您的位置:威尼斯官方网站 > 威尼斯官方网站 > 风姿浪漫.枚举服务

风姿浪漫.枚举服务

发布时间:2020-01-02 18:07编辑:威尼斯官方网站浏览(165)

    生机勃勃.枚举服务

    枚举允许客户从互联网中搜集后生可畏类的有着有关新闻

    1.DNS枚举工具DNSenum功能:

    1.经过Google或词典猜想大概存在的域名

    2.对贰个网段实行反向查询

    3.询问网站的主机地址音信,域名服务器和邮件调换记录

    4.在域名服务器上实行axfr央浼,然后通过Google脚本获得强盛域名音讯,提取子域名并询问,最终总结C类地址并实行whois查询,实行反向查询,把地方段写入文件。

    输入dnsenum --enum benet.com    结果如下:

    Smartmatch is experimental at /usr/bin/dnsenum line 698.
    Smartmatch is experimental at /usr/bin/dnsenum line 698.
    dnsenum VERSION:1.2.4
    Warning: can't load Net::Whois::IP module, whois queries disabled.
    Warning: can't load WWW::Mechanize module, Google scraping desabled.
    

    ----- benet.com -----**Host's addresses:**__________________

    benet.com.                               300      IN    A        69.172.201.153
    

    Wildcard detection using: axzajtibcbxx**_______________________________________**

    axzajtibcbxx.benet.com.                  300      IN    A        69.172.201.153
    

    !!!!!!!!!!!!!!!!!!!!!!!!!!!! Wildcards detected, all subdomains will point to the same IP address Omitting results containing 69.172.201.153. Maybe you are using OpenDNS servers.**!!!!!!!!!!!!!!!!!!!!!!!!!!!!Name Servers:______________**

    ns2.uniregistrymarket.link.              60       IN    A        176.74.176.175
    ns2.uniregistrymarket.link.              60       IN    A        176.74.176.176
    ns1.uniregistrymarket.link.              60       IN    A        64.96.240.54
    ns1.uniregistrymarket.link.              60       IN    A        64.96.241.73
    

    Mail (MX) Servers:**___________________Trying Zone Transfers and getting Bind Versions:_________________________________________________**

    Trying Zone Transfer for benet.com on ns2.uniregistrymarket.link ... 
    AXFR record query failed: NOTAUTH
    
    Trying Zone Transfer for benet.com on ns1.uniregistrymarket.link ... 
    AXFR record query failed: NOTAUTH
    
    brute force file not specified, bay.
    
    输出信息显示了DNS服务的详细信息。包括主机地址,域名服务器地址和邮件服务地址。
    
    
    2.DNS枚举工具fierce
    功能:
    对子域名进行扫描和收集信息
    使用fierce工具获取一个目标主机上所有IP地址和主机信息。执行命令如下
    
    root@kali:~#fierce -dns baidu.com
    

    结果粗略

    输出的音讯突显了baidu.com下有所的子域。

     

    3.SNMP枚举工具Snmpwalk

    snmpwalk是三个SNMP应用程序。使用SNMP的GETNEXT诉求,查询钦赐的具有OID(SNMP合同中的对象标记)树新闻,并呈现给客商。

    root@kali:~# snmpwalk -c public 192.168.41.138 -v 2c
    

    品尝失败。。。

     

    4.SNMP枚举工具Snmpcheck

    root@kali:~# snmpcheck -t 192.168.41.138
    

    未有差距于尝试失利。。。

    5.SMTP枚举工具smtp-user-enum

      root@kali:~# smtp-user-enum -M VRFY -U /tmp/users.txt -t 192.168.41.138
    

     

    二.测量试验网络范围

    1.域名询问工具DMitryDMitry工具是用来询问IP或WHOIS新闻的。

    WHOIS是用来查询域名是或不是曾经被注册及曾经注册域名的详细音讯的数据库。

    root@kali:~# dmitry -wnpb rzchina.net
    

    子网掩码转变

    root@kali:~# netmask -s rzchina.net 
      180.178.61.83/255.255.255.255
    

     

    2.路由追踪工具Scapy功能:

    人机联作式生成数据包或数据包集结

    对数码包实行操作

    出殡数据包

    包嗅探

    回复和陈说相配

    root@kali:~# scapy
    WARNING: No route found for IPv6 destination :: (no default route?)
    INFO: Can't import python ecdsa lib. Disabled certificate manipulation tools
    Welcome to Scapy (2.3.3)
    >>> ans,unans=sr(IP(dst="www.rzchina.net/30",ttl=(1,6))/TCP())
    Begin emission:
    ....................**.**.**.**.**..****..**..............Finished to send 24 packets.
    ....................................................................................................
    .................................................................................................................................................................................................Traceback (most recent call last):
      File "<console>", line 1, in <module>
      File "/usr/lib/python2.7/dist-packages/scapy/sendrecv.py", line 337, in sr
        a,b=sndrcv(s,x,*args,**kargs)
      File "/usr/lib/python2.7/dist-packages/scapy/sendrecv.py", line 137, in sndrcv
        inp, out, err = select(inmask,[],[], remaintime)
    error: (4, 'Interrupted system call')
    >>> 
    

    以表的款型查看数据包发送情形,实行命令如下所示:

    >>ans.make_table(lambda(s,r):(s.dst,s.ttl,r.src))
    

    品味失利。。。

     

    应用scapy查看TCP路由追踪音信

    >>> res,unans=traceroute(["www.google.com","www.kali.org","www.rzchina.net"],dport=[80,443],maxttl=20,retry=-2)
    Begin emission:
    *.*.*.*.*.*.*.*.*.*.*.*.Finished to send 120 packets.
    Begin emission:
    Finished to send 108 packets.
    Begin emission:
    Finished to send 108 packets.
    ..
    Received 26 packets, got 12 answers, remaining 108 packets
      180.178.61.83:tcp443 180.178.61.83:tcp80 192.124.249.10:tcp443 192.124.249.10:tcp80 31.13.84.1:tcp443  31.13.84.1:tcp80   
    1 192.168.1.1     11   192.168.1.1     11  192.168.1.1     11    192.168.1.1     11   192.168.1.1     11 192.168.1.1     11 
    2 42.198.120.1    11   42.198.120.1    11  42.198.120.1    11    42.198.120.1    11   42.198.120.1    11 42.198.120.1    11 
    >>> 
    

     

     

     

     

    本文由威尼斯官方网站发布于威尼斯官方网站,转载请注明出处:风姿浪漫.枚举服务

    关键词: