Dmitry信息收集工具

功能：它可以收集以下信息

• 根据IP或者域名来查询主机上的whois信息
• 在netcraft.com（提供安全服务）的网站上挖掘主机信息
• 查找目标域中的子域
• 查找目标域中的邮件地址
• 探测目标主机打开的端口、被屏蔽的的端口和关闭的端口

Dmitry的用法

Usage: dmitry [-winsepfb] [-t 0-9] [-o %host.txt] host
  -o     Save output to %host.txt or to file specified by -o file   /将输出保存到%host.txt或由-o保存到指定文件
  -i     Perform a whois lookup on the IP address of a host   /对主机的IP地址执行whols查找 
  -w     Perform a whois lookup on the domain name of a host   /对主机的域名进行whols查找
  -n     Retrieve Netcraft.com information on a host   /在主机上检索netcraft.com信息
  -s     Perform a search for possible subdomains   /执行搜索可能的子域
  -e     Perform a search for possible email addresses   /执行搜索可能的电子邮件
  -p     Perform a TCP port scan on a host   /在主机上执行TCP端口扫描
* -f     Perform a TCP port scan on a host showing output reporting filtered ports   /在显示输出报告过滤端口的主机上执行TCP端口扫描
* -b     Read in the banner received from the scanned port   /读取从扫描端口接受的banner
* -t 0-9 Set the TTL in seconds when scanning a TCP port ( Default 2 )   /0-9扫描TCP端口时设置TTL（默认2）

* Requires the -p flagged to be passed   /需要-p标记才能传递
 

dmitry  IP/域名  -o  /mnt/xz  （将这个IP或域名的信息输出保存到/mnt/xz.txt）

我这里查看的时baidu.com

root@kali:/mnt# cat xz.txt 
HostIP:220.181.38.150   
HostName:www.baidu.comGathered Inet-whois information for 220.181.38.150
---------------------------------inetnum:        220.158.200.0 - 255.255.255.255
netname:        NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
descr:          IPv4 address block not managed by the RIPE NCC
remarks:        ------------------------------------------------------
remarks:
remarks:        For registration information,
remarks:        you can consult the following sources:
remarks:
remarks:        IANA
remarks:        http://www.iana.org/assignments/ipv4-address-space
remarks:        http://www.iana.org/assignments/iana-ipv4-special-registry
remarks:        http://www.iana.org/assignments/ipv4-recovered-address-space
remarks:
remarks:        AFRINIC (Africa)
remarks:        http://www.afrinic.net/ whois.afrinic.net
remarks:
remarks:        APNIC (Asia Pacific)
remarks:        http://www.apnic.net/ whois.apnic.net
remarks:
remarks:        ARIN (Northern America)
remarks:        http://www.arin.net/ whois.arin.net
remarks:
remarks:        LACNIC (Latin America and the Carribean)
remarks:        http://www.lacnic.net/ whois.lacnic.net
remarks:
remarks:        ------------------------------------------------------
country:        EU # Country is really world wide
admin-c:        IANA1-RIPE
tech-c:         IANA1-RIPE
status:         ALLOCATED UNSPECIFIED
mnt-by:         RIPE-NCC-HM-MNT
created:        2019-01-07T10:46:25Z
last-modified:  2019-01-07T10:46:25Z
source:         RIPErole:           Internet Assigned Numbers Authority
address:        see http://www.iana.org.
admin-c:        IANA1-RIPE
tech-c:         IANA1-RIPE
nic-hdl:        IANA1-RIPE
remarks:        For more information on IANA services
remarks:        go to IANA web site at http://www.iana.org.
mnt-by:         RIPE-NCC-MNT
created:        1970-01-01T00:00:00Z
last-modified:  2001-09-22T09:31:27Z
source:         RIPE # Filtered% This query was served by the RIPE Database Query Service version 1.94.1 (WAGYU)Gathered Inic-whois information for baidu.com
---------------------------------Domain Name: BAIDU.COMRegistry Domain ID: 11181110_DOMAIN_COM-VRSNRegistrar WHOIS Server: whois.markmonitor.comRegistrar URL: http://www.markmonitor.comUpdated Date: 2019-05-09T04:30:46ZCreation Date: 1999-10-11T11:05:17ZRegistry Expiry Date: 2026-10-11T11:05:17ZRegistrar: MarkMonitor Inc.Registrar IANA ID: 292Registrar Abuse Contact Email: abusecomplaints@markmonitor.comRegistrar Abuse Contact Phone: +1.2083895740Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibitedDomain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibitedDomain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibitedDomain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibitedDomain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibitedDomain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibitedName Server: NS1.BAIDU.COMName Server: NS2.BAIDU.COMName Server: NS3.BAIDU.COMName Server: NS4.BAIDU.COMName Server: NS7.BAIDU.COMDNSSEC: unsignedURL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2019-07-30T04:08:18Z <<<

对主机的IP进行whols查找

对主机的域名进行whols查找

对主机进行netcraft.com检索

对主机执行可能搜索到的子域

执行搜索可能的电子邮件地址（可能！人家不让你搜到你当然无法搜索到）

在主机上进行TCP端口扫描（全连接扫描）

在显示输出报告过滤端口的主机上执行TCP端口扫描

读取从扫描端口接收的banner（横幅）

探寻主机扫描TCP端口时设置的TTL（默认2）