The SecOps Group CAPen - Certified AppSec Pentester (CAPen) Certification Exam
Question #1 (Topic: demo questions)
Identify email addresses belonging to a company using OSINT techniques.
Correct Answer: A
Explanation:
1. Use Hunter.io or theHarvester tool:
1. Use Hunter.io or theHarvester tool:
theHarvester -d target.com -b google
2. Search Google with: @target.com
3. Use LinkedIn or GitHub advanced search: site:github.com "@target.com"
4. Collect emails for phishing simulation (if permitted).
5. Verify email validity using tools like EmailHippo or Debounce.io.
Discover open directories with potentially sensitive files using Google dorks.
Question #2 (Topic: demo questions)
Discover open directories with potentially sensitive files using Google dorks.
Correct Answer: A
Explanation:
Use: intitle:"index of" "parent directory" +passwd
Use: intitle:"index of" "parent directory" +passwd
This searches for open directories with file listings containing "passwd".
Replace passwd with other keywords like .sql, .bak, .env, etc.
Confirm findings are in non-sensitive environments or demos.
Access is legal only if no authentication is bypassed or required
Question #3 (Topic: demo questions)
Find public documents on a government site that may contain sensitive metadata using Google dorks.
Correct Answer: A
Explanation:
Usethedork: site:gov filetype:pdf
Usethedork: site:gov filetype:pdf
Tofindspecific content, extend it: site:gov filetype:pdf confidential
Downloada few sample PDFs (legally and ethically).
Useexiftool filename.pdf or pdfinfo filename.pdf to extract metadata.
Checkforusernames, software versions, or timestamps that leak OSINT data.
Question #4 (Topic: demo questions)
Use a Google dork to identify login pages of vulnerable sites running PHP.
Correct Answer: A
Explanation:
OpenGoogle and use the dork: inurl:login.php intitle:"Login"