Scribd
Upload
40 views16 pages

Using Pentestingtoolstoscanwebdomains

This document summarizes the results of a penetration test on the Winsoft.lk website. Several tools were used to scan the website and connected network, revealing high-level vulnerabilities like information disclosure of server names, IP addresses, and employee details. Nmap and Angry IP Scanner scans found open ports exposing the system. DNS enumeration tools also revealed server names and IP addresses. Mitigation recommendations include stronger authentication, encryption, port security, and access control. The penetration test demonstrated the site and connected systems were highly vulnerable to attacks due to exposed critical information and open ports.

Uploaded by

wedamew444
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
40 views16 pages

Using Pentestingtoolstoscanwebdomains

This document summarizes the results of a penetration test on the Winsoft.lk website. Several tools were used to scan the website and connected network, revealing high-level vulnerabilities like information disclosure of server names, IP addresses, and employee details. Nmap and Angry IP Scanner scans found open ports exposing the system. DNS enumeration tools also revealed server names and IP addresses. Mitigation recommendations include stronger authentication, encryption, port security, and access control. The penetration test demonstrated the site and connected systems were highly vulnerable to attacks due to exposed critical information and open ports.

Uploaded by

wedamew444
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 16

See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/360671248

Using Pentesting tools to scan web domains

Article · November 2021

CITATIONS READS
0 80

1 author:

Malintha Maddumage
Sri Lanka Institute of Information Technology
12 PUBLICATIONS 0 CITATIONS

SEE PROFILE

All content following this page was uploaded by Malintha Maddumage on 18 May 2022.

The user has requested enhancement of the downloaded file.


Sri Lanka Institute of Information Technology

Assignment 2

Applied Information Assurance - IE3022

Submitted by:

Student Registration Number Student Name


IT19065236 Maddumage M

Date of submission: 27 / 9 / 2021

1
Executive Summary
This penetration testing is done to find vulnerabilites and gather information of the organization.
There are many informaiton disclosure vulnerabilites found by pentesting from using different
pentesting tools. And all the vulnerabilites are in critical level.
High Level Medium Level Low level

Informaiton disclosure None None


Brtue-force

Tools used for the pentestin assessment


• Maltego
• Recon-ng
• theHarvester
• nmap
• Angry IP scanner
• Solar winds Topology
• Dns Enumeration
• Nslookup
• Dig

2
Scenario 01: Web Reconnaissance scan on Winsoft.lk
Tools: Maltego, Recog-ng, theHarvester

Maltego

3
Rcon-ng

Installing modules Creating a workspace and inserting domains

Scanning the website using modules

4
theHarvester
Searching information in google.

5
• Vulnerability found – Information disclosure
• Vulnerability level - High
• All locations, mail servers, dns servers, employees’ names and porffesions and linkedin
acocunts and ip addresses could be found
• Impact – All the critical information are discolsed to the unathorized parties and they may
use them for attacks (ex: open ports)

6
Scenario 2: IP Address Scanning
Tools: nmap, Angry IP scanner

Nmap

7
8
Angry IP Scanner

• Vulnerability found – Information diclosure found, vulnerable ports found


• Vulnerability level – High
• Impact – open ports, Os versions ip addresses could found and it can be use to attack to the
system.

9
Scenario 3: Enumertion
Tools: Dns Enumeration, Nslookup, Dig

Dns Enumeration

10
Nslookup:

11
Dig Command

12
Vulnerability found – Brute force and Information diclosure found
Vulnerability level – High
Impact – servenames, ipv4 addresses, host names could be found attacker can use these
information to attack to the system

13
Mitigation Methods
Information diclosure
• Use Strong Autherization methods.
• Use strong encryption methods.
• Double check the codings in Q&A sessions.
• Improve the network security by using good firewalls and training the employees.
• Do port scanning oftenly and close the open ports to.
• Imporve the port security

Brute Force Attacks


• encrypt the usernames and passwords using hash cryptography
• Use sanitzation techniques
• Use strong passwords
• Imporve privacy policies.

14
Conclusion
• Large information found about the web domain and the vulnerable machine. Found
information disclosures that contains serve names, locations, host names, ip addresses,
employee personal details. Third parties can use these information to attack to the domain
and the vulnerable machine.

References
All labs and lecture in Applied Information Assurance Module.

15

View publication stats

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy