Rappel :

Attention dans cet article l’outils est utilisé pour la recherche et l’apprentissage. Ce type d’outils ne doit pas être utilisé vers un serveur qui ne vous appartient pas, ceci peut être puni par la loi (voir les articles 323-XX).

Environnement de test :

Pour cela nous allons utiliser une VM tournant sur la distribution Kali. DMitry est installé de base sur Kali.

Utilisation :

La commande et ses options

root@kali:~# dmitry -h
Deepmagic Information Gathering Tool
"There be some deep magic going on"

dmitry: invalid option -- 'h'
Usage: dmitry [-winsepfb] [-t 0-9] [-o %host.txt] host
  -o	 Save output to %host.txt or to file specified by -o file
  -i	 Perform a whois lookup on the IP address of a host
  -w	 Perform a whois lookup on the domain name of a host
  -n	 Retrieve Netcraft.com information on a host
  -s	 Perform a search for possible subdomains
  -e	 Perform a search for possible email addresses
  -p	 Perform a TCP port scan on a host
* -f	 Perform a TCP port scan on a host showing output reporting filtered ports
* -b	 Read in the banner received from the scanned port
* -t 0-9 Set the TTL in seconds when scanning a TCP port ( Default 2 )
*Requires the -p flagged to be passed

La commande par l’exemple

root@kali:~# dmitry -winse example.com
Deepmagic Information Gathering Tool
"There be some deep magic going on"

HostIP:93.184.216.34
HostName:example.com

Gathered Inet-whois information for 93.184.216.34
---------------------------------


inetnum:        93.184.216.0 - 93.184.216.255
netname:        EDGECAST-NETBLK-03
descr:          NETBLK-03-EU-93-184-216-0-24
country:        EU
admin-c:        DS7892-RIPE
tech-c:         DS7892-RIPE
status:         ASSIGNED PA
mnt-by:         MNT-EDGECAST
created:        2012-06-22T21:48:41Z
last-modified:  2012-06-22T21:48:41Z
source:         RIPE # Filtered

person:         Derrick Sawyer
address:        2850 Ocean Park Blvd., Suite 200, Santa Monica CA 90405 USA
phone:          +18773343236
nic-hdl:        DS7892-RIPE
created:        2010-08-25T18:44:19Z
last-modified:  2012-04-17T16:42:54Z
source:         RIPE
mnt-by:         MNT-EDGECAST

% This query was served by the RIPE Database Query Service version 1.86 (DB-3)



Gathered Inic-whois information for example.com
---------------------------------
   Domain Name: EXAMPLE.COM
   Registrar: RESERVED-INTERNET ASSIGNED NUMBERS AUTHORITY
   Sponsoring Registrar IANA ID: 376
   Whois Server: whois.iana.org
   Referral URL: http://res-dom.iana.org
   Name Server: A.IANA-SERVERS.NET
   Name Server: B.IANA-SERVERS.NET
   Status: clientDeleteProhibited https://www.icann.org/epp#clientDeleteProhibited
   Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
   Status: clientUpdateProhibited https://www.icann.org/epp#clientUpdateProhibited
   Updated Date: 14-aug-2015
   Creation Date: 14-aug-1995
   Expiration Date: 13-aug-2016

>>> Last update of whois databa?se: Sat, 26 Mar201?C6 21:35?b?M-̿D:05 GM?T <????<<

For more information on Whois status codes, please visit https://icann.org/epp

NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar.  Users may consult the sponsoring registrar's Whois database to
forN this b?@/̿registrreported date of expiration 
                     ati???on.

TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
corNd. Verb?@/̿iSign d domain name registration re
                     oes??? not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
 ThNe compb?@/̿ilationn (or its computer systems).
                     ,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
terNminateb?[.̿ your a.  VeriSign may restrict or 
                     cce???ss to 
the@.̿
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.

The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.

Gathered Netcraft information for example.com
---------------------------------

Retrieving Netcraft.com information for example.com
Netcraft.com Information gathered

Gathered Subdomain information for example.com
---------------------------------
Searching Google.com:80...
Searching Altavista.com:80...
Found 0 possible subdomain(s) for host example.com, Searched 0 pages containing 0 results

Gathered E-Mail information for example.com
---------------------------------
Searching Google.com:80...
Searching Altavista.com:80...
Found 0 E-Mail(s) for host example.com, Searched 0 pages containing 0 results

All scans completed, exiting

C’est un regroupement de commandes pour collecter les informations (IP, hébergeur/FAI, whois,… ) autour d’un nom de domaine.
Avec l’option -p l’outil fait un nmap, à ne faire que sur des domaines/serveurs qui vous appartiennent.