欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  科技

读书笔记-信息收集1

程序员文章站 2022-03-10 15:41:56
一.枚举服务 枚举允许用户从网络中收集一类的所有相关信息 1.DNS枚举工具DNSenum功能: 1.通过谷歌或字典猜测可能存在的域名 2.对一个网段进行反向查询 3.查询网站的主机地址信息,域名服务器和邮件交换记录 4.在域名服务器上执行axfr请求,然后通过谷歌脚本得到扩展域名信息,提取子域名并 ......

一.枚举服务

枚举允许用户从网络中收集一类的所有相关信息

1.dns枚举工具dnsenum功能:

1.通过谷歌或字典猜测可能存在的域名

2.对一个网段进行反向查询

3.查询网站的主机地址信息,域名服务器和邮件交换记录

4.在域名服务器上执行axfr请求,然后通过谷歌脚本得到扩展域名信息,提取子域名并查询,最后计算c类地址并执行whois查询,执行反向查询,把地址段写入文件。

输入dnsenum --enum benet.com    结果如下:

smartmatch is experimental at /usr/bin/dnsenum line 698.
smartmatch is experimental at /usr/bin/dnsenum line 698.
dnsenum version:1.2.4
warning: can't load net::whois::ip module, whois queries disabled.
warning: can't load www::mechanize module, google scraping desabled.

----- benet.com -----host's addresses:__________________

benet.com.                               300      in    a        69.172.201.153


wildcard detection using: axzajtibcbxx_______________________________________

axzajtibcbxx.benet.com.                  300      in    a        69.172.201.153


!!!!!!!!!!!!!!!!!!!!!!!!!!!! wildcards detected, all subdomains will point to the same ip address omitting results containing 69.172.201.153. maybe you are using opendns servers.!!!!!!!!!!!!!!!!!!!!!!!!!!!!name servers:______________

ns2.uniregistrymarket.link.              60       in    a        176.74.176.175
ns2.uniregistrymarket.link.              60       in    a        176.74.176.176
ns1.uniregistrymarket.link.              60       in    a        64.96.240.54
ns1.uniregistrymarket.link.              60       in    a        64.96.241.73


mail (mx) servers:___________________trying zone transfers and getting bind versions:_________________________________________________

trying zone transfer for benet.com on ns2.uniregistrymarket.link ... 
axfr record query failed: notauth

trying zone transfer for benet.com on ns1.uniregistrymarket.link ... 
axfr record query failed: notauth

brute force file not specified, bay.

输出信息显示了dns服务的详细信息。包括主机地址,域名服务器地址和邮件服务地址。


2.dns枚举工具fierce
功能:
对子域名进行扫描和收集信息
使用fierce工具获取一个目标主机上所有ip地址和主机信息。执行命令如下
root@kali:~#fierce -dns baidu.com

结果省略

输出的信息显示了baidu.com下所有的子域。

 

3.snmp枚举工具snmpwalk

snmpwalk是一个snmp应用程序。使用snmp的getnext请求,查询指定的所有oid(snmp协议中的对象标识)树信息,并显示给用户。

root@kali:~# snmpwalk -c public 192.168.41.138 -v 2c

尝试失败。。。

 

4.snmp枚举工具snmpcheck

root@kali:~# snmpcheck -t 192.168.41.138

同样尝试失败。。。

5.smtp枚举工具smtp-user-enum

  root@kali:~# smtp-user-enum -m vrfy -u /tmp/users.txt -t 192.168.41.138

 

二.测试网络范围

1.域名查询工具dmitrydmitry工具是用来查询ip或whois信息的。

whois是用来查询域名是否已经被注册及已经注册域名的详细信息的数据库。

root@kali:~# dmitry -wnpb rzchina.net

子网掩码转换

root@kali:~# netmask -s rzchina.net 
  180.178.61.83/255.255.255.255

 

2.路由跟踪工具scapy功能:

交互式生成数据包或数据包集合

对数据包进行操作

发送数据包

包嗅探

应答和反馈匹配

root@kali:~# scapy
warning: no route found for ipv6 destination :: (no default route?)
info: can't import python ecdsa lib. disabled certificate manipulation tools
welcome to scapy (2.3.3)
>>> ans,unans=sr(ip(dst="www.rzchina.net/30",ttl=(1,6))/tcp())
begin emission:
....................**.**.**.**.**..****..**..............finished to send 24 packets.
....................................................................................................
.................................................................................................................................................................................................traceback (most recent call last):
  file "<console>", line 1, in <module>
  file "/usr/lib/python2.7/dist-packages/scapy/sendrecv.py", line 337, in sr
    a,b=sndrcv(s,x,*args,**kargs)
  file "/usr/lib/python2.7/dist-packages/scapy/sendrecv.py", line 137, in sndrcv
    inp, out, err = select(inmask,[],[], remaintime)
error: (4, 'interrupted system call')
>>> 

以表的形式查看数据包发送情况,执行命令如下所示:

>>ans.make_table(lambda(s,r):(s.dst,s.ttl,r.src))

尝试失败。。。

 

使用scapy查看tcp路由跟踪信息

>>> res,unans=traceroute(["www.google.com","www.kali.org","www.rzchina.net"],dport=[80,443],maxttl=20,retry=-2)
begin emission:
*.*.*.*.*.*.*.*.*.*.*.*.finished to send 120 packets.
begin emission:
finished to send 108 packets.
begin emission:
finished to send 108 packets.
..
received 26 packets, got 12 answers, remaining 108 packets
  180.178.61.83:tcp443 180.178.61.83:tcp80 192.124.249.10:tcp443 192.124.249.10:tcp80 31.13.84.1:tcp443  31.13.84.1:tcp80   
1 192.168.1.1     11   192.168.1.1     11  192.168.1.1     11    192.168.1.1     11   192.168.1.1     11 192.168.1.1     11 
2 42.198.120.1    11   42.198.120.1    11  42.198.120.1    11    42.198.120.1    11   42.198.120.1    11 42.198.120.1    11 
>>>