attacks
  • Module 17. Hacking Mobile Platforms
    • 1. Hack Android Devices
    • 2. Secure Android Device
  • Module 18. IoT and OT Hacking
    • 1. Footprinting IoT and OT devices
    • 2. Capture and Analyze IoT traffic
    • 3. Perform IoT Attacks
  • Module 19. Cloud Computing
    • 1. Perform Reconnaissance on Azure
    • 2. S3 Bucket Enumeration
    • 3. Exploit S3 buckets
    • 4. Perform Privilege Escalation to Gain Higher Privileges
    • 5. Perform Vulnerability Assessment on Docker Images
  • Module 20. Cryptography
    • 1. Encrypt the Information using Various Cryptography Tools
    • 2. Create a self signed Certificate
    • 3. Perform Disk Encryption
    • 4. Cryptanalysis Using different tools
    • 5. Perform Cryptography using AI
  • Tips for exams
  • Additional Resources
Powered by GitBook
On this page
  • 1. Gather information with Ping
  • Finding maximum fragment size supported
  • Finding hops with TTL
  • Other tools
  • 2. Website footprinting with Photon
  • 3.Gather information about target with central ops
  • 4. Getting Information with web data extractors
  • 5. Website Mirroring with HTTrack
  • 6. Website recon with Grecon
  • 7. Making wordlist with CEWL from website

Was this helpful?

  1. Module 2. Footprinting and Reconnaissance

4. Website Footprinting

Previous3. Footprinting through Social Networking sitesNext5. WHOIS Footprinting

Last updated 6 months ago

Was this helpful?

1. Gather information with Ping

ping certifiedhacker.com 

Returns the IP address, TTL and round trip time.

Finding maximum fragment size supported

ping 162.241.216.11 -f -l 1500

-f do not fragment

-l specifies the size

If you get an error like this it means the packet size is not supported.

Now try different sizes till the time we get hit and so we are able to find the maximum frame size supported on the machine.

Finding hops with TTL

Maximum hops supported are 255. -i flag sets TTL and -n flag tells the no of packets to be sent. Try different values of -i to get the number of hops.

ping 162.241.216.11 -i 14 -n 1

Other tools

Use tracert (windows) to find the number of hops

tracert 162.241.216.11

2. Website footprinting with Photon

Incredibly fast crawler designed for OSINT.

Photon can extract the following data while crawling:

  • URLs (in-scope & out-of-scope)

  • URLs with parameters (example.com/gallery.php?id=2)

  • Intel (emails, social media accounts, amazon buckets etc.)

  • Files (pdf, png, xml etc.)

  • Secret keys (auth/API keys & hashes)

  • JavaScript files & Endpoints present in them

  • Strings matching custom regex pattern

  • Subdomains & DNS related data

python3 photon -u https://certifiedhacker.com

results are saved in directory in the photon folder

Extensive scan

python3 photon -u https://certifiedhacker.com -l 3 -t 200 --wayback
  • -u url

  • -l scan levels

  • -t No of threads

  • --wayback searches archive.org

3.Gather information about target with central ops

Other tools

4. Getting Information with web data extractors

Windows tool. Need to install

Other tools

5. Website Mirroring with HTTrack

Windows tool need to install

Other tools

6. Website recon with Grecon

use google search for reconnaisance

7. Making wordlist with CEWL from website

cewl -w wordlist -d 2 -m 5 www.certifiedhacker.com
  • -d depth

  • -m mimimum word length

  • -w wordlist file

Crawling can be resource intensive but Photon has some tricks up it's sleeves. You can fetch URLs archived by to be used as seeds by using --wayback option.

archive.org
https://www.httrack.com/
Web Data Extractor 8.3 - Extract URL, Meta Tag, Email, Phone, Fax from Web
spiderfoot | Kali Linux ToolsKali Linux
ParseHub | Free web scraping - The most powerful web scraper
GitHub - s0md3v/Photon: Incredibly fast crawler designed for OSINT.GitHub
Free online network tools - traceroute, nslookup, dig, whois lookup, ping - IPv6
Website Informer
GitHub - TebbaaX/GRecon: Another version of katana, more automated but less stable. the purpose of this small tool is to run a Google based passive recon against your scope.GitHub
Cyotek WebCopy - Copy websites locally for offline browsing • Cyotek
GitHub - smicallef/spiderfoot: SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.GitHub
Certified Ethical Hacker (CEHv12) Practical hands on LabsUdemy
Logo
Logo
Logo
Logo
Logo
Logo
Logo
Logo
Logo