A penetration tester is preparing to perform activities for a client that requires minimal disruption to company operations.
Which of the following are considered passive reconnaissance tools? (Choose two.)
Click on the arrows to vote for the correct answer
A. B. C. D. E. F.AE.
https://resources.infosecinstitute.com/topic/top-10-network-recon-tools/Passive reconnaissance refers to the activities performed by a penetration tester to gather information without directly interacting with the target systems. Passive reconnaissance is an essential part of any penetration testing engagement as it helps the tester to gather information about the target systems and their environment without triggering any security alarms or disrupting normal operations.
The following are two tools that are commonly used for passive reconnaissance:
Wireshark: Wireshark is a free and open-source network protocol analyzer that is widely used by security professionals and network administrators. Wireshark captures network traffic and allows the tester to analyze the data to identify vulnerabilities or security issues. Wireshark can be used for passive reconnaissance as it captures data without interacting with the target systems.
Shodan: Shodan is a search engine that scans the internet for connected devices and systems. Shodan can be used for passive reconnaissance as it provides information about the target systems, such as open ports, installed software, and system configurations, without directly interacting with the target systems.
Nessus, Retina, Burp Suite, and Nikto are not passive reconnaissance tools as they interact with the target systems to identify vulnerabilities and security issues. Nessus and Retina are vulnerability scanners that actively scan the target systems for vulnerabilities. Burp Suite and Nikto are web application scanners that interact with the target web application to identify vulnerabilities and security issues.
In conclusion, the two tools that are considered passive reconnaissance tools are Wireshark and Shodan.