1、使用nslookup 命令
nslookup www.gzoi.cn
Server: 192.168.213.2
Address: 192.168.213.2#53
Non-authoritative answer:
www.gzoi.cn canonical name = 676995.vhost430.cloudvhost.cn.
Name: 676995.vhost430.cloudvhost.cn
Address: 122.114.121.85
2、使用dig命令
dig www.gzoi.cn
; <<>> DiG 9.18.12-1-Debian <<>> www.gzoi.cn
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35360
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.gzoi.cn. IN A
;; ANSWER SECTION:
www.gzoi.cn. 5 IN CNAME 676995.vhost430.cloudvhost.cn.
676995.vhost430.cloudvhost.cn. 5 IN A 122.114.121.85
;; Query time: 252 msec
;; SERVER: 192.168.213.2#53(192.168.213.2) (UDP)
;; WHEN: Sun May 28 12:52:27 EDT 2023
;; MSG SIZE rcvd: 86
3、使用dig命令 传参 any
dig www.gzoi.cn any
┌──(kali㉿kali)-[~]
└─$ dig gzoi.cn any
;; Connection to 192.168.213.2#53(192.168.213.2) for gzoi.cn failed: connection refused.
;; Connection to 192.168.213.2#53(192.168.213.2) for gzoi.cn failed: connection refused.
;; Connection to 192.168.213.2#53(192.168.213.2) for gzoi.cn failed: connection refused.
4、dig -X反向查询
dig -x 114.114.114.114
┌──(kali㉿kali)-[~]
└─$ dig -x 114.114.114.114
; <<>> DiG 9.18.12-1-Debian <<>> -x 114.114.114.114
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3692
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;114.114.114.114.in-addr.arpa. IN PTR
;; ANSWER SECTION:
114.114.114.114.in-addr.arpa. 5 IN PTR public1.114dns.com.
;; Query time: 12 msec
;; SERVER: 192.168.213.2#53(192.168.213.2) (UDP)
;; WHEN: Sun May 28 13:01:23 EDT 2023
;; MSG SIZE rcvd: 78
5、dig txt chaos VERSION.BIND
查询DNS服务器bind版本信息,可以通过版本信息来查找相关版本漏洞的利用方式
dig txt chaos VERSION.BIND @ns3.dnsv4.com
┌──(kali㉿kali)-[~]
└─$ dig txt chaos VERSION.BIND @ns3.dnsv4.com
;; Warning: query response not set
;; Warning: Message parser reports malformed message packet.
; <<>> DiG 9.18.12-1-Debian <<>> txt chaos VERSION.BIND @ns3.dnsv4.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33851
;; flags: rd ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;VERSION.BIND. CH TXT
;; ANSWER SECTION:
VERSION.BIND. 0 CH TXT "DNSPod AUTHORITY DNS 7.2.2210.03"
;; Query time: 44 msec
;; SERVER: 36.155.149.198#53(ns3.dnsv4.com) (UDP)
;; WHEN: Sun May 28 13:06:12 EDT 2023
;; MSG SIZE rcvd: 75
6、whois 查询域名注册信息
whois gzoi.cn
┌──(kali㉿kali)-[~]
└─$ whois gzoi.cn
Domain Name: gzoi.cn
ROID: 20150527s10001s76030734-cn
Domain Status: clientTransferProhibited
Registrant: xxx
Registrant Contact Email: 312217685@qq.com
Sponsoring Registrar: 厦门易名科技股份有限公司
Name Server: ns4.dns.com
Name Server: ns3.dns.com
Registration Time: 2015-05-27 18:14:37
Expiration Time: 2024-05-27 18:14:37
DNSSEC: unsigned
7、使用Maltego收集子域名信息
该工具的主要重点是分析通过互联网访问的数据之间的真实世界关系,其中包括足迹互联网基础设施和收集有关拥有该网络的人员和组织的数据。通过使用OSINT(开源情报)技术,通过查询whois记录,社交网络,DNS记录,不同的在线API,提取元数据和搜索引擎来搜索这些数据之间的连接。该工具将提供广泛的图形布局结果,允许对数据进行聚类,使关系准确和即时。
8、shodan.io收集漏洞:
(1)网络摄像头: webcam
(2) 网站漏洞: net:202.98.198.167
(3) 端口查询: port:80 3389
(4)指定地区端口: city:beijing port:80