metasploit初识|外围情报搜索
2014-08-04 10:15
357 查看
1、whois域名注册信息查询:
一般域名注册信息包含域名所有者、服务商、管理员邮件地址、域名注册日期和过期日期等
whois查询
新发现whois查询 网址 和 网址解析出来的ip地址 有不同的东西。
以上能得出注册人以及管理员的一些信息。
下面是whois查询ip得到的
查询到的内容是该ip地址的网站提供商的一些信息。
2、IP2Location地理位置信息查询
http://www.ip2location.com/
3、NetCraft提供的查询
方法:http://toolbar.netcraft.com/site_report?url=http://要查询的域名
4、IP2Domain反查域名
http://www.ip-adress.com/reverse_ip/
5、Google hacking&metasploit辅助模块
①探索网站目录结构
Google关键字:parent directory site: www.testfire.net
metasploit搜索模块:auxiliary/scanner/http/dir_scanner
②检索特定文件
Google关键字:site:testfire.net filetype:xls
③获取电子邮件地址列表
metasploit搜索模块:auxiliary/gather/search_email_collector
*这个模块在中国算是废了,Google上不去,这个模块要利用Google的功能的。。
④搜索易存在的sql注点
Google关键字:site:testfire.net inurl:login
sql简易语句注入,用户名密码:'or
6、NMAP端口扫描
-sS:TCP隐秘扫描
-Pn:不去ping目标主机(不去确认主机是否存活)
-A:更详尽的扫描
一般域名注册信息包含域名所有者、服务商、管理员邮件地址、域名注册日期和过期日期等
whois查询
新发现whois查询 网址 和 网址解析出来的ip地址 有不同的东西。
~# whois wjjsm.com Domain Name: WJJSM.COM Registrar: HICHINA ZHICHENG TECHNOLOGY LTD. Whois Server: grs-whois.hichina.com Referral URL: http://www.net.cn Name Server: DNS10.HICHINA.COM Name Server: DNS9.HICHINA.COM Status: ok Updated Date: 22-oct-2013 Creation Date: 07-dec-2011 Expiration Date: 07-dec-2019 Domain Name: wjjsm.com Registry Domain ID: Registrar WHOIS Server: whois.hichina.com Registrar URL: http://www.net.cn/ Updated Date: 2013-10-23T01:39:41Z Creation Date: 2011-12-07T08:19:33Z Registrar Registration Expiration Date: 2019-12-07T08:19:33Z Registrar: HICHINA ZHICHENG TECHNOLOGY LTD. Registrar IANA ID: 420 Registrar Abuse Contact Email: abuse@list.alibaba-inc.com Registrar Abuse Contact Phone: +86.1064242299 Reseller: Domain Status: Registry Registrant ID: hc693853766-cn Registrant Name: xue huawen Registrant Organization: xuehuawen Registrant Street: shanghaishi huajingzheng huajingxiaoqu 880nong71hao501shi Registrant City: shang hai shi Registrant State/Province: shang hai Registrant Postal Code: 200231 Registrant Country: CN Registrant Phone: +86.02154359878 Registrant Phone Ext: Registrant Fax: +86.02154359878 Registrant Fax Ext: Registrant Email: 103528671@qq.com Registry Admin ID: hc693853766-cn Admin Name: xue huawen Admin Organization: xuehuawen Admin Street: shanghaishi huajingzheng huajingxiaoqu 880nong71hao501shi Admin City: shang hai shi Admin State/Province: shang hai Admin Postal Code: 200231 Admin Country: CN Admin Phone: +86.02154359878 Admin Phone Ext: Admin Fax: +86.02154359878 Admin Fax Ext: Admin Email: 103528671@qq.com Registry Tech ID: hc693853766-cn Tech Name: xue huawen Tech Organization: xuehuawen Tech Street: shanghaishi huajingzheng huajingxiaoqu 880nong71hao501shi Tech City: shang hai shi Tech State/Province: shang hai Tech Postal Code: 200231 Tech Country: CN Tech Phone: +86.02154359878 Tech Phone Ext: Tech Fax: +86.02154359878 Tech Fax Ext: Tech Email: 103528671@qq.com Name Server: dns10.hichina.com Name Server: dns9.hichina.com DNSSEC: unsigned Registry Billing ID: hc693853766-cn Billing Name: xue huawen Billing Organization: xuehuawen Billing Street: shanghaishi huajingzheng huajingxiaoqu 880nong71hao501shi Billing City: shang hai shi Billing State/Province: shang hai Billing Postal Code: 200231 Billing Country: CN Billing Phone: +86.02154359878 Billing Phone Ext: Billing Fax: +86.02154359878 Billing Fax Ext: Billing Email: <a target=_blank href="mailto:103528671@qq.com">103528671@qq.com</a>
以上能得出注册人以及管理员的一些信息。
下面是whois查询ip得到的
~# whois 115.28.168.75 % [whois.apnic.net] % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html % Information related to '115.28.0.0 - 115.29.255.255' inetnum: 115.28.0.0 - 115.29.255.255 netname: ALISOFT descr: Aliyun Computing Co., LTD descr: 5F, Builing D, the West Lake International Plaza of S&T descr: No.391 Wen'er Road, Hangzhou, Zhejiang, China, 310099 country: CN admin-c: ZM1015-AP tech-c: ZM877-AP tech-c: ZM876-AP tech-c: ZM875-AP mnt-by: MAINT-CNNIC-AP mnt-irt: IRT-CNNIC-CN status: ALLOCATED PORTABLE changed: ipas@cnnic.cn 20140730 source: APNIC irt: IRT-CNNIC-CN address: Beijing, China e-mail: ipas@cnnic.cn abuse-mailbox: ipas@cnnic.cn admin-c: IP50-AP tech-c: IP50-AP auth: # Filtered remarks: Please note that CNNIC is not an ISP and is not remarks: empowered to investigate complaints of network abuse. remarks: Please contact the tech-c or admin-c of the network. mnt-by: MAINT-CNNIC-AP changed: ipas@cnnic.cn 20110428 source: APNIC person: Li Jia address: NO.969 West Wen Yi Road, Yu Hang District, Hangzhou country: CN phone: +86-0571-85022088 e-mail: jiali.jl@alibaba-inc.com nic-hdl: ZM1015-AP mnt-by: MAINT-CNNIC-AP changed: ipas@cnnic.net 20130730 source: APNIC person: Guoxin Gao address: 5F, Builing D, the West Lake International Plaza of S&T address: No.391 Wen'er Road, Hangzhou City address: Zhejiang, China, 310099 country: CN phone: +86-0571-85022600 fax-no: +86-0571-85022600 e-mail: anti-spam@list.alibaba-inc.com nic-hdl: ZM875-AP mnt-by: MAINT-CNNIC-AP changed: ipas@cnnic.net 20130705 source: APNIC person: security trouble e-mail: cloud-cc-sqcloud@list.alibaba-inc.com address: 5th,floor,Building D,the West Lake International Plaza of S&T,391#Wen’er Road address: Hangzhou, Zhejiang, China phone: +86-0571-85022600 country: CN mnt-by: MAINT-CNNIC-AP nic-hdl: ZM876-AP changed: ipas@cnnic.cn 20130708 source: APNIC person: Guowei Pan address: 5F, Builing D, the West Lake International Plaza of S&T address: No.391 Wen'er Road, Hangzhou City address: Zhejiang, China, 310099 country: CN phone: +86-0571-85022088-30763 fax-no: +86-0571-85022600 e-mail: guowei.pangw@alibaba-inc.com nic-hdl: ZM877-AP mnt-by: MAINT-CNNIC-AP changed: ipas@cnnic.net 20130709 source: APNIC % Information related to '0.0.0.0 - 255.255.255.255' inetnum: 0.0.0.0 - 255.255.255.255 netname: IANA-BLK descr: The whole IPv4 address space country: EU # Country is really world wide org: ORG-IANA1-AFRINIC admin-c: IANA1-AFRINIC tech-c: IANA1-AFRINIC status: ALLOCATED UNSPECIFIED remarks: The country is really worldwide. remarks: This address space is assigned at various other places in remarks: the world and might therefore not be in the RIPE database. mnt-by: AFRINIC-HM-MNT mnt-lower: AFRINIC-HM-MNT changed: ***@ripe.net 20010529 changed: ***@ripe.net 20020625 changed: ***@ripe.net 20031014 changed: ***@ripe.net 20040422 changed: ***@ripe.net 20040504 changed: ***@afrinic.net 20050205 remarks: data has been transferred from RIPE Whois Database 20050221 source: AFRINIC organisation: ORG-IANA1-AFRINIC org-name: Internet Assigned Numbers Authority org-type: IANA country: EU # Country is really worldwide address: see http://www.iana.org remarks: The IANA allocates IP addresses and AS number blocks to RIRs remarks: see http://www.iana.org/ipaddress/ip-addresses.htm remarks: and http://www.iana.org/assignments/as-numbers e-mail: ***@ripe.net admin-c: IANA1-AFRINIC tech-c: IANA1-AFRINIC mnt-ref: AFRINIC-HM-MNT mnt-by: AFRINIC-HM-MNT changed: ***@ripe.net 20040417 changed: ***@afrinic.net 20050205 remarks: data has been transferred from RIPE Whois Database 20050221 source: AFRINIC role: Internet Assigned Numbers Authority address: see http://www.iana.org. e-mail: ***@ripe.net admin-c: IANA1-AFRINIC tech-c: IANA1-AFRINIC nic-hdl: IANA1-AFRINIC remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: AFRINIC-DB-MNT changed: ***@afrinic.net 20050101 changed: ***@afrinic.net 20050205 remarks: data has been transferred from RIPE Whois Database 20050221 source: AFRINIC % This query was served by the APNIC Whois Service version 1.69.1-APNICv1r0 (WHOIS4)
查询到的内容是该ip地址的网站提供商的一些信息。
2、IP2Location地理位置信息查询
http://www.ip2location.com/
3、NetCraft提供的查询
方法:http://toolbar.netcraft.com/site_report?url=http://要查询的域名
4、IP2Domain反查域名
http://www.ip-adress.com/reverse_ip/
5、Google hacking&metasploit辅助模块
①探索网站目录结构
Google关键字:parent directory site: www.testfire.net
metasploit搜索模块:auxiliary/scanner/http/dir_scanner
②检索特定文件
Google关键字:site:testfire.net filetype:xls
③获取电子邮件地址列表
metasploit搜索模块:auxiliary/gather/search_email_collector
*这个模块在中国算是废了,Google上不去,这个模块要利用Google的功能的。。
④搜索易存在的sql注点
Google关键字:site:testfire.net inurl:login
sql简易语句注入,用户名密码:'or
6、NMAP端口扫描
-sS:TCP隐秘扫描
-Pn:不去ping目标主机(不去确认主机是否存活)
-A:更详尽的扫描
相关文章推荐
- metasploit 情报搜集技术【1】外围信息搜索
- metasploit根据cve搜索
- metasploit 情报搜集技术【2】主机探测与端口扫描
- 02 超级搜索术——资源搜索:全面、快速查找全网你想要的任何信息、情报
- Day2:初识Metasploit(下)
- 初识搜索
- 情报收集:Metasploit命令、查询网站和测试网站
- metasploit 情报搜集技术【4】网络漏洞扫描
- 闪速搜索Windows本地文件--Everything初识
- 初识Lucene 4.5全文搜索
- 初识Lucene 4.5.0 全文搜索--(二)
- HDU 3400(搜索题,三分~~初识三分查找)
- ElasticSearch38:初识搜索引擎_上机动手实战常用的各种query搜索语法
- 【搜索那些事】细谈lucene(一)初识全文资源检索框架lucene
- Lucene.net搜索——初识lucene
- ElasticSearch39:初识搜索引擎_上机动手实战多搜索条件组合查询
- Metasploit初识|调试PostgreSQL连接NMAP与Metasploit
- 蓝桥-图1-深度优先搜索初识