Backtrack5 ***之信息收集

一、DNS信息搜集

几种常用的信息搜集工具：

1.dnsenum枚举信息查寻所有的信息

./dnsenum--dnsserver8.8.8.8目标(-fdns.txt)使用字典暴力破解

2.dnswalk区域传送漏洞的测试

./dnswalkcisco.com.

3.dnsmap列举目标的所有dns信息

./dnsmapcisco.com

4.lbddns负载均衡

./lbd.shgoogle.com

5.whois查询网站所有者的相关信息

whoissina.com.cn

6.maltego图形化信息搜集工具

该工具的使用需要注册

二、web信息搜集

1.whatweb获取目标站点的信息

2.waffitwafw00f可以识别和指纹WAF网站产品保护。

3.curl-I目标

获取目标的简单的信息

curl-T目标

curl-Tftp://user:password@xxx.com

上传文件（需要足够的权限）

三、网络信息搜集

1.arping仅在局域网可以使用

2.fping

fpingisapinglikeprogramwhichusestheInternetControlMessageProtocol(ICMP)echorequesttodetermineifahostisup.fpingisdifferentfrompinginthatyoucanspecifyanynumberofhostsonthecommandline,orspecifyafilecontainingthelistsofhoststoping.Insteadoftryingonehostuntilittimeoutsorreplies,fpingwillsendoutapingpacketandmoveontothenexthostinaround-robinfashion.Ifahostreplies,itisnotedandremovedfromthelistofhoststocheck.Ifahostdoesnotrespondwithinacertaintimelimitand/orretrylimititwillbeconsideredunreachable.Unlikeping,fpingismeanttobeusedinscriptsanditsoutputiseasytoparse

3.hping

hpingisacommandlineorientedTCP/IPpacketassembler/analyzer.Theinterfaceisinspiredtothepingunixcommand,buthpingisn'tonlyabletosendICMPechorequests.ItsupportsTCP,UDP,ICMPandRAW-IPprotocols,hasatraceroutemode,theabilitytosendfilesbetweenacoveredchannel,andmanyotherfeatures.

Firewalltesting

Advancedportscanning

Networktesting,usingdifferentprotocols,TOS,fragmentation

ManualpathMTUdiscovery

Advancedtraceroute,underallthesupportedprotocols

RemoteOSfingerprinting

Remoteuptimeguessing

TCP/IPstacksauditing

hpingcanalsobeusefultostudentsthatarelearningTCP/IP.

4.hping2

5.netifera

Netiferaisanetworkscannercapableofpassivescanning(scanofapcapfile,livenetworksniffing)aswellasactivescanning(entityportscan).Itenablestoidentifyhostsonthenetwork.

6.nmap

用nmap探测开放端口：-sSSYN半开扫描-sTTCP半开扫描-Pn不使用ping方式探

测主机-A探测服务类型

nmap–sS–Pn192.168.1.111

nmap–sS–Pn–A192.168.1.111

四、路由信息收集

1.traceroute

2.tcptraceroute

tcptracerouteisatracerouteimplementationusingTCPpackets.

Themoretraditionaltraceroute(8)sendsouteitherUDPorICMPECHOpacketswithaTTLofone,andincrementstheTTLuntilthedestinationhasbeenreached.ByprintingthegatewaysthatgenerateICMPtimeexceededmessagesalongtheway,itisabletodeterminethepathpacketsaretakingtoreachthedestination.

TheproblemisthatwiththewidespreaduseoffirewallsonthemodernInternet,manyofthepacketsthattraceroute(8)sendsoutendupbeingfiltered,makingitimpossibletocompletelytracethepathtothedestination.However,inmanycases,thesefirewallswillpermitinboundTCPpacketstospecificportsthathostssittingbehindthefirewallarelisteningforconnectionson.BysendingoutTCPSYNpacketsinsteadofUDPorICMPECHOpackets,tcptracerouteisabletobypassthemostcommonfirewallfilters.

3.tcpdump

tcpdumpisacommonpacketanalyzerthatrunsunderthecommandline.ItallowstheusertointerceptanddisplayTCP/IPandotherpacketsbeingtransmittedorreceivedoveranetworktowhichthecomputerisattached.DistributedundertheBSDlicense,tcpdumpisfreesoftware.

4.scapy修改数据包

5.wireshark抓包

Wiresharkisafreeandopen-sourcepacketanalyzer.Itisusedfornetworktroubleshooting,analysis,softwareandcommunicationsprotocoldevelopment,andeducation.OriginallynamedEthereal,inMay2006theprojectwasrenamedWiresharkduetotrademarkissues.

Wiresharkiscross-platform,usingtheGTK+widgettoolkittoimplementitsuserinterface,andusingpcaptocapturepackets;itrunsonvariousUnix-likeoperatingsystemsincludingLinux,OSX,BSD,andSolaris,andonMicrosoftWindows.Thereisalsoaterminal-based(non-GUI)versioncalledTShark.Wireshark,andtheotherprogramsdistributedwithitsuchasTShark,arefreesoftware,releasedunderthetermsoftheGNUGeneralPublicLicense.

转载于:https://blog.51cto.com/tar0cissp/1290345