几种常用的信息搜集工具:
1. dnsenum 枚举信息 查寻所有的信息
./dnsenum --dnsserver 8.8.8.8 目标 (-f dns.txt)使用字典暴力破解
2. dnswalk 区域传送漏洞的测试
./dnswalk cisco.com.
3. dnsmap 列举目标的所有dns信息
./dnsmap cisco.com
4. lbd dns负载均衡
./lbd.sh google.com
5. whois 查询网站所有者的相关信息
whois sina.com.cn
6. maltego 图形化信息搜集工具
该工具的使用需要注册
二、web信息搜集
1.whatweb 获取目标站点的信息
3.curl -I 目标
获取目标的简单的信息
curl -T 目标
curl -T ftp://user:password@xxx.com
上传文件(需要足够的权限)
三、网络信息搜集
1.arping 仅在局域网可以使用
2.fping
fpingis aping like program which uses the Internet Control Message Protocol (ICMP) echo request to determine if a host is up. fpingis different from ping in that you can specify any number of hosts on the command line, or specify a file containing the lists of hosts to ping. Instead of trying one host until it timeouts or replies, fpingwill send out a ping packet and move on to the next host in a round-robin fashion. If a host replies, it is noted and removed from the list of hosts to check. If a host does not respond within a certain time limit and/or retry limit it will be considered unreachable.Unlikeping, fpingis meant to be used in scripts and its output is easy to parse
3.hping
hpingisacommandlineorientedTCP/IPpacketassembler/analyzer.Theinterfaceisinspiredtothepingunixcommand,buthpingisn'tonlyabletosendICMPechorequests.ItsupportsTCP,UDP,ICMPandRAW-IPprotocols,hasatraceroutemode,theabilitytosendfilesbetweenacoveredchannel,andmanyotherfeatures.
Firewall testing
Advancedportscanning
Network testing, using different protocols, TOS, fragmentation
Manual path MTU discovery
Advanced traceroute, under all the supported protocols
Remote OS fingerprinting
Remote uptime guessing
TCP/IP stacks auditing
hpingcan also be useful to students that are learning TCP/IP.
4.hping2