A penetration tester has been hired to perform a physical penetration test to gain access to a secure room within a client's building. Exterior reconnaissance identifies two entrances, a WiFi guest network, and multiple security cameras connected to the Internet.
Which of the following tools or techniques would BEST support additional reconnaissance?
To support additional reconnaissance for an environment with security cameras connected to the Internet, Shodan is the best tool. Shodan is a search engine specialized in identifying internet-connected devices, such as cameras, routers, and other IoT devices. By using Shodan, the penetration tester can gather information about the security cameras, such as their make, model, and any known vulnerabilities that might be exploited to gain access, thus facilitating the penetration test.
B. Shodan Shodan is a search engine for Internet-connected devices. It allows a user to search for specific types of devices or services, such as cameras, servers, or routers, connected to the Internet. This tool can be useful in identifying additional information about the client's building, such as the make and model of the security cameras, or any other devices connected to the Internet. It can provide additional information that would be useful in identifying potential vulnerabilities that can be exploited during the physical penetration test. Wardriving is a technique to detect wireless access points, Aircrack-ng is a tool that allows you to crack wifi password, Recon-ng is a reconnaissance tool that can be used to gather information about a target, but it is more useful for web-based reconnaissance.
"Recon-ng is not intended to compete with existing frameworks, as it is designed exclusively for web-based open source reconnaissance. " - from the Recon-ng site.
Don't dispute your answer but this is another stupid question. The end result seek is physical penetration into the server room, the tested has already located several camera - using Shodan is like pointless as these cameras been found and finding servers etc is irrelevant as they don't help to physically penetrate the room.
Check the book
Shodan is a search engine that allows users to find information about Internet-connected systems, such as routers, servers, and webcams. With Shodan, the penetration tester can quickly locate vulnerable systems connected to the WiFi guest network, and can also identify which security cameras are connected to the Internet, allowing for further reconnaissance.
B. Shodan as you can search for internet faced devices.
Yes Shodan is correct answer
answer a Wardriving: This involves driving or walking around the building to identify and map out the Wi-Fi access points and their locations. This can provide information on the types of wireless networks that are present, their security configurations, and the presence of any vulnerabilities that can be exploited.
Re-read the question. "BEST support additional reconnaissance" The wardriving is completed already. The correct answer is B.
correct shodan is answer
answer is shodan
Third-party information sources and tools support passive intelligence gathering. Open-source intelligence gathering relies on a broad range of tools and services. These include search engines like Shodan and Censys, automated information-gathering tools like theHarvester, Recon-ng, Maltego, and FOCA, and databases and information stores like WHOIS records, public records, social media, and other information sources.
Recon-ng is a full-featured reconnaissance framework
recon-ng also has shodan module
shodan is about IoT devices on public, cameras are on internet so should be it
Doesn't Recon-ng have a Shodan module in it anyway?
C. Shodan. Given that the security cameras are connected to the Internet, Shodan can be used to gather additional information about these devices, such as their make, model, and any known vulnerabilities. Analysis of Other Options: A. Wardriving: While wardriving (searching for WiFi networks from a moving vehicle) can be useful for identifying wireless networks, it is less specific than Shodan for gathering detailed information about Internet-connected devices. C. Recon-ng: Recon-ng is a reconnaissance framework that can be used for gathering open-source intelligence (OSINT). While useful, it is more general-purpose and not specifically focused on identifying Internet-connected devices like Shodan. D. Aircrack-ng: Aircrack-ng is a suite of tools for assessing WiFi network security, including cracking WEP and WPA-PSK keys. This tool is more relevant for wireless network security testing rather than Internet-connected device reconnaissance.
Answer B….. hit wrong option when posting
In the context of a physical penetration test, Recon-ng would be a better choice for additional reconnaissance within the building.
The fact that the question specifies there were multiple cameras connected to the internet it's a clear indicator that there is an incentive for the pentester to go and use Shodan for further investigation.
B. Shodan Shodan can be used to search for Internet-connected devices like security cameras to gather more information that may assist the physical penetration test. Wardriving, Recon-ng, and Aircrack-ng are more focused on wireless enumeration and exploitation, which is not the primary objective based on the information provided. Shodan will help maximize reconnaissance on the identified security cameras. However, if further wireless testing is in scope, these tools may become more relevant as the test progresses.
Among the options provided, the best tool for performing additional reconnaissance on a target that includes Internet-connected devices, like security cameras, is: B. Shodan
Since the objective is to perform a physical penetration test, the best option for additional reconnaissance would be Recon-ng. Recon-ng is a tool that automates the process of information gathering and reconnaissance, providing the tester with a large number of data sources to gather information about the target, such as employees' social media profiles, publicly available documents, and network infrastructure details. This information can help the tester identify potential weaknesses in the physical security of the target's building, such as employee schedules, physical access controls, or CCTV camera blind spots.
You can add a shodan API to recon-ng if you have a pro account https://www.hackers-arise.com/post/2019/05/16/osint-part-2-using-recon-ng-to-find-the-same-profile-across-multiple-sites