BT5渗透之信息收集

一、DNS信息搜集

几种常用的信息搜集工具：


1.  dnsenum  枚举信息  查寻所有的信息  
./dnsenum --dnsserver  8.8.8.8 目标  (-f dns.txt)使用字典暴力破解

2.  dnswalk  区域传送漏洞的测试
./dnswalk  cisco.com.

3.  dnsmap  列举目标的所有dns信息
./dnsmap  cisco.com

4.  lbd    dns负载均衡
./lbd.sh google.com

5.  whois  查询网站所有者的相关信息
whois  sina.com.cn



6.  maltego  图形化信息搜集工具
该工具的使用需要注册

二、web信息搜集

1.whatweb  获取目标站点的信息

2.waffit   wafw00f可以识别和指纹WAF网站产品保护。

3.curl -I  目标
获取目标的简单的信息
curl -T  目标
curl -T  ftp://user:password@xxx.com
上传文件（需要足够的权限）



三、网络信息搜集

1.arping 仅在局域网可以使用


2.fping
fpingis aping like program which uses the Internet Control Message Protocol (ICMP) echo request to determine if a host is up. fpingis different from ping in that you can specify any number of hosts on the command line, or specify a file containing the lists of hosts to ping. Instead of trying one host until it timeouts or replies, fpingwill send out a ping packet and move on to the next host in a round-robin fashion. If a host replies, it is noted and removed from the list of hosts to check. If a host does not respond within a certain time limit and/or retry limit it will be considered unreachable.Unlikeping, fpingis meant to be used in scripts and its output is easy to parse



3.hping
hpingisacommandlineorientedTCP/IPpacketassembler/analyzer.Theinterfaceisinspiredtothepingunixcommand,buthpingisn'tonlyabletosendICMPechorequests.ItsupportsTCP,UDP,ICMPandRAW-IPprotocols,hasatraceroutemode,theabilitytosendfilesbetweenacoveredchannel,andmanyotherfeatures.
Firewall testing
Advancedportscanning
Network testing, using different protocols, TOS, fragmentation
Manual path MTU discovery
Advanced traceroute, under all the supported protocols
Remote OS fingerprinting
Remote uptime guessing
TCP/IP stacks auditing
hpingcan also be useful to students that are learning TCP/IP.

4.hping2

5.netifera
Netiferais a network scanner capable of passive scanning (scan of a pcap file, live network sniffing) as well as active scanning (entity port scan). It enables to identify hosts on the network.

6.nmap

用nmap 探测开放端口：-sS SYN 半开扫描-sT TCP 半开扫描-Pn 不使用ping 方式探
测主机-A 探测服务类型
nmap –sS –Pn 192.168.1.111
nmap –sS –Pn –A 192.168.1.111




四、路由信息收集


1.traceroute

2.tcptraceroute
tcptracerouteis a tracerouteimplementation using TCP packets.
The more traditional traceroute(8) sends out either UDP or ICMP ECHO packets with a TTL of one, and increments the TTL until the destination has been reached. By printing the gateways that generate ICMP time exceeded messages along the way, it is able to determine the path packets are taking to reach the destination.
The problem is that with the widespread use of firewalls on the modern Internet, many of the packets that traceroute(8) sends out end up being filtered, making it impossible to completely trace the path to the destination. However, in many cases, these firewalls will permit inbound TCP packets to specific ports that hosts sitting behind the firewall are listening for connections on. By sending out TCP SYN packets instead of UDP or ICMP ECHO packets, tcptracerouteis able to bypass the most common firewall filters.

3.tcpdump
tcpdumpis a commonpacket analyzerthat runs under thecommand line. It allows the user to intercept and displayTCP/IPand other packets being transmitted or received over anetworkto which the computer is attached. Distributed under theBSD license,tcpdumpisfree software.

4.scapy 修改数据包

5.wireshark抓包
Wiresharkis afree and open-sourcepacket analyzer. It is used fornetworktroubleshooting, analysis, software andcommunicationsprotocoldevelopment, and education. Originally namedEthereal, in May 2006 the project was renamed Wiresharkdue to trademark issues.
Wiresharkiscross-platform, using theGTK+widget toolkitto implement its user interface, and usingpcapto capture packets; it runs on variousUnix-likeoperating systems includingLinux,OSX,BSD, andSolaris, and onMicrosoft Windows. There is also a terminal-based (non-GUI) version called TShark. Wireshark, and the other programs distributed with it such as TShark, arefree software, released under the terms of theGNU General Public License.

这是什么东东啊

好好 学习了 确实不错