一、DNS信息搜集几种常用的信息搜集工具:1.dnsenum枚举信息查寻所有的信息./dnsenum--dnsserver8.8.8.8目标(-fdns.txt)使用字典暴力破解2.dnswalk区域
......一、DNS信息搜集..
..几种常用的信息搜集工具:..
....1.dnsenum枚举信息查寻所有的信息.../dnsenum--dnsserver8.8.8.8目标(-fdns.txt)使用字典暴力破解.
.2.dnswalk区域传送漏洞的测试.../dnswalkcisco.com......
.3.dnsmap列举目标的所有dns信息.../dnsmapcisco.com.
.4.lbddns负载均衡.../lbd.shgoogle.com.
.5.whois查询网站所有者的相关信息..whoissina.com.cn..
......6.maltego图形化信息搜集工具..该工具的使用需要注册.
.二、web信息搜集..
..1.whatweb获取目标站点的信息.
2.waffitwafw00f可以识别和指纹WAF网站产品保护。
.3.curl-I目标..获取目标的简单的信息..curl-T目标..curl-Tftp://user:[email protected]..上传文件(需要足够的权限)..
..
..
..三、网络信息搜集..
..1.arping仅在局域网可以使用..
..
..2.fping..fpingisapinglikeprogramwhichusestheInternetControlMessageProtocol(ICMP)echorequesttodetermineifahostisup.fpingisdifferentfrompinginthatyoucanspecifyanynumberofhostsonthecommandline,orspecifyafilecontainingthelistsofhoststoping.Insteadoftryingonehostuntilittimeoutsorreplies,fpingwillsendoutapingpacketandmoveontothenexthostinaround-robinfashion.Ifahostreplies,itisnotedandremovedfromthelistofhoststocheck.Ifahostdoesnotrespondwithinacertaintimelimitand/orretrylimititwillbeconsideredunreachable.Unlikeping,fpingismeanttobeusedinscriptsanditsoutputiseasytoparse.
.3.hping...hpingisacommandlineorientedTCP/IPpacketassembler/analyzer.Theinterfaceisinspiredtothepingunixcommand,buthpingisn'tonlyabletosendICMPechorequests.ItsupportsTCP,UDP,ICMPandRAW-IPprotocols,hasatraceroutemode,theabilitytosendfilesbetweenacoveredchannel,andmanyotherfeatures...Firewalltesting..Advancedportscanning..Networktesting,usingdifferentprotocols,TOS,fragmentation..ManualpathMTUdiscovery..Advancedtraceroute,underallthesupportedprotocols..RemoteOSfingerprinting..Remoteuptimeguessing..TCP/IPstacksauditing..hpingcanalsobeusefultostudentsthatarelearningTCP/IP....
.
4.hping2
.5.netifera..Netiferaisanetworkscannercapableofpassivescanning(scanofapcapfile,livenetworksniffing)aswellasactivescanning(entityportscan).Itenablestoidentifyhostsonthenetwork..
6.nmap
..用nmap探测开放端口:-sSSYN半开扫描-sTTCP半开扫描-Pn不使用ping方式探..测主机-A探测服务类型..nmap–sS–Pn192.168.1.111..nmap–sS–Pn–A192.168.1.111........
.
....1.traceroute.
.2.tcptraceroute...tcptracerouteisatracerouteimplementationusingTCPpackets...Themoretraditionaltraceroute(8)sendsouteitherUDPorICMPECHOpacketswithaTTLofone,andincrementstheTTLuntilthedestinationhasbeenreached.ByprintingthegatewaysthatgenerateICMPtimeexceededmessagesalongtheway,itisabletodeterminethepathpacketsaretakingtoreachthedestination...TheproblemisthatwiththewidespreaduseoffirewallsonthemodernInternet,manyofthepacketsthattraceroute(8)sendsoutendupbeingfiltered,makingitimpossibletocompletelytracethepathtothedestination.However,inmanycases,thesefirewallswillpermitinboundTCPpacketstospecificportsthathostssittingbehindthefirewallarelisteningforconnectionson.BysendingoutTCPSYNpacketsinsteadofUDPorICMPECHOpackets,tcptracerouteisabletobypassthemostcommonfirewallfilters.....
.3.tcpdump..tcpdumpisacommonpacketanalyzerthatrunsunderthecommandline.ItallowstheusertointerceptanddisplayTCP/IPandotherpacketsbeingtransmittedorreceivedoveranetworktowhichthecomputerisattached.DistributedundertheBSDlicense,tcpdumpisfreesoftware..
4.scapy修改数据包
.5.wireshark抓包...Wiresharkisafreeandopen-sourcepacketanalyzer.Itisusedfornetworktroubleshooting,analysis,softwareandcommunicationsprotocoldevelopment,andeducation.OriginallynamedEthereal,inMay2006theprojectwasrenamedWiresharkduetotrademarkissues...Wiresharkiscross-platform,usingtheGTK+widgettoolkittoimplementitsuserinterface,andusingpcaptocapturepackets;itrunsonvariousUnix-likeoperatingsystemsincludingLinux,OSX,BSD,andSolaris,andonMicrosoftWindows.Thereisalsoaterminal-based(non-GUI)versioncalledTShark.Wireshark,andtheotherprogramsdistributedwithitsuchasTShark,arefreesoftware,releasedunderthetermsoftheGNUGeneralPublicLicense.....
.
