一、DNS信息搜集
几种常用的信息搜集工具:
1.dnsenum枚举信息查寻所有的信息
./dnsenum--dnsserver8.8.8.8目标(-fdns.txt)使用字典暴力破解
2.dnswalk区域传送漏洞的测试
./dnswalkcisco.com.
3.dnsmap列举目标的所有dns信息
./dnsmapcisco.com
4.lbddns负载均衡
./lbd.shgoogle.com
5.whois查询网站所有者的相关信息
whoissina.com.cn
6.maltego图形化信息搜集工具
该工具的使用需要注册
二、web信息搜集
1.whatweb获取目标站点的信息
2.waffitwafw00f可以识别和指纹WAF网站产品保护。
3.curl-I目标
获取目标的简单的信息
curl-T目标
curl-Tftp://user:password@xxx.com
上传文件(需要足够的权限)
三、网络信息搜集
1.arping仅在局域网可以使用
2.fping
fpingisapinglikeprogramwhichusestheInternetControlMessageProtocol(ICMP)echorequesttodetermineifahostisup.fpingisdifferentfrompinginthatyoucanspecifyanynumberofhostsonthecommandline,orspecifyafilecontainingthelistsofhoststoping.Insteadoftryingonehostuntilittimeoutsorreplies,fpingwillsendoutapingpacketandmoveontothenexthostinaround-robinfashion.Ifahostreplies,itisnotedandremovedfromthelistofhoststocheck.Ifahostdoesnotrespondwithinacertaintimelimitand/orretrylimititwillbeconsideredunreachable.Unlikeping,fpingismeanttobeusedinscriptsanditsoutputiseasytoparse
3.hping
hpingisacommandlineorientedTCP/IPpacketassembler/analyzer.Theinterfaceisinspiredtothepingunixcommand,buthpingisn'tonlyabletosendICMPechorequests.ItsupportsTCP,UDP,ICMPandRAW-IPprotocols,hasatraceroutemode,theabilitytosendfilesbetweenacoveredchannel,andmanyotherfeatures.
Firewalltesting
Advancedportscanning
Networktesting,usingdifferentprotocols,TOS,fragmentation
ManualpathMTUdiscovery
Advancedtraceroute,underallthesupportedprotocols
RemoteOSfingerprinting
Remoteuptimeguessing
TCP/IPstacksauditing
hpingcanalsobeusefultostudentsthatarelearningTCP/IP.
4.hping2
5.netifera
Netiferaisanetworkscannercapableofpassivescanning(scanofapcapfile,livenetworksniffing)aswellasactivescanning(entityportscan).Itenablestoidentifyhostsonthenetwork.
6.nmap
用nmap探测开放端口:-sSSYN半开扫描-sTTCP半开扫描-Pn不使用ping方式探
测主机-A探测服务类型
nmap–sS–Pn192.168.1.111
nmap–sS–Pn–A192.168.1.111
四、路由信息收集
1.traceroute
2.tcptraceroute
tcptracerouteisatracerouteimplementationusingTCPpackets.
Themoretraditionaltraceroute(8)sendsouteitherUDPorICMPECHOpacketswithaTTLofone,andincrementstheTTLuntilthedestinationhasbeenreached.ByprintingthegatewaysthatgenerateICMPtimeexceededmessagesalongtheway,itisabletodeterminethepathpacketsaretakingtoreachthedestination.
TheproblemisthatwiththewidespreaduseoffirewallsonthemodernInternet,manyofthepacketsthattraceroute(8)sendsoutendupbeingfiltered,makingitimpossibletocompletelytracethepathtothedestination.However,inmanycases,thesefirewallswillpermitinboundTCPpacketstospecificportsthathostssittingbehindthefirewallarelisteningforconnectionson.BysendingoutTCPSYNpacketsinsteadofUDPorICMPECHOpackets,tcptracerouteisabletobypassthemostcommonfirewallfilters.
3.tcpdump
tcpdumpisacommonpacketanalyzerthatrunsunderthecommandline.ItallowstheusertointerceptanddisplayTCP/IPandotherpacketsbeingtransmittedorreceivedoveranetworktowhichthecomputerisattached.DistributedundertheBSDlicense,tcpdumpisfreesoftware.
4.scapy修改数据包
5.wireshark抓包
Wiresharkisafreeandopen-sourcepacketanalyzer.Itisusedfornetworktroubleshooting,analysis,softwareandcommunicationsprotocoldevelopment,andeducation.OriginallynamedEthereal,inMay2006theprojectwasrenamedWiresharkduetotrademarkissues.
Wiresharkiscross-platform,usingtheGTK+widgettoolkittoimplementitsuserinterface,andusingpcaptocapturepackets;itrunsonvariousUnix-likeoperatingsystemsincludingLinux,OSX,BSD,andSolaris,andonMicrosoftWindows.Thereisalsoaterminal-based(non-GUI)versioncalledTShark.Wireshark,andtheotherprogramsdistributedwithitsuchasTShark,arefreesoftware,releasedunderthetermsoftheGNUGeneralPublicLicense.
本文转自Tar0 51CTO博客,原文链接:http://blog.51cto.com/tar0cissp/1290345,如需转载请自行联系原作者
