metasploit初识|外围情报搜索

1、whois域名注册信息查询：

一般域名注册信息包含域名所有者、服务商、管理员邮件地址、域名注册日期和过期日期等



whois查询

新发现whois查询 网址 和 网址解析出来的ip地址 有不同的东西。

~# whois wjjsm.com

Domain Name: WJJSM.COM
Registrar: HICHINA ZHICHENG TECHNOLOGY LTD.
Whois Server: grs-whois.hichina.com
Referral URL: http://www.net.cn Name Server: DNS10.HICHINA.COM
Name Server: DNS9.HICHINA.COM
Status: ok
Updated Date: 22-oct-2013
Creation Date: 07-dec-2011
Expiration Date: 07-dec-2019

Domain Name: wjjsm.com
Registry Domain ID:
Registrar WHOIS Server: whois.hichina.com
Registrar URL: http://www.net.cn/ Updated Date: 2013-10-23T01:39:41Z
Creation Date: 2011-12-07T08:19:33Z
Registrar Registration Expiration Date: 2019-12-07T08:19:33Z
Registrar: HICHINA ZHICHENG TECHNOLOGY LTD.
Registrar IANA ID: 420
Registrar Abuse Contact Email: abuse@list.alibaba-inc.com
Registrar Abuse Contact Phone: +86.1064242299
Reseller:
Domain Status:
Registry Registrant ID: hc693853766-cn
Registrant Name: xue huawen
Registrant Organization: xuehuawen
Registrant Street: shanghaishi huajingzheng huajingxiaoqu 880nong71hao501shi
Registrant City: shang hai shi
Registrant State/Province: shang hai
Registrant Postal Code: 200231
Registrant Country: CN
Registrant Phone: +86.02154359878
Registrant Phone Ext:
Registrant Fax: +86.02154359878
Registrant Fax Ext:
Registrant Email: 103528671@qq.com
Registry Admin ID: hc693853766-cn
Admin Name: xue huawen
Admin Organization: xuehuawen
Admin Street: shanghaishi huajingzheng huajingxiaoqu 880nong71hao501shi
Admin City: shang hai shi
Admin State/Province: shang hai
Admin Postal Code: 200231
Admin Country: CN
Admin Phone: +86.02154359878
Admin Phone Ext:
Admin Fax: +86.02154359878
Admin Fax Ext:
Admin Email: 103528671@qq.com
Registry Tech ID: hc693853766-cn
Tech Name: xue huawen
Tech Organization: xuehuawen
Tech Street: shanghaishi huajingzheng huajingxiaoqu 880nong71hao501shi
Tech City: shang hai shi
Tech State/Province: shang hai
Tech Postal Code: 200231
Tech Country: CN
Tech Phone: +86.02154359878
Tech Phone Ext:
Tech Fax: +86.02154359878
Tech Fax Ext:
Tech Email: 103528671@qq.com
Name Server: dns10.hichina.com
Name Server: dns9.hichina.com
DNSSEC: unsigned

Registry Billing ID: hc693853766-cn
Billing Name: xue huawen
Billing Organization: xuehuawen
Billing Street: shanghaishi huajingzheng huajingxiaoqu 880nong71hao501shi
Billing City: shang hai shi
Billing State/Province: shang hai
Billing Postal Code: 200231
Billing Country: CN
Billing Phone: +86.02154359878
Billing Phone Ext:
Billing Fax: +86.02154359878
Billing Fax Ext:
Billing Email: <a target=_blank href="mailto:103528671@qq.com">103528671@qq.com</a>

以上能得出注册人以及管理员的一些信息。

下面是whois查询ip得到的

~# whois 115.28.168.75
% [whois.apnic.net]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html 
% Information related to '115.28.0.0 - 115.29.255.255'

inetnum:        115.28.0.0 - 115.29.255.255
netname:        ALISOFT
descr:          Aliyun Computing Co., LTD
descr:          5F, Builing D, the West Lake International Plaza of S&T
descr:          No.391 Wen'er Road, Hangzhou, Zhejiang, China, 310099
country:        CN
admin-c:        ZM1015-AP
tech-c:         ZM877-AP
tech-c:         ZM876-AP
tech-c:         ZM875-AP
mnt-by:         MAINT-CNNIC-AP
mnt-irt:        IRT-CNNIC-CN
status:         ALLOCATED PORTABLE
changed:        ipas@cnnic.cn 20140730
source:         APNIC

irt:            IRT-CNNIC-CN
address:        Beijing, China
e-mail:         ipas@cnnic.cn
abuse-mailbox:  ipas@cnnic.cn
admin-c:        IP50-AP
tech-c:         IP50-AP
auth:           # Filtered
remarks:        Please note that CNNIC is not an ISP and is not
remarks:        empowered to investigate complaints of network abuse.
remarks:        Please contact the tech-c or admin-c of the network.
mnt-by:         MAINT-CNNIC-AP
changed:        ipas@cnnic.cn 20110428
source:         APNIC

person:         Li Jia
address:        NO.969 West Wen Yi Road, Yu Hang District, Hangzhou
country:        CN
phone:          +86-0571-85022088
e-mail:         jiali.jl@alibaba-inc.com
nic-hdl:        ZM1015-AP
mnt-by:         MAINT-CNNIC-AP
changed:        ipas@cnnic.net 20130730
source:         APNIC

person:         Guoxin Gao
address:        5F, Builing D, the West Lake International Plaza of S&T
address:        No.391 Wen'er Road, Hangzhou City
address:        Zhejiang, China, 310099
country:        CN
phone:          +86-0571-85022600
fax-no:         +86-0571-85022600
e-mail:         anti-spam@list.alibaba-inc.com
nic-hdl:        ZM875-AP
mnt-by:         MAINT-CNNIC-AP
changed:        ipas@cnnic.net 20130705
source:         APNIC

person:         security trouble
e-mail:         cloud-cc-sqcloud@list.alibaba-inc.com
address:        5th,floor,Building D,the West Lake International Plaza of S&T,391#Wen’er Road
address:        Hangzhou, Zhejiang, China
phone:          +86-0571-85022600
country:        CN
mnt-by:         MAINT-CNNIC-AP
nic-hdl:        ZM876-AP
changed:        ipas@cnnic.cn 20130708
source:         APNIC

person:         Guowei Pan
address:        5F, Builing D, the West Lake International Plaza of S&T
address:        No.391 Wen'er Road, Hangzhou City
address:        Zhejiang, China, 310099
country:        CN
phone:          +86-0571-85022088-30763
fax-no:         +86-0571-85022600
e-mail:         guowei.pangw@alibaba-inc.com
nic-hdl:        ZM877-AP
mnt-by:         MAINT-CNNIC-AP
changed:        ipas@cnnic.net 20130709
source:         APNIC

% Information related to '0.0.0.0 - 255.255.255.255'

inetnum:        0.0.0.0 - 255.255.255.255
netname:        IANA-BLK
descr:          The whole IPv4 address space
country:        EU # Country is really world wide
org:            ORG-IANA1-AFRINIC
admin-c:        IANA1-AFRINIC
tech-c:         IANA1-AFRINIC
status:         ALLOCATED UNSPECIFIED
remarks:        The country is really worldwide.
remarks:        This address space is assigned at various other places in
remarks:        the world and might therefore not be in the RIPE database.
mnt-by:         AFRINIC-HM-MNT
mnt-lower:      AFRINIC-HM-MNT
changed:        ***@ripe.net 20010529
changed:        ***@ripe.net 20020625
changed:        ***@ripe.net 20031014
changed:        ***@ripe.net 20040422
changed:        ***@ripe.net 20040504
changed:        ***@afrinic.net 20050205
remarks:        data has been transferred from RIPE Whois Database 20050221
source:         AFRINIC

organisation:   ORG-IANA1-AFRINIC
org-name:       Internet Assigned Numbers Authority
org-type:       IANA
country:        EU # Country is really worldwide
address:        see http://www.iana.org remarks:        The IANA allocates IP addresses and AS number blocks to RIRs
remarks:        see http://www.iana.org/ipaddress/ip-addresses.htm remarks:        and http://www.iana.org/assignments/as-numbers e-mail:         ***@ripe.net
admin-c:        IANA1-AFRINIC
tech-c:         IANA1-AFRINIC
mnt-ref:        AFRINIC-HM-MNT
mnt-by:         AFRINIC-HM-MNT
changed:        ***@ripe.net 20040417
changed:        ***@afrinic.net 20050205
remarks:        data has been transferred from RIPE Whois Database 20050221
source:         AFRINIC

role:           Internet Assigned Numbers Authority
address:        see http://www.iana.org. e-mail:         ***@ripe.net
admin-c:        IANA1-AFRINIC
tech-c:         IANA1-AFRINIC
nic-hdl:        IANA1-AFRINIC
remarks:        For more information on IANA services
remarks:        go to IANA web site at http://www.iana.org. mnt-by:         AFRINIC-DB-MNT
changed:        ***@afrinic.net 20050101
changed:        ***@afrinic.net 20050205
remarks:        data has been transferred from RIPE Whois Database 20050221
source:         AFRINIC

% This query was served by the APNIC Whois Service version 1.69.1-APNICv1r0 (WHOIS4)

查询到的内容是该ip地址的网站提供商的一些信息。

2、IP2Location地理位置信息查询
http://www.ip2location.com/
3、NetCraft提供的查询

方法：http://toolbar.netcraft.com/site_report?url=http://要查询的域名



4、IP2Domain反查域名
http://www.ip-adress.com/reverse_ip/
5、Google hacking&metasploit辅助模块

①探索网站目录结构

Google关键字：parent directory site: www.testfire.net

metasploit搜索模块：auxiliary/scanner/http/dir_scanner



②检索特定文件

Google关键字：site:testfire.net filetype:xls

③获取电子邮件地址列表

metasploit搜索模块：auxiliary/gather/search_email_collector

*这个模块在中国算是废了，Google上不去，这个模块要利用Google的功能的。。

④搜索易存在的sql注点

Google关键字：site:testfire.net inurl:login

sql简易语句注入，用户名密码：'or

6、NMAP端口扫描

-sS：TCP隐秘扫描

-Pn：不去ping目标主机（不去确认主机是否存活）

-A：更详尽的扫描