A tester is working on an engagement that has evasion and stealth requirements. Which of the following enumeration methods is the least likely to be detected by the IDS?
Option A uses Shodan’s API to gather information about a target without directly touching the target system. This makes it the stealthiest option as there's no traffic generated from the tester’s IP to the target.
Options B & D use Nmap which is active scanning, and while -T2 reduces intensity, it still generates packets.
Option C is a custom curl script that also interacts directly with the target and can trigger IDS alerts.
CompTIA PenTest+ Reference:
PT0-003 Objective 2.1 & 2.3: Passive vs Active reconnaissance techniques.
Using OSINT sources like Shodan is a key stealth recon method.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit