江苏龙网

  1. 主页 > 生活百科 > >

DNS侦查工具( 三 )

DNS


 
Gathered Inet-whois information for 61.135.169.121
---------------------------------
 
inetnum: 61.14.228.0 - 61.255.255.255
netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK
descr: IPv4 address block not managed by the RIPE NCC
remarks: ------------------------------------------------------
remarks:
remarks: You can find the whois server to query, or the
remarks: IANA registry to query on this web page:
remarks: http://www.iana.org/assignments/ipv4-address-space
remarks:
remarks: You can access databases of other RIRs at:
remarks:
remarks: AFRINIC (Africa)
remarks: http://www.afrinic.net/ whois.afrinic.net
remarks:
remarks: APNIC (Asia Pacific)
remarks: http://www.apnic.net/ whois.apnic.net
remarks:
remarks: ARIN (Northern America)
remarks: http://www.arin.net/ whois.arin.net
remarks:
remarks: LACNIC (Latin America and the Carribean)
remarks: http://www.lacnic.net/ whois.lacnic.net
remarks:
remarks: IANA IPV4 Recovered Address Space
remarks: http://www.iana.org/assignments/ipv4-recovered-address-space/ipv4-recovered-address-space.xhtml
remarks:
remarks: ------------------------------------------------------
country: EU # Country is really world wide
admin-c: IANA1-RIPE
tech-c: IANA1-RIPE
status: ALLOCATED UNSPECIFIED
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: RIPE-NCC-HM-MNT
created: 2018-05-28T14:20:24Z
last-modified: 2018-09-04T13:35:08Z
source: RIPE
 
role: Internet Assigned Numbers Authority
address: see http://www.iana.org.
admin-c: IANA1-RIPE
tech-c: IANA1-RIPE
nic-hdl: IANA1-RIPE
remarks: For more information on IANA services
【DNS侦查工具】remarks: go to IANA web site at http://www.iana.org.
mnt-by: RIPE-NCC-MNT
created: 1970-01-01T00:00:00Z
last-modified: 2001-09-22T09:31:27Z
source: RIPE # Filtered
 
% This query was served by the RIPE Database Query Service version 1.92.6 (WAGYU)
 
nslookupnslookup查询 可指dns服务器 如不指定使用默认dns服务器
root@zhaji:~# nslookup www.baidu.com
Server:10.198.1.1
Address:10.198.1.1#53
 
Non-authoritative answer:
Name:www.baidu.com
Address: 61.135.169.121
Name:www.baidu.com
Address: 61.135.169.125
www.baidu.comcanonical name = www.a.shifen.com. #识别的别名
还可检查是否DNS服务器被篡改
nslookup
> server
Default server: 10.198.1.1
Address: 10.198.1.1#53
更换dns服务器查询
root@zhaji:~# nslookup -type=ns baidu.com 8.8.8.8
Server:8.8.8.8
Address:8.8.8.8#53
 
Non-authoritative answer:
baidu.comnameserver = ns2.baidu.com.
baidu.comnameserver = ns3.baidu.com.
baidu.comnameserver = ns7.baidu.com.
baidu.comnameserver = ns4.baidu.com.
baidu.comnameserver = dns.baidu.com.
lbd
lbd给定一个域检查是否使用DNS或者HTTP负载均衡
lbd www.baidu.com
 
lbd - load balancing detector 0.4 - Checks if a given domain uses load-balancing.
Written by Stefan Behte (http://ge.mine.nu)
Proof-of-concept! Might give false positives.
 
Checking for DNS-Loadbalancing: FOUND
www.baidu.com has address 61.135.169.121
www.baidu.com has address 61.135.169.125
 
Checking for HTTP-Loadbalancing [Server]:
bfe/1.0.8.18
NOT FOUND
 
Checking for HTTP-Loadbalancing [Date]: 08:33:07, 08:33:07, 08:33:07, 08:33:07, 08:33:07, 08:33:07, 08:33:07, 08:33:07, 08:33:07, 08:33:07, 08:33:07, 08:33:07, 08:33:07, 08:33:07, 08:33:07, 08:33:08, 08:33:08, 08:33:08, 08:33:08, 08:33:08, 08:33:08, 08:33:08, 08:33:08, 08:33:08, 08:33:08, 08:33:08, 08:33:08, 08:33:08, 08:33:08, 08:33:08, 08:33:08, 08:33:08, 08:33:08, 08:33:08, 08:33:08, 08:33:08, 08:33:08, 08:33:08, 08:33:09, 08:33:09, 08:33:09, 08:33:09, 08:33:09, 08:33:09, 08:33:09, 08:33:09, 08:33:09, 08:33:09, 08:33:09, 08:33:09, NOT FOUND
 
Checking for HTTP-Loadbalancing [Diff]: FOUND
< Etag: "575e1f5d-115"
< Last-Modified: Mon, 13 Jun 2016 02:50:05 GMT
> Etag: "575e1f5c-115"
> Last-Modified: Mon, 13 Jun 2016 02:50:04 GMT
 
www.baidu.com does Load-balancing. Found via Methods: DNS HTTP[Diff]
Recon-ng
这个开源框架比较强大,模块使用Python编写,可自行建立改变模块也可利用第三方的API可能会被第三方跟踪.在kali中集成会把收集的数据放入数据库中. 有很多模块水土不服.
第一次启动会告知你没有安装的依赖
root@zhaji:~# recon-ng
[!] 'github_api' key not set. github_users module will likely fail at runtime. See 'keys add'.


推荐阅读


上一篇:古潼京的秘密到底是什么?

下一篇:12333讨薪多久处理?