Rappel :

Attention dans cet article l'outils est utilisé pour la recherche et l'apprentissage. Ce type d'outils ne doit pas être utilisé vers un serveur qui ne vous appartient pas, ceci peut être puni par la loi (voir les articles 323-XX).

Environnement de test :

Pour cela nous allons utiliser une VM tournant sur la distribution Kali. DMitry est installé de base sur Kali.

Utilisation :

La commande et ses options

 1 root@kali:~# dmitry -h
 2 Deepmagic Information Gathering Tool
 3 "There be some deep magic going on"
 4 
 5 dmitry: invalid option -- 'h'
 6 Usage: dmitry [-winsepfb] [-t 0-9] [-o %host.txt] host
 7   -o    Save output to %host.txt or to file specified by -o file
 8   -i    Perform a whois lookup on the IP address of a host
 9   -w    Perform a whois lookup on the domain name of a host
10   -n    Retrieve Netcraft.com information on a host
11   -s    Perform a search for possible subdomains
12   -e    Perform a search for possible email addresses
13   -p   Perform a TCP port scan on a host
14 * -f     Perform a TCP port scan on a host showing output reporting filtered ports
15 * -b     Read in the banner received from the scanned port
16 * -t 0-9 Set the TTL in seconds when scanning a TCP port ( Default 2 )
17 *Requires the -p flagged to be passed

La commande par l'exemple

  1 root@kali:~# dmitry -winse example.com
  2 Deepmagic Information Gathering Tool
  3 "There be some deep magic going on"
  4 
  5 HostIP:93.184.216.34
  6 HostName:example.com
  7 
  8 Gathered Inet-whois information for 93.184.216.34
  9 ---------------------------------
 10 
 11 
 12 inetnum:        93.184.216.0 - 93.184.216.255
 13 netname:        EDGECAST-NETBLK-03
 14 descr:          NETBLK-03-EU-93-184-216-0-24
 15 country:        EU
 16 admin-c:        DS7892-RIPE
 17 tech-c:         DS7892-RIPE
 18 status:         ASSIGNED PA
 19 mnt-by:         MNT-EDGECAST
 20 created:        2012-06-22T21:48:41Z
 21 last-modified:  2012-06-22T21:48:41Z
 22 source:         RIPE # Filtered
 23 
 24 person:         Derrick Sawyer
 25 address:        2850 Ocean Park Blvd., Suite 200, Santa Monica CA 90405 USA
 26 phone:          +18773343236
 27 nic-hdl:        DS7892-RIPE
 28 created:        2010-08-25T18:44:19Z
 29 last-modified:  2012-04-17T16:42:54Z
 30 source:         RIPE
 31 mnt-by:         MNT-EDGECAST
 32 
 33 % This query was served by the RIPE Database Query Service version 1.86 (DB-3)
 34 
 35 
 36 
 37 Gathered Inic-whois information for example.com
 38 ---------------------------------
 39    Domain Name: EXAMPLE.COM
 40    Registrar: RESERVED-INTERNET ASSIGNED NUMBERS AUTHORITY
 41    Sponsoring Registrar IANA ID: 376
 42    Whois Server: whois.iana.org
 43    Referral URL: http://res-dom.iana.org
 44    Name Server: A.IANA-SERVERS.NET
 45    Name Server: B.IANA-SERVERS.NET
 46    Status: clientDeleteProhibited https://www.icann.org/epp#clientDeleteProhibited
 47    Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
 48    Status: clientUpdateProhibited https://www.icann.org/epp#clientUpdateProhibited
 49    Updated Date: 14-aug-2015
 50    Creation Date: 14-aug-1995
 51    Expiration Date: 13-aug-2016
 52 
 53 >>> Last update of whois databa?se: Sat, 26 Mar201?C6 21:35?b?M-̿D:05 GM?T <????<<
 54 
 55 For more information on Whois status codes, please visit https://icann.org/epp
 56 
 57 NOTICE: The expiration date displayed in this record is the date the
 58 registrar's sponsorship of the domain name registration in the registry is
 59 currently set to expire. This date does not necessarily reflect the expiration
 60 date of the domain name registrant's agreement with the sponsoring
 61 registrar.  Users may consult the sponsoring registrar's Whois database to
 62 forN this b?@/̿registrreported date of expiration 
 63                      ati???on.
 64 
 65 TERMS OF USE: You are not authorized to access or query our Whois
 66 database through the use of electronic processes that are high-volume and
 67 automated except as reasonably necessary to register domain names or
 68 modify existing registrations; the Data in VeriSign Global Registry
 69 Services' ("VeriSign") Whois database is provided by VeriSign for
 70 information purposes only, and to assist persons in obtaining information
 71 corNd. Verb?@/̿iSign d domain name registration re
 72                      oes??? not
 73 guarantee its accuracy. By submitting a Whois query, you agree to abide
 74 by the following terms of use: You agree that you may use this Data only
 75 for lawful purposes and that under no circumstances will you use this Data
 76 to: (1) allow, enable, or otherwise support the transmission of mass
 77 unsolicited, commercial advertising or solicitations via e-mail, telephone,
 78 or facsimile; or (2) enable high volume, automated, electronic processes
 79  ThNe compb?@/̿ilationn (or its computer systems).
 80                      ,
 81 repackaging, dissemination or other use of this Data is expressly
 82 prohibited without the prior written consent of VeriSign. You agree not to
 83 use electronic processes that are automated and high-volume to access or
 84 query the Whois database except as reasonably necessary to register
 85 domain names or modify existing registrations. VeriSign reserves the right
 86 to restrict your access to the Whois database in its sole discretion to ensure
 87 terNminateb?[.̿ your a.  VeriSign may restrict or 
 88                      cce???ss to 
 89 the@.̿
 90 Whois database for failure to abide by these terms of use. VeriSign
 91 reserves the right to modify these terms at any time.
 92 
 93 The Registry database contains ONLY .COM, .NET, .EDU domains and
 94 Registrars.
 95 
 96 Gathered Netcraft information for example.com
 97 ---------------------------------
 98 
 99 Retrieving Netcraft.com information for example.com
100 Netcraft.com Information gathered
101 
102 Gathered Subdomain information for example.com
103 ---------------------------------
104 Searching Google.com:80...
105 Searching Altavista.com:80...
106 Found 0 possible subdomain(s) for host example.com, Searched 0 pages containing 0 results
107 
108 Gathered E-Mail information for example.com
109 ---------------------------------
110 Searching Google.com:80...
111 Searching Altavista.com:80...
112 Found 0 E-Mail(s) for host example.com, Searched 0 pages containing 0 results
113 
114 All scans completed, exiting

C'est un regroupement de commandes pour collecter les informations (IP, hébergeur/FAI, whois,... ) autour d'un nom de domaine.
Avec l'option -p l'outil fait un nmap, à ne faire que sur des domaines/serveurs qui vous appartiennent.