Sam Spade: application on network analysis and vulnerability testing to improve security. PDF
| Title | Sam Spade: application on network analysis and vulnerability testing to improve security. |
|---|---|
| Author | Lucas Hodo |
| Course | Information Technology |
| Institution | University of Nairobi |
| Pages | 7 |
| File Size | 682.8 KB |
| File Type | |
| Total Downloads | 2 |
| Total Views | 140 |
Summary
Sam spade tool is a an internet-based tool used by information security experts to establish vulnerability of networks and websites. It can be downloaded and installed on any windows system. It can detect vulnerability that hackers can use to exploit the system....
Description
How to use Sam spade tool to investigate iskytap.com, x128.com and cloudparadox.com Sam spade is an investigative software. It can be used to determine the owner of a given IP address and to find out what is contained in a web page. It can do many tasks that would require many programs such as WhoIs, nsLookup, packet sniffer, ping and traceroute. It is a security tool with an easy to use graphic user interface. Using Sam Spade involves using a series of command which some are visible on user interface upon installation. This is a step guide on how to use Sam Spade to investigate the three websites: iskytap.com, x128bit.com and cloudparadox.com. iskytap.com
When you first open the software, you are greeted with a large blank window with a menu bar on top and a tool bar on the left side. On the top left there is a query form. Enter the address of the target website, in this case it is iskytap.com. To find out the ownership and contact information of the host’s domain, run the whois command. Whois is command is convenient with increasing number of registrars. Click on the Whois command on the left bar. The output is displayed on a separate popup window. For example, when you run this command iskytap.com website is registered by Network Solutions with the following information as evidenced in the screenshot below; Registrar: Network Solutions, LLC Registrar URL: http://networksolutions.com Registrar Abuse Contact Phone: +1.8003337680
Execute the ping command located under the basics menu to determine if the host’s system is reachable via the network. Ping does this by sending a series of packets.
To trace the roots where the packets originate from, click on the traceroute (tracert) command. It shows the roots taken by the incoming packets from the user’s system to the address of the target host. It lists all the immediate names of connected routers and also shows a delay graph. To get the IP address of the specified host and the name, run the nslookup command. The latest version of Sam Spade has this command located under “basic” menu. Click on tools then nsLookup. It’s realized that the IP address for iskytap.com is 208.91.197.27 (IPv4) while that of cloudparadox.com is 50.225.131.227. The IP addresses can further be used to carry an investigation on where the target hosts are located. In this case, x128bit.com and iskytap.com have the same IP address, registered by the same number hence it can be thought that they belong to the same organization. Click on the IP Block to get the owner of the IP address block which can be used to narrow down to the owner’s geographical location. When the IP address of iskytap.com is searched through IP Address Location Finder, it shows that the host’s server is in Florida, United States. Check on the screenshot below. x128bit.com Type x128bit.com on the query box run the Whois command to get the contact and ownership information of the specified host’s domain. When the command is executed, the output shows that x128bit.com is also registered by Network Solutions with similar information.
Trace the routes where the packets originates by executing the tracert command and note the connected routers. The screenshot below shows the output in this case.
It can be observed that x124bit.com packets have same originates from same point as iskytap.com.
Run the nslookup command to get the specified host’s IP address. In this case it can also be registered that the IP address for x128bit.com is 208.91.197.27. Ping x128bit.com to check if it’s reachable via the network.
One can also obtain the source code of the target website by clicking on web command.
cloudparadox.com
Execute the Whois command. Note the registration details of the target host’s domain. You can notice that it is also registered by Network Solutions. The registration details are also as shown. Registrar: Network Solutions, LLC Registrar URL: http://networksolutions.com Registrar Abuse Contact Phone: +1.8003337680 Take nslookup to find the IP address of the host. It can be noticed that it’s IP address is 50.225.131.227. A geographical location test on the address shows that the server is located in Houston, United States as shown in the screenshot. The ping results for cloudparadox.com are as shown.
Trace the routes where the target host’s packets originates taking note of the intermediate routers and the delay time. Also notice the variation of the graph shown, it can be observed that the packets have different origin as compared to iskytap.com and x128bit.com.
Interpretatios From the results of tests carried out, iskytap.com and x128bit.com share the same IP address. Their ping results shows that both are partially reachable over this network used. Traceroute results points to the same origin of packets through the same routers therefore it can be assumed that they belong to the same organization. For cloudparadox, the ping results shows that the host server is not reachable over this network. It’s IP address is different and nslookup points to different origin of the packets. However, the three websites are all registered by the America’s Networwork Solutions. All the geographical investigation on the location of their server ponts to United States. Therefore Sam Spade tool is a utility website and internet investigative and analysis tool to monitor internet security.
How Whois, Tracert and nslookup work.
Whois: it is a response protocol that queries databases that store the registered users or assignees of domain names and internet protocols of such registrars. It then returns the contact information of the registrar and other details that are queried. Tracert works by querying the server and analyzing the packets as they travel the entire path. It collects the information about the routers and devices in your path and the delay time. It also provide the graph of delay time as packets pass through the routers.
nsLookup queries the Domain Name System to find name and server information and information about internet services. It displays the IP address and name of a given host....
Similar Free PDFs
44319 web application security testing
- 179 Pages
Network Security Midterm
- 21 Pages
Network Security Proposal Template
- 14 Pages
Homework Network Security 1
- 2 Pages
Web Application Penetration Testing
- 10 Pages
Popular Institutions
- Tinajero National High School - Annex
- Politeknik Caltex Riau
- Yokohama City University
- SGT University
- University of Al-Qadisiyah
- Divine Word College of Vigan
- Techniek College Rotterdam
- Universidade de Santiago
- Universiti Teknologi MARA Cawangan Johor Kampus Pasir Gudang
- Poltekkes Kemenkes Yogyakarta
- Baguio City National High School
- Colegio san marcos
- preparatoria uno
- Centro de Bachillerato Tecnológico Industrial y de Servicios No. 107
- Dalian Maritime University
- Quang Trung Secondary School
- Colegio Tecnológico en Informática
- Corporación Regional de Educación Superior
- Grupo CEDVA
- Dar Al Uloom University
- Centro de Estudios Preuniversitarios de la Universidad Nacional de Ingeniería
- 上智大学
- Aakash International School, Nuna Majara
- San Felipe Neri Catholic School
- Kang Chiao International School - New Taipei City
- Misamis Occidental National High School
- Institución Educativa Escuela Normal Juan Ladrilleros
- Kolehiyo ng Pantukan
- Batanes State College
- Instituto Continental
- Sekolah Menengah Kejuruan Kesehatan Kaltara (Tarakan)
- Colegio de La Inmaculada Concepcion - Cebu