基本扫描工具
Fping
Usage: fping [options][targets…]][targets…]
ping选项:
-4,——ipv4只ping ipv4地址
-6,——ipv6只ping ipv6地址
-b,——size=要发送的ping数据的字节数,以字节为单位(默认:56)
-B,——backoff=N设置指数回退因子为N(默认为1.5)
-c,——count=N count模式:向每个目标发送N次ping
-f,——file=从文件中读取目标文件列表(-表示stdin)
-g,——generate生成目标列表(仅当没有指定-f时)
(在目标列表中给出起始和结束IP,或CIDR地址)
(如fping -g 192.168.1.0 192.168.1.255或fping -g 192.168.1.0/24)
-H,——ttl=N设置IP的ttl值(Time To Live hops)
-I,——iface= iface绑定到特定接口
-l,——loop循环模式:永远发送ping
-m,——all使用所提供主机名的所有ip(例如IPv4和IPv6),与-A一起使用
-M,——dontfrag设置不分片标志
-O,——tos=N设置ICMP报文的服务类型tos标志
-p,——period= ping包到一个目标的MSEC间隔(毫秒)
(在循环和计数模式下,默认:1000毫秒)
-r,——retry=N次重试(默认为3次)
-R,——随机随机包数据(以防止链路数据压缩)
-S,——src=IP设置源地址
-t,——timeout=MSEC单个目标初始超时(默认:500毫秒,
除了-l/-c/ -c,这里是-p周期到2000毫秒)
输出选项:
-a,——活着展示活着的目标
-A,——addr按地址显示目标
-C,——vcount=N与-C相同,以详细格式报告结果
-D,——timestamp在每个输出行之前打印时间戳
-e,——elapsed显示返回数据包占用的时间
-i,——interval=发送ping包的MSEC间隔时间(默认为10毫秒)
-n,——name按名称显示目标(-d等效)
-N,——netdata输出兼容netdata(必须是-l -Q)
-o,——宕机显示累计宕机时间(丢失包*包间隔)
-q, -安静安静(不显示每个目标/每坪的结果)
-Q,——squiet=SECS,与-Q相同,但每n秒显示一次汇总信息
-s,——stats打印最终数据
-u,——unreach显示不可达的目标
-v,——version显示版本号
-x,——reachable=N表示>=N个主机是否可达
例子
fping -g 172.16.10.10 172.16.10.30 -a -q
nping
Usage: nping [Probe mode][Options] {target specification}
nping -c 1 -p 23 172.16.10.9-11 --tcp
Starting Nping 0.7.91 ( https://nmap.org/nping ) at 2022-05-11 20:45 CST
SENT (0.0344s) TCP 192.168.8.106:23149 > 172.16.10.9:23 S ttl=64 id=8961 iplen=40 seq=4148311577 win=1480
SENT (1.0363s) TCP 192.168.8.106:23149 > 172.16.10.10:23 S ttl=64 id=8961 iplen=40 seq=4148311577 win=1480
SENT (2.0382s) TCP 192.168.8.106:23149 > 172.16.10.11:23 S ttl=64 id=8961 iplen=40 seq=4148311577 win=1480
RCVD (2.0423s) TCP 172.16.10.11:23 > 192.168.8.106:23149 RA ttl=253 id=45998 iplen=40 seq=0 win=0
Statistics for host 172.16.10.9:
| Probes Sent: 1 | Rcvd: 0 | Lost: 1 (100.00%)
|_ Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A
Statistics for host 172.16.10.10:
| Probes Sent: 1 | Rcvd: 0 | Lost: 1 (100.00%)
|_ Max rtt: N/A | Min rtt: N/A | Avg rtt: N/A
Statistics for host 172.16.10.11:
| Probes Sent: 1 | Rcvd: 1 | Lost: 0 (0.00%)
|_ Max rtt: 3.829ms | Min rtt: 3.829ms | Avg rtt: 3.829ms
Raw packets sent: 3 (120B) | Rcvd: 1 (46B) | Lost: 2 (66.67%)
Nping done: 3 IP addresses pinged in 2.08 seconds
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-6ljBl3xt-1652284816349)(…/…/图片/typora/1652273175795.png)]
arping
arping 192.168.8.105 -c 1
ARPING 192.168.8.105
60 bytes from 8c:16:45:de:c2:0d (192.168.8.105): index=0 time=38.703 usec
--- 192.168.8.105 statistics ---
1 packets transmitted, 1 packets received, 0% unanswered (0 extra)
rtt min/avg/max/std-dev = 0.039/0.039/0.039/0.000 ms
nbtscan
Usage:
nbtscan [-v] [-d] [-e] [-l] [-t timeout] [-b bandwidth] [-r] [-q] [-s separator] [-m retransmits] (-f filename)|(<scan_range>)
nbtscan -r 192.168.1.0/24
Scans the whole C-class network.
nbtscan 192.168.1.25-137
Scans a range from 192.168.1.25 to 192.168.1.137
nbtscan -v -s : 192.168.1.0/24
Scans C-class network. Prints results in script-friendly
format using colon as field separator.
Produces output like that:
192.168.0.1:NT_SERVER:00U
192.168.0.1:MY_DOMAIN:00G
192.168.0.1:ADMINISTRATOR:03U
192.168.0.2:OTHER_BOX:00U
...
nbtscan -f iplist
Scans IP addresses specified in file iplist.
nbtscan 192.168.8.105
Doing NBT name scan for addresses from 192.168.8.105
IP address NetBIOS Name Server User MAC address
------------------------------------------------------------------------------
192.168.8.105 LAPTOP-ORJB0FKO <server> <unknown> 8c:16:45:de:c2:0d
# nbtscan -hv 172.16.237.1
Doing NBT name scan for addresses from 172.16.237.1
NetBIOS Name Table for Host 172.16.237.1:
Incomplete packet, 191 bytes long.
Name Service Type
----------------------------------------
ADSH01 Workstation Service
SMVIC Domain Name
SMVIC Domain Controllers
ADSH01 File Server Service
SMVIC Domain Master Browser
Adapter address: 24:a5:2c:06:e2:05
onesixtyone 破解SNMP
onesixtyone -c dict.txt 172.16.190.2 -d
Debug level 1
Target ip read from command line: 172.16.190.2
Using community file dict.txt
4 communities: Sjzx@201909! admin@123 %^%#_yE+4zDbwE3(f1#KzJK3k3D\6jd
Waiting for 10 milliseconds between packets
Scanning 1 hosts, 4 communities
Trying community Sjzx@201909!
Trying community admin@123
Trying community %^%#_yE+4zDbwE3(f1#KzJK3k3D\6jd
Trying community
All packets sent, waiting for responses.
done.
NMAP
![[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-GbPoecyr-1652284816350)(../../图片/typora/1652274466694.png)]](https://i-blog.csdnimg.cn/blog_migrate/1c18f81130313f89bd3a35940fb74b04.png)
Usage: nmap [Scan Type(s)] [Options] {target specification}
TARGET SPECIFICATION:
Can pass hostnames, IP addresses, networks, etc.
Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
-iL <inputfilename>: Input from list of hosts/networks
-iR <num hosts>: Choose random targets
--exclude <host1[,host2][,host3],...>: Exclude hosts/networks
--excludefile <exclude_file>: Exclude list from file
HOST DISCOVERY:
-sL: List Scan - simply list targets to scan
-sn: Ping Scan - disable port scan
-Pn: Treat all hosts as online -- skip host discovery
-PS/PA/PU/PY[portlist]: TCP SYN/ACK, UDP or SCTP discovery to given ports
-PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes
-PO[protocol list]: IP Protocol Ping
-n/-R: Never do DNS resolution/Always resolve [default: sometimes]
--dns-servers <serv1[,serv2],...>: Specify custom DNS servers
--system-dns: Use OS's DNS resolver
--traceroute: Trace hop path to each host
SCAN TECHNIQUES:
-sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
-sU: UDP Scan
-sN/sF/sX: TCP Null, FIN, and Xmas scans
--scanflags <flags>: Customize TCP scan flags
-sI <zombie host[:probeport]>: Idle scan
-sY/sZ: SCTP INIT/COOKIE-ECHO scans
-sO: IP protocol scan
-b <FTP relay host>: FTP bounce scan
PORT SPECIFICATION AND SCAN ORDER:
-p <port ranges>: Only scan specified ports
Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080,S:9
--exclude-ports <port ranges>: Exclude the specified ports from scanning
-F: Fast mode - Scan fewer ports than the default scan
-r: Scan ports consecutively - don't randomize
--top-ports <number>: Scan <number> most common ports
--port-ratio <ratio>: Scan ports more common than <ratio>
SERVICE/VERSION DETECTION:
-sV: Probe open ports to determine service/version info
--version-intensity <level>: Set from 0 (light) to 9 (try all probes)
--version-light: Limit to most likely probes (intensity 2)
--version-all: Try every single probe (intensity 9)
--version-trace: Show detailed version scan activity (for debugging)
SCRIPT SCAN:
-sC: equivalent to --script=default
--script=<Lua scripts>: <Lua scripts> is a comma separated list of
directories, script-files or script-categories
--script-args=<n1=v1,[n2=v2,...]>: provide arguments to scripts
--script-args-file=filename: provide NSE script args in a file
--script-trace: Show all data sent and received
--script-updatedb: Update the script database.
--script-help=<Lua scripts>: Show help about scripts.
<Lua scripts> is a comma-separated list of script-files or
script-categories.
OS DETECTION:
-O: Enable OS detection
--osscan-limit: Limit OS detection to promising targets
--osscan-guess: Guess OS more aggressively
TIMING AND PERFORMANCE:
Options which take <time> are in seconds, or append 'ms' (milliseconds),
's' (seconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m).
-T<0-5>: Set timing template (higher is faster)
--min-hostgroup/max-hostgroup <size>: Parallel host scan group sizes
--min-parallelism/max-parallelism <numprobes>: Probe parallelization
--min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <time>: Specifies
probe round trip time.
--max-retries <tries>: Caps number of port scan probe retransmissions.
--host-timeout <time>: Give up on target after this long
--scan-delay/--max-scan-delay <time>: Adjust delay between probes
--min-rate <number>: Send packets no slower than <number> per second
--max-rate <number>: Send packets no faster than <number> per second
FIREWALL/IDS EVASION AND SPOOFING:
-f; --mtu <val>: fragment packets (optionally w/given MTU)
-D <decoy1,decoy2[,ME],...>: Cloak a scan with decoys
-S <IP_Address>: Spoof source address
-e <iface>: Use specified interface
-g/--source-port <portnum>: Use given port number
--proxies <url1,[url2],...>: Relay connections through HTTP/SOCKS4 proxies
--data <hex string>: Append a custom payload to sent packets
--data-string <string>: Append a custom ASCII string to sent packets
--data-length <num>: Append random data to sent packets
--ip-options <options>: Send packets with specified ip options
--ttl <val>: Set IP time-to-live field
--spoof-mac <mac address/prefix/vendor name>: Spoof your MAC address
--badsum: Send packets with a bogus TCP/UDP/SCTP checksum
OUTPUT:
-oN/-oX/-oS/-oG <file>: Output scan in normal, XML, s|<rIpt kIddi3,
and Grepable format, respectively, to the given filename.
-oA <basename>: Output in the three major formats at once
-v: Increase verbosity level (use -vv or more for greater effect)
-d: Increase debugging level (use -dd or more for greater effect)
--reason: Display the reason a port is in a particular state
--open: Only show open (or possibly open) ports
--packet-trace: Show all packets sent and received
--iflist: Print host interfaces and routes (for debugging)
--append-output: Append to rather than clobber specified output files
--resume <filename>: Resume an aborted scan
--stylesheet <path/URL>: XSL stylesheet to transform XML output to HTML
--webxml: Reference stylesheet from Nmap.Org for more portable XML
--no-stylesheet: Prevent associating of XSL stylesheet w/XML output
MISC:
-6: Enable IPv6 scanning
-A: Enable OS detection, version detection, script scanning, and traceroute
--datadir <dirname>: Specify custom Nmap data file location
--send-eth/--send-ip: Send using raw ethernet frames or IP packets
--privileged: Assume that the user is fully privileged
--unprivileged: Assume the user lacks raw socket privileges
-V: Print version number
-h: Print this help summary page.
EXAMPLES:
nmap -v -A scanme.nmap.org
nmap -v -sn 192.168.0.0/16 10.0.0.0/8
nmap -v -iR 10000 -Pn -p 80
SEE THE MAN PAGE (https://nmap.org/book/man.html) FOR MORE OPTIONS AND EXAMPLES
![[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-MuhaBCqj-1652284816351)(../../图片/typora/1652274699562.png)]](https://i-blog.csdnimg.cn/blog_migrate/357db1fced0a6232813fc921102b74ee.png)
#nmap -sS 192.168.8.1
Starting Nmap 7.91 ( https://nmap.org ) at 2022-05-11 21:15 CST
Nmap scan report for homerouter.cpe (192.168.8.1)
Host is up (0.0023s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
53/tcp open domain
80/tcp open http
443/tcp open https
MAC Address: 20:DA:22:32:D4:1E (Huawei Technologies)
Nmap done: 1 IP address (1 host up) scanned in 0.29 seconds
# nmap -sT 192.168.8.1
Starting Nmap 7.91 ( https://nmap.org ) at 2022-05-11 21:48 CST
Nmap scan report for homerouter.cpe (192.168.8.1)
Host is up (0.0075s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
53/tcp open domain
80/tcp open http
443/tcp open https
MAC Address: 20:DA:22:32:D4:1E (Huawei Technologies)
Nmap done: 1 IP address (1 host up) scanned in 0.22 seconds
# nmap -sF 192.168.8.105
Starting Nmap 7.91 ( https://nmap.org ) at 2022-05-11 21:53 CST
Nmap scan report for LAPTOP-ORJB0FKO (192.168.8.105)
Host is up (0.00012s latency).
All 1000 scanned ports on LAPTOP-ORJB0FKO (192.168.8.105) are open|filtered
MAC Address: 8C:16:45:DE:C2:0D (Lcfc(hefei) Electronics Technology)
Nmap done: 1 IP address (1 host up) scanned in 21.63 seconds
# nmap -sU 192.168.8.105
Starting Nmap 7.91 ( https://nmap.org ) at 2022-05-11 21:51 CST
Nmap scan report for LAPTOP-ORJB0FKO (192.168.8.105)
Host is up (0.00016s latency).
All 1000 scanned ports on LAPTOP-ORJB0FKO (192.168.8.105) are open|filtered
MAC Address: 8C:16:45:DE:C2:0D (Lcfc(hefei) Electronics Technology)
Nmap done: 1 IP address (1 host up) scanned in 21.63 seconds
.168.8.105
Starting Nmap 7.91 ( https://nmap.org ) at 2022-05-11 21:53 CST
Nmap scan report for LAPTOP-ORJB0FKO (192.168.8.105)
Host is up (0.00012s latency).
All 1000 scanned ports on LAPTOP-ORJB0FKO (192.168.8.105) are open|filtered
MAC Address: 8C:16:45:DE:C2:0D (Lcfc(hefei) Electronics Technology)
Nmap done: 1 IP address (1 host up) scanned in 21.63 seconds
nmap -sV 172.16.223.90
Starting Nmap 7.91 ( https://nmap.org ) at 2022-05-11 21:55 CST
Nmap scan report for 172.16.223.90
Host is up (0.0061s latency).
Not shown: 986 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.0 (protocol 2.0)
80/tcp open http nginx 1.20.1
111/tcp open rpcbind 2-4 (RPC #100000)
443/tcp open ssl/http nginx 1.20.1
5222/tcp open jabber
7070/tcp open http nginx 1.20.1
8001/tcp open http nginx 1.20.1
8080/tcp open http nginx 1.20.1
8081/tcp open http nginx 1.20.1
8088/tcp open http nginx 1.20.1
8090/tcp open http nginx 1.20.1
9002/tcp open http nginx 1.20.1
9003/tcp open http nginx 1.20.1
9100/tcp open jetdirect?
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port5222-TCP:V=7.91%I=7%D=5/11%Time=627BC081%P=x86_64-pc-linux-gnu%r(RP
SF:CCheck,9B,"<stream:error\x20xmlns:stream=\"http://etherx\.jabber\.org/s
SF:treams\"><not-well-formed\x20xmlns=\"urn:ietf:params:xml:ns:xmpp-stream
SF:s\"/></stream:error></stream:stream>");
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 45.34 seconds
nmap -A 172.16.10.136
Starting Nmap 7.91 ( https://nmap.org ) at 2022-05-11 21:57 CST
Nmap scan report for 172.16.10.136
Host is up (0.0019s latency).
Not shown: 997 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.4p1 Debian 10+deb9u7 (protocol 2.0)
| ssh-hostkey:
| 2048 10:63:66:e3:bd:bb:9a:87:64:22:de:27:0e:1d:b4:b7 (RSA)
| 256 19:30:6f:fd:fe:aa:69:22:65:6e:00:77:19:a6:ad:f6 (ECDSA)
|_ 256 2a:ae:47:01:f9:54:7b:32:f3:2a:b8:ff:88:2b:d0:e3 (ED25519)
53/tcp open domain (unknown banner: none)
| dns-nsid:
|_ bind.version: none
| fingerprint-strings:
| DNSVersionBindReqTCP:
| version
| bind
|_ none
7911/tcp open omapi ISC (BIND|DHCPD) OMAPI
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port53-TCP:V=7.91%I=7%D=5/11%Time=627BC0D8%P=x86_64-pc-linux-gnu%r(DNSV
SF:ersionBindReqTCP,3F,"\0=\0\x06\x85\0\0\x01\0\x01\0\x01\0\0\x07version\x
SF:04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03\0\0\0\0\0\x05\x04none\xc0\x0c\
SF:0\x02\0\x03\0\0\0\0\0\x02\xc0\x0c");
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
#系统指纹
OS:SCAN(V=7.91%E=4%D=5/11%OT=22%CT=1%CU=43858%PV=Y%DS=3%DC=T%G=Y%TM=627BC0F
OS:C%P=x86_64-pc-linux-gnu)SEQ(SP=FC%GCD=1%ISR=10D%TI=Z%CI=Z%II=I%TS=8)OPS(
OS:O1=M584ST11NW7%O2=M584ST11NW7%O3=M584NNT11NW7%O4=M584ST11NW7%O5=M584ST11
OS:NW7%O6=M584ST11)WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6=7120)ECN(
OS:R=Y%DF=Y%T=40%W=7210%O=M584NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS
OS:%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=
OS:Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=
OS:R%O=%RD=0%Q=)T7(R=N)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%R
OS:UCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)
Network Distance: 3 hops
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE (using port 80/tcp)
HOP RTT ADDRESS
1 1.43 ms homerouter.cpe (192.168.8.1)
2 3.44 ms 10.232.101.254
3 1.91 ms 172.16.10.136
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 59.47 seconds
DNS信息收集
whois
whois baid.com
Domain Name: BAID.COM
Registry Domain ID: 27507695_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Updated Date: 2021-11-16T05:56:15Z
Creation Date: 2000-05-20T10:21:11Z
Registry Expiry Date: 2024-05-20T10:21:11Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: 480-624-2505
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Name Server: NS1.DNSYUN.VIP
Name Server: NS2.DNSCLOUDVIP.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2022-05-11T14:41:06Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: baid.com
Registry Domain ID: 27507695_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com
Updated Date: 2021-03-28T23:56:03Z
Creation Date: 2000-05-20T05:21:11Z
Registrar Registration Expiration Date: 2024-05-20T05:21:11Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registrant Organization:
Registrant State/Province: TAIBEI
Registrant Country: CN
Registrant Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=baid.com
Tech Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=baid.com
Admin Email: Select Contact Domain Holder link at https://www.godaddy.com/whois/results.aspx?domain=baid.com
Name Server: NS1.DNSYUN.VIP
Name Server: NS2.DNSCLOUDVIP.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2022-05-11T14:41:23Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
TERMS OF USE: The data contained in this registrar's Whois database, while believed by the
registrar to be reliable, is provided "as is" with no guarantee or warranties regarding its
accuracy. This information is provided for the sole purpose of assisting you in obtaining
information about domain name registration records. Any use of this data for any other purpose
is expressly forbidden without the prior written permission of this registrar. By submitting
an inquiry, you agree to these terms and limitations of warranty. In particular, you agree not
to use this data to allow, enable, or otherwise support the dissemination or collection of this
data, in part or in its entirety, for any purpose, such as transmission by e-mail, telephone,
postal mail, facsimile or other means of mass unsolicited, commercial advertising or solicitations
of any kind, including spam. You further agree not to use this data to enable high volume, automated
or robotic electronic processes designed to collect or compile this data for any purpose, including
mining this data for your own personal or commercial purposes. Failure to comply with these terms
may result in termination of access to the Whois database. These terms may be subject to modification
at any time without notice.
fierce、dnsrecon dnsenum
#fierce --domain baidu.com 130 ⨯
NS: ns4.baidu.com. ns2.baidu.com. ns3.baidu.com. dns.baidu.com. ns7.baidu.com.
SOA: dns.baidu.com. (110.242.68.134)
Zone: failure
Wildcard: failure
Found: 0.baidu.com. (180.149.144.203)
Found: 01.baidu.com. (124.237.176.247)
Found: 11.baidu.com. (182.61.62.50)
Found: 8.baidu.com. (220.181.33.181)
Found: a.baidu.com. (112.80.248.124)
#dnsenum VERSION:1.2.6
----- baidu.com -----
Host's addresses:
__________________
baidu.com. 40 IN A 220.181.38.251
baidu.com. 40 IN A 220.181.38.148
Name Servers:
______________
dns.baidu.com. 289 IN A 110.242.68.134
ns3.baidu.com. 312 IN A 112.80.248.64
ns4.baidu.com. 923 IN A 14.215.178.80
ns7.baidu.com. 1925 IN A 180.76.76.92
ns2.baidu.com. 1985 IN A 220.181.33.31
Mail (MX) Servers:
___________________
mx.maillb.baidu.com. 1 IN A 111.202.115.85
mx50.baidu.com. 1 IN A 12.0.243.41
mx.n.shifen.com. 56 IN A 220.181.3.85
mx.n.shifen.com. 56 IN A 220.181.50.185
mx1.baidu.com. 1 IN A 111.202.115.85
mx1.baidu.com. 1 IN A 220.181.3.85
jpmx.baidu.com. 1 IN A 119.63.196.201
usmx01.baidu.com. 3210 IN A 12.0.243.41
Trying Zone Transfers and getting Bind Versions:
_________________________________________________
Trying Zone Transfer for baidu.com on dns.baidu.com ...
AXFR record query failed: REFUSED
Trying Zone Transfer for baidu.com on ns3.baidu.com ...
AXFR record query failed: REFUSED
Trying Zone Transfer for baidu.com on ns4.baidu.com ...
AXFR record query failed: REFUSED
Trying Zone Transfer for baidu.com on ns7.baidu.com ...
AXFR record query failed: REFUSED
Trying Zone Transfer for baidu.com on ns2.baidu.com ...
AXFR record query failed: REFUSED
Brute forcing with /usr/share/dnsenum/dns.txt:
_______________________________________________
11.baidu.com. 1 IN CNAME jpaasmatrix.e.shifen.com.
jpaasmatrix.e.shifen.com. 1 IN CNAME domain-offline.baidu.com.
domain-offline.baidu.com. 1 IN A 182.61.62.50
# dnsrecon -d baidu.com 2 ⨯
[*] Performing General Enumeration of Domain: baidu.com
[-] DNSSEC is not configured for baidu.com
[*] SOA dns.baidu.com 110.242.68.134
[*] NS ns4.baidu.com 14.215.178.80
[*] NS ns2.baidu.com 220.181.33.31
[*] NS ns3.baidu.com 112.80.248.64
[*] NS dns.baidu.com 110.242.68.134
[*] NS ns7.baidu.com 180.76.76.92
[*] NS ns7.baidu.com 240e:bf:b801:1002:0:ff:b024:26de
[*] NS ns7.baidu.com 240e:940:603:4:0:ff:b01b:589a
[*] MX mx.maillb.baidu.com 111.202.115.85
[*] MX mx50.baidu.com 12.0.243.41
[*] MX usmx01.baidu.com 12.0.243.41
[*] MX mx1.baidu.com 220.181.3.85
[*] MX mx1.baidu.com 111.202.115.85
[*] MX mx.n.shifen.com 220.181.50.185
[*] MX mx.n.shifen.com 220.181.3.85
[*] MX jpmx.baidu.com 119.63.196.201
[*] A baidu.com 220.181.38.148
[*] A baidu.com 220.181.38.251
[*] Enumerating SRV Records
路由信息手机
netdiscover
Usage: netdiscover [-i device] [-r range | -l file | -p] [-m file] [-F filter] [-s time] [-c count] [-n node] [-dfPLNS]
┌──(root💀VM-Kali)-[~]
└─# netdiscover -i eth0
Currently scanning: 192.168.24.0/16 | Screen View: Unique Hosts
21 Captured ARP Req/Rep packets, from 2 hosts. Total size: 1260
_____________________________________________________________________________
IP At MAC Address Count Len MAC Vendor / Hostname
-----------------------------------------------------------------------------
192.168.8.1 20:da:22:32:d4:1e 20 1200 HUAWEI TECHNOLOGIES CO.,LTD
192.168.8.105 8c:16:45:de:c2:0d 1 60 LCFC(HeFei) Electronics Technology co., ltd
netmask
┌──(root💀VM-Kali)-[~]
└─# netmask -r 172.16.10.0/24
172.16.10.0-172.16.10.255 (256)
┌──(root💀VM-Kali)-[~]
└─# netmask -v -r 172.16.10.0/24
netmask, version 2.4.4
┌──(root💀VM-Kali)-[~]
└─# netmask -o 172.16.10.0/24
025404005000/037777777400
智能信息收集
maltego
4455
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
