Rappel :
Attention dans cet article l’outils est utilisé pour la recherche et l’apprentissage.
Ce type d’outils ne doit pas être utilisé vers un serveur qui ne vous appartient pas, ceci peut être puni par la loi (voir les articles 323-XX).
Environnement de test :
Pour cela nous allons utiliser une VM tournant sur la distribution Kali .
DMitry est installé de base sur Kali.
Utilisation :
La commande et ses options
root @kali :~ # dmitry -h
Deepmagic Information Gathering Tool
"There be some deep magic going on"
dmitry: invalid option -- 'h'
Usage : dmitry [ - winsepfb ] [ - t 0 - 9 ] [ - o % host . txt ] host
- o Save output to % host . txt or to file specified by - o file
- i Perform a whois lookup on the IP address of a host
- w Perform a whois lookup on the domain name of a host
- n Retrieve Netcraft . com information on a host
- s Perform a search for possible subdomains
- e Perform a search for possible email addresses
- p Perform a TCP port scan on a host
* - f Perform a TCP port scan on a host showing output reporting filtered ports
* - b Read in the banner received from the scanned port
* - t 0 - 9 Set the TTL in seconds when scanning a TCP port ( Default 2 )
* Requires the - p flagged to be passed
La commande par l’exemple
root @kali :~ # dmitry -winse example.com
Deepmagic Information Gathering Tool
"There be some deep magic going on"
HostIP : 93.184 . 216.34
HostName :example . com
Gathered Inet - whois information for 93.184 . 216.34
---------------------------------
inetnum: 93.184 . 216.0 - 93.184 . 216.255
netname: EDGECAST - NETBLK - 03
descr: NETBLK - 03 - EU - 93 - 184 - 216 - 0 - 24
country: EU
admin - c: DS7892 - RIPE
tech - c: DS7892 - RIPE
status: ASSIGNED PA
mnt - by: MNT - EDGECAST
created: 2012 - 06 - 22 T21 : 48 : 41 Z
last - modified: 2012 - 06 - 22 T21 : 48 : 41 Z
source: RIPE # Filtered
person: Derrick Sawyer
address: 2850 Ocean Park Blvd . , Suite 200 , Santa Monica CA 90405 USA
phone: + 18773343236
nic - hdl: DS7892 - RIPE
created: 2010 - 08 - 25 T18 : 44 : 19 Z
last - modified: 2012 - 04 - 17 T16 : 42 : 54 Z
source: RIPE
mnt - by: MNT - EDGECAST
% This query was served by the RIPE Database Query Service version 1.86 ( DB - 3 )
Gathered Inic - whois information for example . com
---------------------------------
Domain Name : EXAMPLE . COM
Registrar : RESERVED - INTERNET ASSIGNED NUMBERS AUTHORITY
Sponsoring Registrar IANA ID : 376
Whois Server : whois . iana . org
Referral URL : http :/ / res - dom . iana . org
Name Server : A . IANA - SERVERS . NET
Name Server : B . IANA - SERVERS . NET
Status : clientDeleteProhibited https :/ / www . icann . org / epp #clientDeleteProhibited
Status : clientTransferProhibited https :/ / www . icann . org / epp #clientTransferProhibited
Status : clientUpdateProhibited https :/ / www . icann . org / epp #clientUpdateProhibited
Updated Date : 14 - aug - 2015
Creation Date : 14 - aug - 1995
Expiration Date : 13 - aug - 2016
>>> Last update of whois databa? se: Sat , 26 Mar201 ? C6 21 : 35 ? b? M - ̿ D : 05 GM ? T < ?? ? ?< <
For more information on Whois status codes , please visit https : //i cann . org / epp
NOTICE : The expiration date displayed in this record is the date the
registrar 's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant' s agreement with the sponsoring
registrar . Users may consult the sponsoring registrar 's Whois database to
forN this b?@/̿registrreported date of expiration
ati???on.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ( "VeriSign" ) Whois database is provided by VeriSign for
information purposes only , and to assist persons in obtaining information
corNd . Verb ? @ / ̿ iSign d domain name registration re
oes? ?? not
guarantee its accuracy . By submitting a Whois query , you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: ( 1 ) allow , enable , or otherwise support the transmission of mass
unsolicited , commercial advertising or solicitations via e - mail , telephone ,
or facsimile ; or ( 2 ) enable high volume , automated , electronic processes
ThNe compb? @ / ̿ ilationn ( or its computer systems ).
,
repackaging , dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign . You agree not to
use electronic processes that are automated and high - volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations . VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
terNminateb? [ . ̿ your a . VeriSign may restrict or
cce? ?? ss to
the @ . ̿
Whois database for failure to abide by these terms of use . VeriSign
reserves the right to modify these terms at any time .
The Registry database contains ONLY . COM , . NET , . EDU domains and
Registrars .
Gathered Netcraft information for example . com
---------------------------------
Retrieving Netcraft . com information for example . com
Netcraft . com Information gathered
Gathered Subdomain information for example . com
---------------------------------
Searching Google . com : 80 ...
Searching Altavista . com : 80 ...
Found 0 possible subdomain ( s ) for host example . com , Searched 0 pages containing 0 results
Gathered E - Mail information for example . com
---------------------------------
Searching Google . com : 80 ...
Searching Altavista . com : 80 ...
Found 0 E - Mail ( s ) for host example . com , Searched 0 pages containing 0 results
All scans completed , exiting
C’est un regroupement de commandes pour collecter les informations (IP, hébergeur/FAI, whois,… ) autour d’un nom de domaine.
Avec l’option -p l’outil fait un nmap, à ne faire que sur des domaines/serveurs qui vous appartiennent.