Dmitry是一个由C语言编写的UNIX/(GNU)Linux命令行工具,它可用于收集主机相关信息,比如子域名、Email地址、系统运行时间信息。
同时,它也可以进行TCP端口扫描和whois查询等等,下面是它收集信息的方式:
执行whois查询;
检索系统运行时间数据、系统和服务器的相关数据;
针对目标主机执行子域名查询;
针对目标主机进行Email地址搜索;
针对目标主机进行TCP端口扫描(Portscan);
可让用户指定的模块程序。
Dmitry可以通过下面的方式进行下载:
$ cd /data/src/
$ wget http://mor-pah.net/code/DMitry-1.3a.tar.gz
安装命令如下:
$ tar xzvf DMitry-1.3a.tar.gz
$ cd DMitry-1.3a/
$ ./configure
$ make
$ sudo make install
接着根据实际情况,选择性地创建对/pentest/目录的符号链接(软链接):
$ mkdir -p /pentest/enumeration/dmitry/
$ ln -s /usr/local/bin/dmitry/pentest/enumeration/dmitry/Dmitry
使用方法
列出帮助信息:
$ dmitry –help
查看更完整的文档:
$ man Dmitry
选项详解:
-o filename
创建ascii文本输出,到指定的文件名里。如果没有指定输出文件名,则会保存为“target.txt”。如果未以任何格式指定该选项,默认将执行标准输出。该选项必须位于其它选项之后,例如”./dmitry -winseo target”。
-i
whois查询,后跟IPv4地址,如:./dmitry -i 255.255.255.255。
-w
whois查询,后跟字符串形式的主机名,如:./dmitry-w target。
-n
获取相关主机的netcraft.com信息,包括主机操作系统、web服务上线和运行时间信息。
-s
执行子域名查询。
-e
针对目标主机执行Email地址查询。
-p
在目标主机上执行TCP端口扫描,这是个相对基础简单的模块。
-f
让TCP扫描器输出过滤的端口信息。
-b
让TCP扫描器输出端口banner。
-t
设置端口扫描的TTL,默认是2秒。
实例
$ dmitry -iwns -o example.out google.com
这个案例中,dmitry会创建名为example.out的报告,报告内容的形式如下:
HostIP:209.85.227.99
HostName:google.com
Gathered Inet-whois information for209.85.227.99
---------------------------------
OrgName: Google Inc.
OrgID: GOGL
Address: 1600 Amphitheatre Parkway
City: Mountain View
StateProv: CA
PostalCode: 94043
Country: US
NetRange: 209.85.128.0 - 209.85.255.255
CIDR: 209.85.128.0/17
NetName: GOOGLE
NetHandle: NET-209-85-128-0-1
Parent: NET-209-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.GOOGLE.COM
NameServer: NS2.GOOGLE.COM
NameServer: NS3.GOOGLE.COM
NameServer: NS4.GOOGLE.COM
Comment:
RegDate: 2006-01-13
Updated: 2006-06-01
OrgTechHandle: ZG39-ARIN
OrgTechName: Google Inc.
OrgTechPhone: +1-650-318-0200
OrgTechEmail: arin-contact@google.com
# ARIN WHOIS database, last updated 2010-02-0620:00
# Enter ? for additional hints on searchingARIN's WHOIS database.
#
# ARIN WHOIS data and services are subjectto the Terms of Use
# available athttps://www.arin.net/whois_tou.html
Gathered Inic-whois information forgoogle.com
---------------------------------
Domain Name: GOOGLE.COM
Registrar: MARKMONITOR INC.
Whois Server: whois.markmonitor.com
Referral URL: http://www.markmonitor.com
Name Server: NS1.GOOGLE.COM
Name Server: NS2.GOOGLE.COM
Name Server: NS3.GOOGLE.COM
Name Server: NS4.GOOGLE.COM
Status: clientDeleteProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Status: serverDeleteProhibited
Status: serverTransferProhibited
Status: serverUpdateProhibited
Updated Date: 18-nov-2008
Creation Date: 15-sep-1997
Expiration Date: 14-sep-2011
>>> Last update of whois database:Sun, 07 Feb 2010 08:06:53 UTC <<<
NOTICE: The expiration date displayed inthis record is the date the
registrar's sponsorship of the domain nameregistration in the registry is
currently set to expire. This date does notnecessarily reflect the expiration
date of the domain name registrant'sagreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date ofexpiration for this registration.
TERMS OF USE: You are not authorized toaccess or query our Whois
database through the use of electronicprocesses that are high-volume and
automated except as reasonably necessary toregister domain names or
modify existing registrations; the Data inVeriSign Global Registry
Services' ("VeriSign") Whoisdatabase is provided by VeriSign for
information purposes only, and to assistpersons in obtaining information
about or related to a domain nameregistration record. VeriSign does not
guarantee its accuracy. By submitting aWhois query, you agree to abide
by the following terms of use: You agreethat you may use this Data only
for lawful purposes and that under nocircumstances will you use this Data
to: (1) allow, enable, or otherwise supportthe transmission of mass
unsolicited, commercial advertising orsolicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated,electronic processes
that apply to VeriSign (or its computersystems). The compilation,
repackaging, dissemination or other use ofthis Data is expressly
prohibited without the prior writtenconsent of VeriSign. You agree not to
use electronic processes that are automatedand high-volume to access or
query the Whois database except asreasonably necessary to register
domain names or modify existingregistrations. VeriSign reserves the right
to restrict your access to the Whoisdatabase in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate youraccess to the
Whois database for failure to abide bythese terms of use. VeriSign
reserves the right to modify these terms atany time.
The Registry database contains ONLY .COM,.NET, .EDU domains and
Gathered Netcraft information forgoogle.com
---------------------------------
Retrieving Netcraft.com information forgoogle.com
Netcraft.com Information gathered
Gathered Subdomain information forgoogle.com
---------------------------------
Searching Google.com:80...
HostName:www.google.com
HostIP:209.85.227.99
Searching Altavista.com:80...
Found 1 possible subdomain(s) for hostgoogle.com, Searched 0 pages containing 0 results
DMitry-1.3a下载地址在这里。
- 上一篇:Kali Linux渗透基础知识整理(一):信息搜集
- 下一篇:编辑器漏洞手册
猜你还喜欢
- 12-09Kali Linux字典生成工具Cewl使用全指南
- 01-12开源安全情报引擎Critical Stack使用入门
- 05-02分享一款基于Pocsuite的漏洞扫描系统
- 01-04经验分享 | Burpsuite抓取非HTTP流量
- 05-02Burpsuit结合SQLMapAPI产生的批量注入插件
- 11-25工具 | 手把手教你信息收集之子域名收集器
- 11-05工具分享 | Maltego4.0.11中文汉化版
- 12-08burpsuite_pro_v1.7.11破解版(含下载地址)
- 05-30最新BurpSuite 1.7.32 破解版[注册机]下载【无后门版】
- 07-29IBM Rational AppScan 9.0.3 (含下载)
- 最新文章
- 随机文章
-
- Apache Axis 1.4远程命令执行诡异探索之路
- 深入分析一个Pwn2Own的优质Webkit漏洞
- 企业安全建设之自动化代码扫描
- Burp Suite Professional 2.1.05 最新版本下载
- 绕过Bypass disable_functions 提权
- 漏洞及渗透练习平台 【大全】
- PHP代码审计之入门实战
- Apereo CAS 4.X反序列化漏洞分析及复现
- phpMydmin的GetShell思路
- Fortify Sca自定义扫描规则
- Socialscan:一款准确且快速的在线邮件地址及用户名查询工具
- 用NodeJS实现反爬虫,原理&源码放送
- Pikachu漏洞靶场系列之XSS
- 渗透测试工具实战技巧合集
- 渗透痕迹分析随笔
- Qiling:一款功能强大的高级代码模拟框架
- 从损坏的手机中获取数据
- 基于内存 Webshell 的无文件攻击技术研究
- 在线域环境 CTF 实验室 RastaLab 体验记录
- 让制售假者倾家荡产 淘宝向售假口罩商家索赔百万
- 热门文章
-
- 八年专业安全团队承接渗透入侵维护服务
- Emlog黑客站模板“Milw0rm”发布
- Stuxnet纪录片-零日 Zero.Days (2016)【中文字幕】
- SQLMAP的注入命令以及使用方法
- 白帽故事汇:网络安全战士从来不是「男生」的专利
- 编辑器漏洞手册
- web安全之如何全面发现系统后台
- 常见Web源码泄露总结
- 深入理解JAVA反序列化漏洞
- cmseasy前台无需登录直接获取敏感数据的SQL注入(有POC证明)
- 网站后台登陆万能密码
- 黑麒麟2016渗透培训系列教程
- 破解emlog收费模板“Begin”
- 那些强悍的PHP一句话后门
- Android平台渗透测试套件zANTI v2.5发布(含详细说明)
- 渗透工具BackTrack与KaliLinux全套视频教程
- Python列为黑客应该学的四种编程语言之一 初学者该怎么学
- CVE-2017-11882漏洞复现和利用
- 恶意程序报告在线查询工具
- 利用Thinkphp 5缓存漏洞实现前台Getshell
- 文章标签
-