如果对一个网站很感兴趣,要怎样来得到你想要的信息呢!下面我来一步一步演示,就用几个常用的命令就可以得到很多信息了。

ping命令常用,可以从域名获取ip地址,使用很简单

1
2
3
4
5
[root@xxxxxx ~] # ping xiaomastack.com
PING xiaomastack.com (121.40.74.211) 56(84) bytes of data.
64 bytes from 121.40.74.211: icmp_seq=1 ttl=49 time =10.2 ms
64 bytes from 121.40.74.211: icmp_seq=2 ttl=49 time =10.7 ms
64 bytes from 121.40.74.211: icmp_seq=3 ttl=49 time =10.3 ms

使用host命令可以很直观的判断解析的类型,比如A记录或CNAME记录,比如下面的blog.xiaomastack.com 是一个A记录,www.xiaomastack.com是CNAME记录,一般域名做CDN加速就是采用的CNAME记录

1
2
3
4
5
6
7
8
9
10
正常的A记录解析的域名一般是这样的
[root@xxxxxx ~] # host blog.xiaomastack.com
blog.xiaomastack.com has address 121.40.74.211
 
采用CNAME解析的域名一般是这样的【常用在CDN加速,如果是CDN加速,解析出来的地址一般是离你比较近的那个加速点的地址】
[root@xxxxxx ~] # host www.xiaomastack.com
www.xiaomastack.com is an alias for www.xiaomastack.com.w.alikunlun.com.
www.xiaomastack.com.w.alikunlun.com is an alias for aries.m.alikunlun.com.
aries.m.alikunlun.com has address 114.80.174.110
aries.m.alikunlun.com has address 114.80.174.120

使用nslookup一样也能达到host同样的效果。

dig命令可以查到域名解析的服务器

1
2
3
4
5
6
7
8
9
10
[root@xxxxxx ~] # dig +trace www.xiaomastack.com
从根.一层一层的开始解析,一直解析到www这个二级域名
下面省略N行
最后几行的信息是这样的(可以看到解析此域名的服务器和解析的类型)
xiaomastack.com.    172800  IN  NS  dns13.hichina.com.
xiaomastack.com.    172800  IN  NS  dns14.hichina.com.
;; Received 181 bytes from 192.33.14.30 #53(192.33.14.30) in 27 ms
 
www.xiaomastack.com.    600 IN  CNAME   www.xiaomastack.com.w.alikunlun.com.
;; Received 83 bytes from 42.120.248.215 #53(42.120.248.215) in 16 ms

namp就更强大了,能够扫描到域名所在服务器开放了那些端口,开启了什么服务,是什么操作系统等。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
- v 参数扫描主机详细的参数,具体什么参数自己看
[root@xxxxxx~] # nmap -v blog.xiaomastack.com
 
Starting Nmap 5.51 ( http: //nmap .org ) at 2014-07-27 16:17 CST
Initiating Ping Scan at 16:17
Scanning blog.xiaomastack.com (121.40.74.211) [4 ports]
Completed Ping Scan at 16:17, 0.03s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 16:17
Completed Parallel DNS resolution of 1 host. at 16:17, 0.00s elapsed
Initiating SYN Stealth Scan at 16:17
Scanning blog.xiaomastack.com (121.40.74.211) [1000 ports]
Discovered open port 80 /tcp on 121.40.74.211
Discovered open port 3306 /tcp on 121.40.74.211
Discovered open port 22 /tcp on 121.40.74.211
Completed SYN Stealth Scan at 16:17, 4.16s elapsed (1000 total ports)
Nmap scan report for blog.xiaomastack.com (121.40.74.211)
Host is up (0.010s latency).
Not shown: 996 filtered ports
PORT     STATE  SERVICE
22 /tcp   open   ssh
80 /tcp   open   http
3306 /tcp open   mysql
8090 /tcp closed unknown
 
Read data files from: /usr/share/nmap
Nmap done : 1 IP address (1 host up) scanned in 4.28 seconds
            Raw packets sent: 2003 (88.096KB) | Rcvd: 8 (332B)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
-O参数尝试去猜测操作系统类型
[root@xxxxxx ~] # nmap -O blog.xiaomastack.com
 
Starting Nmap 5.51 ( http: //nmap .org ) at 2014-07-27 16:19 CST
Nmap scan report for blog.xiaomastack.com (121.40.74.211)
Host is up (0.011s latency).
Not shown: 996 filtered ports
PORT     STATE  SERVICE
22 /tcp   open   ssh
80 /tcp   open   http
3306 /tcp open   mysql
8090 /tcp closed unknown
Device type : WAP|general purpose|specialized
Running (JUST GUESSING): Netgear embedded (89%), Linux 2.6.X|2.4.X (88%), Linksys Linux 2.4.X (87%), Asus Linux 2.6.X (87%), Crestron 2-Series (86%)
Aggressive OS guesses: Netgear DG834G WAP (89%), Linux 2.6.32 (88%), Linux 2.6.34 (88%), Linux 2.6.22 (Fedora Core 6) (87%), OpenWrt White Russian 0.9 (Linux 2.4.30) (87%), OpenWrt 0.9 - 7.09 (Linux 2.4.30 - 2.4.34) (87%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (87%), Asus RT-N16 WAP (Linux 2.6) (87%), Crestron XPanel control system (86%), Linux 2.6.22 (Ubuntu 7.04, x86, SMP) (85%)
No exact OS matches for host ( test conditions non-ideal).
 
OS detection performed. Please report any incorrect results at http: //nmap .org /submit/ .
Nmap done : 1 IP address (1 host up) scanned in 10.97 seconds

还有其他的命令或参数可以从一个域名获取更多的信息。大家可以尽情的去挖掘。

转载请注明出去:http://www.xiaomastack.com/2014/07/27/shellbashcommand/ 谢谢!