一.枚举服务

大器晚成.枚举服务

枚举允许客户从网络中搜聚黄金时代类的具有相关信息

1.DNS枚举工具DNSenum功能:

1.因而谷歌(Google卡塔尔或字典臆度可能存在的域名

2.对多个网段举办反向查询

3.询问网址的主机地址新闻,域名服务器和邮件交流记录

一.枚举服务。4.在域名服务器上推行axfr哀告,然后经过谷歌(Google卡塔尔国脚本得到扩充域名消息,提取子域名并询问,最终总计C类地址并进行whois查询,实施反向查询,把地址段写入文件。

输入dnsenum –enum benet.com    结果如下:

Smartmatch is experimental at /usr/bin/dnsenum line 698.
Smartmatch is experimental at /usr/bin/dnsenum line 698.
dnsenum VERSION:1.2.4
Warning: can't load Net::Whois::IP module, whois queries disabled.
Warning: can't load WWW::Mechanize module, Google scraping desabled.

—– benet.com —–**Host’s addresses:*一.枚举服务。*__________________

benet.com.                               300      IN    A        69.172.201.153

Wildcard detection using:
axzajtibcbxx**
_______________________________________*一.枚举服务。*

axzajtibcbxx.benet.com.                  300      IN    A        69.172.201.153

!!!!!一.枚举服务。!!!!!!!!!!!!!!!!!!!!!!! Wildcards detected, all subdomains will point
to the same IP address
Omitting
results containing 69.172.201.153.

Maybe you are using OpenDNS servers.**!!!!!!!!!!!!!!!!!!!!!!!!!!!!Name Servers:______________**

ns2.uniregistrymarket.link.              60       IN    A        176.74.176.175
ns2.uniregistrymarket.link.              60       IN    A        176.74.176.176
ns1.uniregistrymarket.link.              60       IN    A        64.96.240.54
ns1.uniregistrymarket.link.              60       IN    A        64.96.241.73

Mail (MX) Servers:**___________________Trying Zone Transfers and getting Bind
Versions:
_________________________________________________**

Trying Zone Transfer for benet.com on ns2.uniregistrymarket.link ... 
AXFR record query failed: NOTAUTH

Trying Zone Transfer for benet.com on ns1.uniregistrymarket.link ... 
AXFR record query failed: NOTAUTH

brute force file not specified, bay.

输出信息显示了DNS服务的详细信息。包括主机地址,域名服务器地址和邮件服务地址。


2.DNS枚举工具fierce
功能:
对子域名进行扫描和收集信息
使用fierce工具获取一个目标主机上所有IP地址和主机信息。执行命令如下

root@kali:~#fierce -dns baidu.com

结果粗略

出口的音信呈现了baidu.com下具备的子域。

 

3.SNMP枚举工具Snmpwalk

snmpwalk是二个SNMP应用程序。使用SNMP的GETNEXT须要,查询钦定的享有OID(SNMP合同中的对象标志)树消息,并出示给客商。

root@kali:~# snmpwalk -c public 192.168.41.138 -v 2c

尝试失利。。。

 

4.SNMP枚举工具Snmpcheck

root@kali:~# snmpcheck -t 192.168.41.138

一直以来尝试退步。。。

5.SMTP枚举工具smtp-user-enum

  root@kali:~# smtp-user-enum -M VRFY -U /tmp/users.txt -t 192.168.41.138

 

二.测量试验互联网范围

1.域名询问工具DMitryDMitry工具是用来查询IP或WHOIS消息的。

WHOIS是用来查询域名是还是不是已经被登记及曾经注册域名的详细新闻的数据库。

root@kali:~# dmitry -wnpb rzchina.net

子网掩码转换

root@kali:~# netmask -s rzchina.net 
  180.178.61.83/255.255.255.255

 

2.路由追踪工具Scapy功能:

人机联作式生成数据包或数据包会集

对数码包进行操作

出殡数据包

包嗅探

排除疑难和申报相配

root@kali:~# scapy
WARNING: No route found for IPv6 destination :: (no default route?)
INFO: Can't import python ecdsa lib. Disabled certificate manipulation tools
Welcome to Scapy (2.3.3)
>>> ans,unans=sr(IP(dst="www.rzchina.net/30",ttl=(1,6))/TCP())
Begin emission:
....................**.**.**.**.**..****..**..............Finished to send 24 packets.
....................................................................................................
.................................................................................................................................................................................................Traceback (most recent call last):
  File "<console>", line 1, in <module>
  File "/usr/lib/python2.7/dist-packages/scapy/sendrecv.py", line 337, in sr
    a,b=sndrcv(s,x,*args,**kargs)
  File "/usr/lib/python2.7/dist-packages/scapy/sendrecv.py", line 137, in sndrcv
    inp, out, err = select(inmask,[],[], remaintime)
error: (4, 'Interrupted system call')
>>> 

以表的花样查看数据包发送意况,施行命令如下所示:

>>ans.make_table(lambda(s,r):(s.dst,s.ttl,r.src))

品味战败。。。

 

应用scapy查看TCP路由跟踪新闻

>>> res,unans=traceroute(["www.google.com","www.kali.org","www.rzchina.net"],dport=[80,443],maxttl=20,retry=-2)
Begin emission:
*.*.*.*.*.*.*.*.*.*.*.*.Finished to send 120 packets.
Begin emission:
Finished to send 108 packets.
Begin emission:
Finished to send 108 packets.
..
Received 26 packets, got 12 answers, remaining 108 packets
  180.178.61.83:tcp443 180.178.61.83:tcp80 192.124.249.10:tcp443 192.124.249.10:tcp80 31.13.84.1:tcp443  31.13.84.1:tcp80   
1 192.168.1.1     11   192.168.1.1     11  192.168.1.1     11    192.168.1.1     11   192.168.1.1     11 192.168.1.1     11 
2 42.198.120.1    11   42.198.120.1    11  42.198.120.1    11    42.198.120.1    11   42.198.120.1    11 42.198.120.1    11 
>>> 

 

 

 

 

You can leave a response, or trackback from your own site.

Leave a Reply

网站地图xml地图