instarecon將從如下幾個方面展開滲透測試前的信息收集工做python
1. DNS (direct, PTR, MX, NS) lookupsgit
包括域名的dns解析結果;github
PTR記錄:是電子郵件系統中的郵件交換記錄的一種;另外一種郵件交換記錄是A記錄(在IPv4協議中)或AAAA記錄(在IPv6協議中)。PTR記錄常被用於反向地址解析。shell
MX記錄:是郵件交換記錄,它指向一個郵件服務器,用於電子郵件系統發郵件時根據 收信人的地址後綴來定位郵件服務器。MX記錄也叫作郵件路由記錄,用戶能夠將該域名下的郵件服務器指向到本身的mail server上,而後便可自行操控全部的郵箱設置。數據庫
NS記錄:NS(Name Server)記錄是域名服務器記錄,用來指定該域名由哪一個DNS服務器來進行解析。安全
2. Whois (domains and IP) lookupsbash
whois是用來查詢域名的IP以及全部者等信息的傳輸協議。簡單說,whois就是一個用來查詢域名是否已經被註冊,以及註冊域名的詳細信息的數據庫(如域名全部人、域名註冊商)。服務器
3. Google dorks in search of subdomainsdom
google搜索引擎記錄的二級域名相關信息ssh
4. Shodan lookups
經過shodan獲取域名相關信息;Shodan真正值得注意的能力就是能找到幾乎全部和互聯網相關聯的東西。而Shodan真正的可怕之處就是這些設備幾乎都沒有安裝安全防護措施,其能夠隨意進入。
5. Reverse DNS lookups on entire CIDRs
dns的方向查詢,即經過指向的ip反查ip相關的域名信息
惟一可能有點缺憾的是沒有加入dns暴力遍歷。
bash➜ tools git:(master) ✗ git clone https://github.com/vergl4s/instarecon.git
接下來須要安裝python的擴展,若是已經安裝的pip則直接安裝:
bashsudo pip install pythonwhois ipwhois ipaddress shodan
若是沒有安裝pip,能夠這樣安裝
shsudo easy_install pip
使用很簡單,給個示例:
$ ./instarecon.py -s <shodan_key> -o ~/Desktop/github.com.csv github.com
跑一下烏雲的信息看看:
[root@localhost instarecon]# python instarecon.py wooyun.org # InstaRecon v0.1 - by Luis Teixeira (teix.co) # Scanning 1/1 hosts # No Shodan key provided # ____________________ Scanning wooyun.org ____________________ # # DNS lookups [*] Domain: wooyun.org [*] IPs & reverse DNS: 162.159.208.53 162.159.209.53 # Whois lookups [*] Whois domain: Domain Name:WOOYUN.ORG Domain ID: D159099935-LROR Creation Date: 2010-05-06T08:50:48Z Updated Date: 2015-01-07T03:37:41Z Registry Expiry Date: 2024-05-06T08:50:48Z Sponsoring Registrar:Hichina Zhicheng Technology Limited (R1373-LROR) Sponsoring Registrar IANA ID: 420 WHOIS Server: Referral URL: Domain Status: clientDeleteProhibited -- http://www.icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited -- http://www.icann.org/epp#clientTransferProhibited Registrant ID:hc556860480-cn Registrant Name:Fang Xiao Dun Registrant Organization:Fang Xiao Dun Registrant Street: Haidian District JuYuan Road 6# 502 Registrant City:Beijing Registrant State/Province:Beijing Registrant Postal Code:100080 Registrant Country:CN Registrant Phone:+86.18610137578 Registrant Phone Ext: Registrant Fax: +86.18610137578 Registrant Fax Ext: Registrant Email:xssshell@gmail.com Admin ID:HC-009652962-CN Admin Name:Fang Xiaodun Admin Organization:Beijing Bigfish Technology Admin Street: Haidian District JuYuan Road 6# 502 Admin City:Beijing Admin State/Province:Beijing Admin Postal Code:100080 Admin Country:CN Admin Phone:+86.18610137578 Admin Phone Ext: Admin Fax: +86.18610137578 Admin Fax Ext: Admin Email:xssshell@gmail.com Tech ID:HC-844637505-CN Tech Name:Fang Xiaodun Tech Organization:Beijing Bigfish Technology Tech Street: Haidian District JuYuan Road 6# 502 Tech City:Beijing Tech State/Province:Beijing Tech Postal Code:100080 Tech Country:CN Tech Phone:+86.18610137578 Tech Phone Ext: Tech Fax: +86.18610137578 Tech Fax Ext: Tech Email:xssshell@gmail.com Name Server:NS1.DNSV2.COM Name Server:NS2.DNSV2.COM Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: DNSSEC:Unsigned Access to Public Interest Registry WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the Public Interest Registry registry database. The data in this record is provided by Public Interest Registry for informational purposes only, and Public Interest Registry does not guarantee its accuracy. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to(a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Afilias except as reasonably necessary to register domain names or modify existing registrations. All rights reserved. Public Interest Registry reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy. For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en. [*] Whois IP: asn: 13335 asn_cidr: 162.159.208.0/24 asn_country_code: US asn_date: 2013-05-23 asn_registry: arin net 0: cidr: 162.158.0.0/15 range: 162.158.0.0 - 162.159.255.255 name: CLOUDFLARENET description: CloudFlare, Inc. handle: NET-162-158-0-0-1 address: 665 Third Street #207 city: San Francisco state: CA postal_code: 94107 country: US abuse_emails: abuse@cloudflare.com tech_emails: admin@cloudflare.com created: 2013-05-23 00:00:00 updated: 2013-05-23 00:00:00 # Querying Google for subdomains and Linkedin pages, this might take a while [-] Error: No subdomains found in Google. If you are scanning a lot, Google might be blocking your requests. # Reverse DNS lookup on range 162.158.0.0/15 162.159.8.133 - cf-162-159-8-133.cloudflare.com 162.159.9.204 - cf-162-159-9-204.cloudflare.com 162.159.24.5 - dns1.namecheaphosting.com 162.159.24.6 - a.ns.zerigo.net 162.159.24.7 - e.ns.zerigo.net 162.159.24.204 - ns1.proisp.no 162.159.25.5 - dns2.namecheaphosting.com 162.159.25.6 - b.ns.zerigo.net 162.159.25.7 - f.ns.zerigo.net 162.159.25.138 - ns2.proisp.no 162.159.26.6 - c.ns.zerigo.net 162.159.27.6 - d.ns.zerigo.net # Done
能夠看到烏雲使用的是cloudflare;負責人是fangxiaodun;郵箱是xssshell@gmail.com
來自http://www.codefrom.com/paper/%20%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95%...