Hacking is always attracted students to learn the code, so today we are learning about the phases of hacking. we are going to explore 4 types of phases in hacking.
- Information Gathering / Footprinting
- Scanning
- Identify Vulnerabilities
- Attack / exploit
- Information Gathering / Footprinting:
Footprinting is about collecting all available information about a computer system or network in order to gain access to it.
Footprinting (also known as reconnaissance) is the technique used for gathering information about computer systems and the entities they belong to.
Some footprinting tools-
1. Whois
2. Nmap
3. My Ip Suite
4. Super Scan
Whois
A WHOIS lookup could be a way for you to search the general public database for information on a few specific domains, like the expiration date, current registrar, registrant information, etc. once you enter a domain into the search bar at Uniregistry.com/who is, a request is sent to the general public WHOIS database of the domain’s registrar or registry and therefore the stored record is displayed.
Nmap
Download Nmap from its site. you’ll use it in each Windows and UNIX/Linux. It will do ping sweeps, OS identification, additionally to what is finished Super Scan. you’ll be able to see most of its choices and commands at its site choices outline.
My Ip Suite
It combines a domain-to-IP device, Batch Ping, Tracers, Whois, Website Scanner, and Connection Monitor in addition to an IP-to-country device into one Interface.
Super Scan
Super Scan allows you to scan a variety of information processing addresses and do TCP port scanning. It will check all ports or those you choose. it’s an awfully quick and powerful tool.
2. Scanning
Scanning can be considered a logical extension (and overlap) of active reconnaissance that helps attackers identify specific vulnerabilities. It’s often that attackers use automated tools such as network scanners and war dialers to locate systems and attempt to discover vulnerabilities.
For the vulnerability scan, you can choose the best tool that is used to find open ports, website bugs, and other different types of vulnerability with the explanation of the bug. The name of that is Burp suite, its available for Windows, Mac, and Linux on its official website.
3. Identify Vulnerabilities
Vulnerability assessment refers to the process of identifying risks and vulnerabilities in computer networks, systems, hardware, applications, and other parts of the IT ecosystem. Vulnerability assessments provide security teams and other stakeholders with the information they need to analyze and prioritize risks for potential remediation in the proper context.
3. Attack/exploit
the attack is an assault launched by cybercriminals using one or more computers against single or multiple computers or networks. A cyber-attack can maliciously disable computers, steal data, or use a breached computer as a launch point for other attacks.
Name of some tools that are used for website bug hunting-
1. Burp Suite
2. Nmap
3. Nikita
4. Zenmap
5. Metasploit Framework