摘要:功能介绍将从以下几个方面展开渗透测试前的信息收集工作包括域名的解析结果记录是电子邮件系统中的邮件交换记录的一种另一种邮件交换记录是记录在协议中或记录在协议中。的方向查询,即通过指向的反查相关的域名信息唯一可能有点缺憾的是没有加入暴力遍历。
功能介绍
instarecon将从以下几个方面展开渗透测试前的信息收集工作
1. DNS (direct, PTR, MX, NS) lookups
包括域名的dns解析结果;
PTR记录:是电子邮件系统中的邮件交换记录的一种;另一种邮件交换记录是A记录(在IPv4协议中)或AAAA记录(在IPv6协议中)。PTR记录常被用于反向地址解析。
MX记录:是邮件交换记录,它指向一个邮件服务器,用于电子邮件系统发邮件时根据 收信人的地址后缀来定位邮件服务器。MX记录也叫做邮件路由记录,用户可以将该域名下的邮件服务器指向到自己的mail server上,然后即可自行操控所有的邮箱设置。
NS记录:NS(Name Server)记录是域名服务器记录,用来指定该域名由哪个DNS服务器来进行解析。
2. Whois (domains and IP) lookups
whois是用来查询域名的IP以及所有者等信息的传输协议。简单说,whois就是一个用来查询域名是否已经被注册,以及注册域名的详细信息的数据库(如域名所有人、域名注册商)。
3. Google dorks in search of subdomains
google搜索引擎记录的二级域名相关信息
4. Shodan lookups
通过shodan获取域名相关信息;Shodan真正值得注意的能力就是能找到几乎所有和互联网相关联的东西。而Shodan真正的可怕之处就是这些设备几乎都没有安装安全防御措施,其可以随意进入。
5. Reverse DNS lookups on entire CIDRs
dns的方向查询,即通过指向的ip反查ip相关的域名信息
唯一可能有点缺憾的是没有加入dns暴力遍历。
下载bash➜ tools git:(master) ✗ git clone https://github.com/vergl4s/instarecon.git
接下来需要安装python的扩展,如果已经安装的pip则直接安装:
bashsudo pip install pythonwhois ipwhois ipaddress shodan
如果没有安装pip,可以这样安装
shsudo easy_install pip使用
使用很简单,给个示例:
$ ./instarecon.py -s-o ~/Desktop/github.com.csv github.com
跑一下乌云的信息看看:
[root@localhost instarecon]# python instarecon.py wooyun.org # InstaRecon v0.1 - by Luis Teixeira (teix.co) # Scanning 1/1 hosts # No Shodan key provided # ____________________ Scanning wooyun.org ____________________ # # DNS lookups [*] Domain: wooyun.org [*] IPs & reverse DNS: 162.159.208.53 162.159.209.53 # Whois lookups [*] Whois domain: Domain Name:WOOYUN.ORG Domain ID: D159099935-LROR Creation Date: 2010-05-06T08:50:48Z Updated Date: 2015-01-07T03:37:41Z Registry Expiry Date: 2024-05-06T08:50:48Z Sponsoring Registrar:Hichina Zhicheng Technology Limited (R1373-LROR) Sponsoring Registrar IANA ID: 420 WHOIS Server: Referral URL: Domain Status: clientDeleteProhibited -- http://www.icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited -- http://www.icann.org/epp#clientTransferProhibited Registrant ID:hc556860480-cn Registrant Name:Fang Xiao Dun Registrant Organization:Fang Xiao Dun Registrant Street: Haidian District JuYuan Road 6# 502 Registrant City:Beijing Registrant State/Province:Beijing Registrant Postal Code:100080 Registrant Country:CN Registrant Phone:+86.18610137578 Registrant Phone Ext: Registrant Fax: +86.18610137578 Registrant Fax Ext: Registrant Email:xssshell@gmail.com Admin ID:HC-009652962-CN Admin Name:Fang Xiaodun Admin Organization:Beijing Bigfish Technology Admin Street: Haidian District JuYuan Road 6# 502 Admin City:Beijing Admin State/Province:Beijing Admin Postal Code:100080 Admin Country:CN Admin Phone:+86.18610137578 Admin Phone Ext: Admin Fax: +86.18610137578 Admin Fax Ext: Admin Email:xssshell@gmail.com Tech ID:HC-844637505-CN Tech Name:Fang Xiaodun Tech Organization:Beijing Bigfish Technology Tech Street: Haidian District JuYuan Road 6# 502 Tech City:Beijing Tech State/Province:Beijing Tech Postal Code:100080 Tech Country:CN Tech Phone:+86.18610137578 Tech Phone Ext: Tech Fax: +86.18610137578 Tech Fax Ext: Tech Email:xssshell@gmail.com Name Server:NS1.DNSV2.COM Name Server:NS2.DNSV2.COM Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: DNSSEC:Unsigned Access to Public Interest Registry WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the Public Interest Registry registry database. The data in this record is provided by Public Interest Registry for informational purposes only, and Public Interest Registry does not guarantee its accuracy. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to(a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient"s own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Afilias except as reasonably necessary to register domain names or modify existing registrations. All rights reserved. Public Interest Registry reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy. For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en. [*] Whois IP: asn: 13335 asn_cidr: 162.159.208.0/24 asn_country_code: US asn_date: 2013-05-23 asn_registry: arin net 0: cidr: 162.158.0.0/15 range: 162.158.0.0 - 162.159.255.255 name: CLOUDFLARENET description: CloudFlare, Inc. handle: NET-162-158-0-0-1 address: 665 Third Street #207 city: San Francisco state: CA postal_code: 94107 country: US abuse_emails: abuse@cloudflare.com tech_emails: admin@cloudflare.com created: 2013-05-23 00:00:00 updated: 2013-05-23 00:00:00 # Querying Google for subdomains and Linkedin pages, this might take a while [-] Error: No subdomains found in Google. If you are scanning a lot, Google might be blocking your requests. # Reverse DNS lookup on range 162.158.0.0/15 162.159.8.133 - cf-162-159-8-133.cloudflare.com 162.159.9.204 - cf-162-159-9-204.cloudflare.com 162.159.24.5 - dns1.namecheaphosting.com 162.159.24.6 - a.ns.zerigo.net 162.159.24.7 - e.ns.zerigo.net 162.159.24.204 - ns1.proisp.no 162.159.25.5 - dns2.namecheaphosting.com 162.159.25.6 - b.ns.zerigo.net 162.159.25.7 - f.ns.zerigo.net 162.159.25.138 - ns2.proisp.no 162.159.26.6 - c.ns.zerigo.net 162.159.27.6 - d.ns.zerigo.net # Done
可以看到乌云使用的是cloudflare;负责人是fangxiaodun;邮箱是xssshell@gmail.com
来自http://www.codefrom.com/paper/%20%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95%...
文章版权归作者所有,未经允许请勿转载,若此文章存在违规行为,您可以联系管理员删除。
转载请注明本文地址:https://www.ucloud.cn/yun/37536.html
摘要:功能介绍将从以下几个方面展开渗透测试前的信息收集工作包括域名的解析结果记录是电子邮件系统中的邮件交换记录的一种另一种邮件交换记录是记录在协议中或记录在协议中。的方向查询,即通过指向的反查相关的域名信息唯一可能有点缺憾的是没有加入暴力遍历。 功能介绍 instarecon将从以下几个方面展开渗透测试前的信息收集工作 1. DNS (direct, PTR, MX, NS) looku...
阅读 1588·2023-04-25 20:36
阅读 2010·2021-09-02 15:11
阅读 1130·2021-08-27 13:13
阅读 2638·2019-08-30 15:52
阅读 4432·2019-08-29 17:13
阅读 980·2019-08-29 11:09
阅读 1470·2019-08-26 11:51
阅读 815·2019-08-26 10:56