---
工具名稱: DMitry
所屬分類: Information Gathering
標簽: [information gathering,recon,dmitry,kali linux,portscanning]
創建時間: 2016-10-20 08:19:00
---
0x00 DMitry介紹
-------------
DMitry(Deepmagic Information Gathering Tools 深度信息收集工具)是一個linux下用C語言寫的工具。它能夠盡可能的獲取指定主機目標的信息。基礎功能是獲取目標的子域名,Email地址,運行時間相關信息,tcp端口,whois信息等等。
特性:
```plain
- 軟件開源
- 可以同時進行一系列的whois查詢
- 獲取運行時的數據,系統和服務器信息
- 對指定的機器搜索獲取其子域名
- 在指定的主機上搜素Email
- 對指定的主機搜索其開啟的TCP端口
- 有模塊化系統可以讓用戶根據需要選擇模塊
```
工具來源:http://mor-pah.net/software/dmitry-deepmagic-information-gathering-tool/
[DMitry主頁][1] | [Kali DMitry Repo倉庫][2]
- 作者:James Greig
- 證書:GPLv3
[DMitry視頻介紹][3]
0x01 DMitry功能
---------------
DMitry - 深度信息收集工具
```shell
root@kali:~# dmitry
Deepmagic Information Gathering Tool
"There be some deep magic going on"
用法:dmitry [-winsepfb] [-t 0-9] [-o %host.txt] host
-o 將輸出保存到%host.txt或由-o文件指定的文件
-i 對主機的IP地址執行whois查找
-w 對主機的域名執行whois查找
-n 在Netcraft.com上檢索主機信息
-s 搜索的子域
-e 搜索可能的電子郵件地址
-p 在主機上執行TCP端口掃描
* -f 在顯示輸出報告過濾端口的主機上執行TCP端口掃描
* -b 讀取從掃描端口接收的橫幅
* -t 0-9 設置掃描TCP端口時的TTL(默認值2)
* 以上3個選項需要傳遞-p選項
```
0x02 DMitry用法示例
-----------------
```shell
root@kali:~# dmitry -winsepo harvard.txt harvard.edu
Deepmagic Information Gathering Tool
"There be some deep magic going on"
Writing output to 'harvard.txt'
HostIP:52.87.36.185
HostName:harvard.edu
Gathered Inet-whois information for 52.87.36.185
---------------------------------
inetnum: 52.0.0.0 - 52.144.63.255
netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
descr: IPv4 address block not managed by the RIPE NCC
remarks: ------------------------------------------------------
remarks:
remarks: You can find the whois server to query, or the
remarks: IANA registry to query on this web page:
remarks: http://www.iana.org/assignments/ipv4-address-space
remarks:
remarks: You can access databases of other RIRs at:
remarks:
remarks: AFRINIC (Africa)
remarks: http://www.afrinic.net/ whois.afrinic.net
remarks:
remarks: APNIC (Asia Pacific)
remarks: http://www.apnic.net/ whois.apnic.net
remarks:
remarks: ARIN (Northern America)
remarks: http://www.arin.net/ whois.arin.net
remarks:
remarks: LACNIC (Latin America and the Carribean)
remarks: http://www.lacnic.net/ whois.lacnic.net
remarks:
remarks: IANA IPV4 Recovered Address Space
remarks: http://www.iana.org/assignments/ipv4-recovered-address-space/ipv4-recovered-address-space.xhtml
remarks:
remarks: ------------------------------------------------------
country: EU # Country is really world wide
admin-c: IANA1-RIPE
tech-c: IANA1-RIPE
status: ALLOCATED UNSPECIFIED
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: RIPE-NCC-HM-MNT
mnt-routes: RIPE-NCC-RPSL-MNT
created: 2016-09-26T14:44:02Z
last-modified: 2016-09-26T14:44:02Z
source: RIPE
role: Internet Assigned Numbers Authority
address: see http://www.iana.org.
admin-c: IANA1-RIPE
tech-c: IANA1-RIPE
nic-hdl: IANA1-RIPE
remarks: For more information on IANA services
remarks: go to IANA web site at http://www.iana.org.
mnt-by: RIPE-NCC-MNT
created: 1970-01-01T00:00:00Z
last-modified: 2001-09-22T09:31:27Z
source: RIPE # Filtered
% This query was served by the RIPE Database Query Service version 1.87.4 (DB-1)
Gathered Inic-whois information for harvard.edu
---------------------------------
Domain Name: HARVARD.EDU
Registrant:
Harvard University
HUIT Network Services
60 Oxford Street
Cambridge, MA 02138
UNITED STATES
Administrative Contact:
Luke Sullivan
Manager, Network Systems
Harvard University
60 Oxford Street
Cambridge, MA 02138
UNITED STATES
(617) 384-6640
luke_sullivan@harvard.edu
Technical Contact:
Network Operations
Harvard University
HUIT Network Services
60 Oxford Street
Cambridge, MA 02138
UNITED STATES
(617) 495-7777
netmanager@harvard.edu
Name Servers:
EXT-DNS-1.HARVARD.EDU 128.103.200.35
EXT-DNS-2.HARVARD.EDU 128.103.200.162
Domain record activated: 27-Jun-1985
Domain record last updated: 30-Dec-2015
Domain expires: 31-Jul-2017
Gathered Netcraft information for harvard.edu
---------------------------------
Retrieving Netcraft.com information for harvard.edu
Netcraft.com Information gathered
Gathered Subdomain information for harvard.edu
---------------------------------
Searching Google.com:80...
Unable to connect: Socket Connect Error
```
[1]: http://mor-pah.net/software/dmitry-deepmagic-information-gathering-tool/
[2]: http://git.kali.org/gitweb/?p=packages/dmitry.git;a=summary
[3]: https://asciinema.org/a/31154
- Information Gathering
- acccheck
- ace-voip
- Amap
- Automater
- bing-ip2hosts
- braa
- CaseFile
- CDPSnarf
- cisco-torch
- Cookie Cadger
- copy-router-config
- DMitry
- dnmap
- dnsenum
- dnsmap
- DNSRecon
- dnstracer
- dnswalk
- DotDotPwn
- enum4linux
- enumIAX
- Fierce
- Firewalk
- fragroute
- fragrouter
- Ghost Phisher
- GoLismero
- goofile
- hping3
- InTrace
- iSMTP
- lbd
- Maltego Teeth
- masscan
- Metagoofil
- Miranda
- nbtscan-unixwiz
- Nmap
- ntop
- p0f
- Parsero
- Recon-ng
- SET
- smtp-user-enum
- snmp-check
- sslcaudit
- SSLsplit
- sslstrip
- SSLyze
- THC-IPV6
- theHarvester
- TLSSLed
- twofi
- URLCrazy
- Wireshark
- WOL-E
- Xplico
- Vulnerability Analysis
- BBQSQL
- BED
- cisco-auditing-tool
- cisco-global-exploiter
- cisco-ocs
- cisco-torch
- copy-router-config
- Doona
- Exploitation Tools
- Wireless Attacks
- Ghost-Phisher
- mfoc
- Forensics Tools
- Binwalk
- bulk-extractor
- Web Applications
- apache-users
- BurpSuite
- sqlmap
- w3af
- Sniffing-Spoofing
- Bettercap
- Burp Suite
- DNSChef
- Fiked
- hamster-sidejack
- HexInject
- Password Attacks
- crunch
- hashcat
- John the Ripper
- Johnny
- Hardware Hacking
- android-sdk
- apktool
- Arduino
- dex2jar
- Sakis3G
- Reverse Engineering
- apktool