Which tool can a penetration tester use to query and obtain data about hosts, websites, and certificates to assist in identifying potential security risks and misconfigurations?
Censys is the correct answer because it scans the internet for information about hosts, websites, and certificates, providing searchable data that penetration testers can use to find security risks and misconfigurations. 'Nessus' is an incorrect answer because it is a vulnerability scanner rather than a searchable database of internet-connected devices. 'John the Ripper' is a password-cracking tool, not an OSINT tool. 'WiGLE' is used for mapping wireless networks and is not designed to provide the same type of host, website, and certificate information.
Learn More
AI Generated Content may display inaccurate information, always double-check anything important.
What is Censys and how does it work?
What are the differences between Censys and Nessus?
What are OSINT tools and how are they used in penetration testing?