摘要:功能介紹將從以下幾個(gè)方面展開(kāi)滲透測(cè)試前的信息收集工作包括域名的解析結(jié)果記錄是電子郵件系統(tǒng)中的郵件交換記錄的一種另一種郵件交換記錄是記錄在協(xié)議中或記錄在協(xié)議中�����。的方向查詢����,即通過(guò)指向的反查相關(guān)的域名信息唯一可能有點(diǎn)缺憾的是沒(méi)有加入暴力遍歷。
功能介紹
instarecon將從以下幾個(gè)方面展開(kāi)滲透測(cè)試前的信息收集工作
1. DNS (direct, PTR, MX, NS) lookups
包括域名的dns解析結(jié)果����;
PTR記錄:是電子郵件系統(tǒng)中的郵件交換記錄的一種;另一種郵件交換記錄是A記錄(在IPv4協(xié)議中)或AAAA記錄(在IPv6協(xié)議中)�����。PTR記錄常被用于反向地址解析���。
MX記錄:是郵件交換記錄�,它指向一個(gè)郵件服務(wù)器,用于電子郵件系統(tǒng)發(fā)郵件時(shí)根據(jù) 收信人的地址后綴來(lái)定位郵件服務(wù)器�����。MX記錄也叫做郵件路由記錄���,用戶可以將該域名下的郵件服務(wù)器指向到自己的mail server上�����,然后即可自行操控所有的郵箱設(shè)置�。
NS記錄:NS(Name Server)記錄是域名服務(wù)器記錄�����,用來(lái)指定該域名由哪個(gè)DNS服務(wù)器來(lái)進(jìn)行解析�。
2. Whois (domains and IP) lookups
whois是用來(lái)查詢域名的IP以及所有者等信息的傳輸協(xié)議。簡(jiǎn)單說(shuō)��,whois就是一個(gè)用來(lái)查詢域名是否已經(jīng)被注冊(cè)���,以及注冊(cè)域名的詳細(xì)信息的數(shù)據(jù)庫(kù)(如域名所有人、域名注冊(cè)商)。
3. Google dorks in search of subdomains
google搜索引擎記錄的二級(jí)域名相關(guān)信息
4. Shodan lookups
通過(guò)shodan獲取域名相關(guān)信息���;Shodan真正值得注意的能力就是能找到幾乎所有和互聯(lián)網(wǎng)相關(guān)聯(lián)的東西��。而Shodan真正的可怕之處就是這些設(shè)備幾乎都沒(méi)有安裝安全防御措施����,其可以隨意進(jìn)入��。
5. Reverse DNS lookups on entire CIDRs
dns的方向查詢�,即通過(guò)指向的ip反查ip相關(guān)的域名信息
唯一可能有點(diǎn)缺憾的是沒(méi)有加入dns暴力遍歷。
下載
bash? tools git:(master) ? git clone https://github.com/vergl4s/instarecon.git
接下來(lái)需要安裝python的擴(kuò)展,如果已經(jīng)安裝的pip則直接安裝:
bashsudo pip install pythonwhois ipwhois ipaddress shodan
如果沒(méi)有安裝pip��,可以這樣安裝
shsudo easy_install pip
使用
使用很簡(jiǎn)單���,給個(gè)示例:
$ ./instarecon.py -s -o ~/Desktop/github.com.csv github.com
跑一下烏云的信息看看:
[root@localhost instarecon]# python instarecon.py wooyun.org
# InstaRecon v0.1 - by Luis Teixeira (teix.co)
# Scanning 1/1 hosts
# No Shodan key provided
# ____________________ Scanning wooyun.org ____________________ #
# DNS lookups
[*] Domain: wooyun.org
[*] IPs & reverse DNS:
162.159.208.53
162.159.209.53
# Whois lookups
[*] Whois domain:
Domain Name:WOOYUN.ORG
Domain ID: D159099935-LROR
Creation Date: 2010-05-06T08:50:48Z
Updated Date: 2015-01-07T03:37:41Z
Registry Expiry Date: 2024-05-06T08:50:48Z
Sponsoring Registrar:Hichina Zhicheng Technology Limited (R1373-LROR)
Sponsoring Registrar IANA ID: 420
WHOIS Server:
Referral URL:
Domain Status: clientDeleteProhibited -- http://www.icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited -- http://www.icann.org/epp#clientTransferProhibited
Registrant ID:hc556860480-cn
Registrant Name:Fang Xiao Dun
Registrant Organization:Fang Xiao Dun
Registrant Street: Haidian District JuYuan Road 6# 502
Registrant City:Beijing
Registrant State/Province:Beijing
Registrant Postal Code:100080
Registrant Country:CN
Registrant Phone:+86.18610137578
Registrant Phone Ext:
Registrant Fax: +86.18610137578
Registrant Fax Ext:
Registrant Email:[email protected]
Admin ID:HC-009652962-CN
Admin Name:Fang Xiaodun
Admin Organization:Beijing Bigfish Technology
Admin Street: Haidian District JuYuan Road 6# 502
Admin City:Beijing
Admin State/Province:Beijing
Admin Postal Code:100080
Admin Country:CN
Admin Phone:+86.18610137578
Admin Phone Ext:
Admin Fax: +86.18610137578
Admin Fax Ext:
Admin Email:[email protected]
Tech ID:HC-844637505-CN
Tech Name:Fang Xiaodun
Tech Organization:Beijing Bigfish Technology
Tech Street: Haidian District JuYuan Road 6# 502
Tech City:Beijing
Tech State/Province:Beijing
Tech Postal Code:100080
Tech Country:CN
Tech Phone:+86.18610137578
Tech Phone Ext:
Tech Fax: +86.18610137578
Tech Fax Ext:
Tech Email:[email protected]
Name Server:NS1.DNSV2.COM
Name Server:NS2.DNSV2.COM
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
DNSSEC:Unsigned
Access to Public Interest Registry WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the Public Interest Registry registry database. The data in this record is provided by Public Interest Registry for informational purposes only, and Public Interest Registry does not guarantee its accuracy. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to(a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient"s own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Afilias except as reasonably necessary to register domain names or modify existing registrations. All rights reserved. Public Interest Registry reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy. For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.
[*] Whois IP:
asn: 13335
asn_cidr: 162.159.208.0/24
asn_country_code: US
asn_date: 2013-05-23
asn_registry: arin
net 0:
cidr: 162.158.0.0/15
range: 162.158.0.0 - 162.159.255.255
name: CLOUDFLARENET
description: CloudFlare, Inc.
handle: NET-162-158-0-0-1
address: 665 Third Street #207
city: San Francisco
state: CA
postal_code: 94107
country: US
abuse_emails: [email protected]
tech_emails: [email protected]
created: 2013-05-23 00:00:00
updated: 2013-05-23 00:00:00
# Querying Google for subdomains and Linkedin pages, this might take a while
[-] Error: No subdomains found in Google. If you are scanning a lot, Google might be blocking your requests.
# Reverse DNS lookup on range 162.158.0.0/15
162.159.8.133 - cf-162-159-8-133.cloudflare.com
162.159.9.204 - cf-162-159-9-204.cloudflare.com
162.159.24.5 - dns1.namecheaphosting.com
162.159.24.6 - a.ns.zerigo.net
162.159.24.7 - e.ns.zerigo.net
162.159.24.204 - ns1.proisp.no
162.159.25.5 - dns2.namecheaphosting.com
162.159.25.6 - b.ns.zerigo.net
162.159.25.7 - f.ns.zerigo.net
162.159.25.138 - ns2.proisp.no
162.159.26.6 - c.ns.zerigo.net
162.159.27.6 - d.ns.zerigo.net
# Done
可以看到烏云使用的是cloudflare��;負(fù)責(zé)人是fangxiaodun���;郵箱是[email protected]
來(lái)自http://www.codefrom.com/paper/%20%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95%...
文章版權(quán)歸作者所有,未經(jīng)允許請(qǐng)勿轉(zhuǎn)載,若此文章存在違規(guī)行為���,您可以聯(lián)系管理員刪除��。
轉(zhuǎn)載請(qǐng)注明本文地址:http://systransis.cn/yun/37536.html
