★3.1Netcraft :子域名查询

 官网:http://searchdns.netcraft.com/

输入要查询的域名,即可得知子域名

3.2Fierce :子域名查询

  • 概述:

    fierce 是使用多种技术来扫描目标主机IP地址和主机名的一个DNS服务器枚举工具。运用递归的方式来工作。它的工作原理是先通过查询本地DNS服务器来查找目标DNS服务器,然后使用目标DNS服务器来查找子域名。fierce的主要特点就是可以用来定位独立IP空间对应域名和主机名。

  • 参数:

    root@Kali:/home/dnt# fierce -h

    fierce.pl (C) Copywrite 2006,2007 - By RSnake at http://ha.ckers.org/fierce/

    Usage: perl fierce.pl [-dns example.com] [OPTIONS]

    Overview:

    Fierce is a semi-lightweight scanner that helps locate non-contiguous

    IP space and hostnames against specified domains. It's really meant

    as a pre-cursor to nmap, unicornscan, nessus, nikto, etc, since all

    of those require that you already know what IP space you are looking

    for. This does not perform exploitation and does not scan the whole

    internet indiscriminately. It is meant specifically to locate likely

    targets both inside and outside a corporate network. Because it uses

    DNS primarily you will often find mis-configured networks that leak

    internal address space. That's especially useful in targeted malware.

    Options:

    -connect        Attempt to make http connections to any non RFC1918

    (public) addresses. This will output the return headers but

    be warned, this could take a long time against a company with

    many targets, depending on network/machine lag. I wouldn't

    recommend doing this unless it's a small company or you have a

    lot of free time on your hands (could take hours-days).

    Inside the file specified the text "Host:\n" will be replaced

    by the host specified. Usage:

    perl fierce.pl -dns example.com -connect headers.txt

    -delay                The number of seconds to wait between lookups.

    -dns                The domain you would like scanned.

    -dnsfile         Use DNS servers provided by a file (one per line) for

    reverse lookups (brute force).

    -dnsserver        Use a particular DNS server for reverse lookups

    (probably should be the DNS server of the target). Fierce

    uses your DNS server for the initial SOA query and then uses

    the target's DNS server for all additional queries by default.

    -file                A file you would like to output to be logged to.

    -fulloutput        When combined with -connect this will output everything

    the webserver sends back, not just the HTTP headers.

    -help                This screen.

    -nopattern        Don't use a search pattern when looking for nearby

    hosts. Instead dump everything. This is really noisy but

    is useful for finding other domains that spammers might be

    using. It will also give you lots of false positives,

    especially on large domains.

    -range                Scan an internal IP range (must be combined with

    -dnsserver). Note, that this does not support a pattern

    and will simply output anything it finds. Usage:

    perl fierce.pl -range 111.222.333.0-255 -dnsserver ns1.example.co

    -search                Search list. When fierce attempts to traverse up and

    down ipspace it may encounter other servers within other

    domains that may belong to the same company. If you supply a

    comma delimited list to fierce it will report anything found.

    This is especially useful if the corporate servers are named

    different from the public facing website. Usage:

    perl fierce.pl -dns examplecompany.com -search corpcompany,blahcompany

    Note that using search could also greatly expand the number of

    hosts found, as it will continue to traverse once it locates

    servers that you specified in your search list. The more the

    better.

    -suppress        Suppress all TTY output (when combined with -file).

    -tcptimeout        Specify a different timeout (default 10 seconds). You

    may want to increase this if the DNS server you are querying

    is slow or has a lot of network lag.

    -threads Specify how many threads to use while scanning (default

    is single threaded).

    -traverse        Specify a number of IPs above and below whatever IP you

    have found to look for nearby IPs. Default is 5 above and

    below. Traverse will not move into other C blocks.

    -version        Output the version number.

    -wide                Scan the entire class C after finding any matching

    hostnames in that class C. This generates a lot more traffic

    but can uncover a lot more information.

    -wordlist        Use a seperate wordlist (one word per line). Usage:

    perl fierce.pl -dns examplecompany.com -wordlist dictionary.txt

  • 实例:threads 是线程数,可以自己指定

     root@Kali:/home/dnt# fierce -dns cnblogs.com -threads 100

    Trying zone transfer first...

    Unsuccessful in zone transfer (it was worth a shot)

    Okay, trying the good old fashioned way... brute force

    Checking for wildcard DNS...

    ** Found 99901599299.cnblogs.com at 42.121.252.58.

    ** High probability of wildcard DNS.

    Now performing 2280 test(s)...

    120.26.70.206        files.cnblogs.com

    42.121.129.234        images.cnblogs.com

    223.6.251.45        group.cnblogs.com

    223.6.251.45        home.cnblogs.com

    42.121.129.234        download.cnblogs.com

    221.181.200.235        cdn.cnblogs.com

    42.121.131.85        mail.cnblogs.com

    42.121.129.234        downloads.cnblogs.com

    223.6.251.45        news.cnblogs.com

    223.6.251.45        ad.cnblogs.com

    42.121.254.229        p.cnblogs.com

    。。。。。。。。

★Kali信息收集~3.子域名系列的更多相关文章

  1. Kali信息收集系列:(都是我以前的笔记整理了一下,就没加水印,习惯就好)

    好几天没发微信公众号了,今天一起发下.(最近有点事情) 前些天老业界的一位朋友问我一些Safe新时代信息收集的问题 逆天虽然好多年不干老本行,但隔段时间都会关注一下 于是就花了点时间整理了一下,你们就 ...

  2. ★Kali信息收集★8.Nmap :端口扫描

    ★Kali信息收集~ 0.Httrack 网站复制机 http://www.cnblogs.com/dunitian/p/5061954.html ★Kali信息收集~ 1.Google Hackin ...

  3. Kali信息收集

    前言 渗透测试最重要的阶段之一就是信息收集,需要收集关于目标主机的基本细腻些.渗透测试人员得到的信息越多,渗透测试成功的概率也就越高. 一.枚举服务 1.1 DNS枚举工具DNSenum DNSenu ...

  4. ★Kali信息收集~★6.Dmitry:汇总收集

    概述: DMitry(Deepmagic Information Gathering Tool)是一个一体化的信息收集工具.它可以用来收集以下信息: 1. 端口扫描 2. whois主机IP和域名信息 ...

  5. ★Kali信息收集~ 5.The Harvester:邮箱挖掘器

    官网:http://www.edge-security.com 安装:apt-get install theHarvester 运行:终端输入 theharvester (小写) 用法+参数:(返回邮 ...

  6. ★Kali信息收集~4.DNS系列

    ★.1host:DNS信息 参数: 一般情况下,host查找的是A,AAAA,和MX的记录 案例: DNS服务器查询  host -t ns 域名 A记录和MX记录查询  host 域名(host - ...

  7. ★Kali信息收集~ 1.Google Hacking + Github Hacking

    一.google hacking site site:cnblogs.com 毒逆天 intitle intitle:login allintitle allintitle:index of alli ...

  8. Kali信息收集-搜索引擎

    1.google hacking intext:搜索正文内容 intitile:网页标题中的内容 inurl:url中的关键字 site:目标站点下 filetype:文件类型 cache:缓存 li ...

  9. ★Kali信息收集~★7.FPing :ip段扫描

    参数: 使用方法: fping [选项] [目标...] -a显示是活着的目标 -A 显示目标地址 -b n 大量 ping 数据要发送,以字节为单位 (默认 56) -B f 将指数退避算法因子设置 ...

随机推荐

  1. 前端开发中SEO的十二条总结

    一. 合理使用title, description, keywords二. 合理使用h1 - h6, h1标签的权重很高, 注意使用频率三. 列表代码使用ul, 重要文字使用strong标签四. 图片 ...

  2. 【探索】在 JavaScript 中使用 C 程序

    JavaScript 是个灵活的脚本语言,能方便的处理业务逻辑.当需要传输通信时,我们大多选择 JSON 或 XML 格式. 但在数据长度非常苛刻的情况下,文本协议的效率就非常低了,这时不得不使用二进 ...

  3. C语言 · 乘法表

    问题描述 输出九九乘法表. 输出格式 输出格式见下面的样例.乘号用"*"表示. 样例输出 下面给出输出的前几行:1*1=12*1=2 2*2=43*1=3 3*2=6 3*3=94 ...

  4. javascript中的操作符详解1

    好久没有写点什么了,根据博主的技术,仍然写一点javascript新手入门文章,接下来我们一起来探讨javascript的操作符. 一.前言 javascript中有许多操作符,但是许多初学者并不理解 ...

  5. Java之多态(二)

    package test05;import test06.Car1;public class DuoTai_Test02 { /**多个对象,一个形态 * Tiger.Lion.Snake → Ani ...

  6. iOS开发 适配iOS10

    2016年9月7日,苹果发布iOS 10.2016年9月14日,全新的操作系统iOS 10将正式上线. 作为开发者,如何适配iOS10呢? 1.Notification(通知) 自从Notificat ...

  7. Android中Fragment与Activity之间的交互(两种实现方式)

    (未给Fragment的布局设置BackGound) 之前关于Android中Fragment的概念以及创建方式,我专门写了一篇博文<Android中Fragment的两种创建方式>,就如 ...

  8. [原创]ubuntu16.04LTS使用细节

    如何给自己安装的应用创建桌面图标 拿php开发神器phpstorm为例,找到可执行文件所在路径. 这里是/home/haive/PhpStorm/bin/phpstorm.sh 打开dash,搜索&q ...

  9. 机器指令翻译成 JavaScript —— 终极目标

    上一篇,我们顺利将 6502 指令翻译成 C 代码,并演示了一个案例. 现在,我们来完成最后的目标 -- 转换成 JavaScript. 中间码输出 我们之所以选择 C,就是为了使用 LLVM.现在来 ...

  10. Topshelf 支持Mono 扩展Topshelf.Linux

    使用Topshelf 5步创建Windows 服务 这篇文章大家可以了解到使用Topshelf可以很好的支持Windows服务的开发,但是它和Mono不兼容,Github上有一个扩展https://g ...