Dmitry

From aldeid
Jump to navigation Jump to search

DMitry

Description

DMitry (Deepmagic Information Gathering Tool) is a UNIX/(GNU)Linux Command Line Application coded in C language.

DMitry has the ability to gather as much information as possible about a host. Base functionality is able to gather possible subdomains, email addresses, uptime information, tcp port scan, whois lookups, and more. The information are gathered with following methods:

  • Perform an Internet Number whois lookup.
  • Retrieve possible uptime data, system and server data.
  • Perform a SubDomain search on a target host.
  • Perform an E-Mail address search on a target host.
  • Perform a TCP Portscan on the host target.
  • A Modular program allowing user specified modules

Download and installation

DMitry can be downloaded by issuing following commands:

$ cd /data/src/
$ wget http://mor-pah.net/code/DMitry-1.3a.tar.gz

For installation, issue following commands:

$ tar xzvf DMitry-1.3a.tar.gz
$ cd DMitry-1.3a/
$ ./configure
$ make
$ sudo make install

Then optionally create a symbolic link to your /pentest/ directory:

$ mkdir -p /pentest/enumeration/dmitry/
$ ln -s /usr/local/bin/dmitry /pentest/enumeration/dmitry/dmitry

Use

help

DMitry help can be displayed by issuing:

$ dmitry --help

or, for a more complete documentation:

$ man dmitry

options

The options are detailed below:

-o filename
     Create an ascii text output of the  results  to  the  "filename"
     specified.   If no output filename is specified then output will
     be saved to "target.txt".  If this option is  not  specified  in
     any  form output will be sent to the standard output (STDOUT) by
     default.   This  option  MUST  trail  all  other  options,  i.e.
     "./dmitry -winseo target".

-i     Perform  an  Internet  Number  whois lookup on the target.  This
     requires that the target be in the form of  a  4  part  Internet
     Number  with  each  octal  seperated using the ‘.’ notation. For
     example, "./dmitry -i 255.255.255.255".

-w     Perform a whois lookup on the ’host’ target.  This requires that
     the  target  be  in  a  named  character  format.   For example,
     "./dmitry -w target" will perform a standard named whois lookup.

-n     Retrieve  netcraft.com  data  concerning the host, this includes
     Operating System, Web  Server  release  and  UpTime  information
     where available.

-s     Perform  a  SubDomain search on the specified target.  This will
     use serveral search engines to attempt to locate sub-domains  in
     the  form  of sub.target.  There is no set limit to the level of
     sub-domain that can be located,  however,  there  is  a  maximum
     string  length of 40 characters (NCOL 40) to limit memory usage.
     Possible subdomains are then reversed to an IP address, if  this
     comes  back  positive  then  the  resulting subdomain is listed.
     However, if the host uses an asterisk in their DNS  records  all
     resolve subdomains will come back positive.

-e     Perform  an  EmailAddress  search on the specified target.  This
     modules works using the same concept as the SubDomain search  by
     attempting  to  locate  possible  e-mail  addresses for a target
     host.  The e-mail addresses may also be for possible sub-domains
     of  the  target  host.  There is a limit to the length of the e-
     mail address set to 50 characters  (NCOL  50)  to  limit  memory
     usage.

-p     Perform  a  TCP  Portscan  on the host target.  This is a pretty
     basic module at the moment, and we do advise users to use  some‐
     thing  like  nmap (www.insecure.org/nmap/) instead.  This module
     will list open, closed and  filtered  ports  within  a  specific
     range.  There will probably be little advancement upon this mod‐
     ule, though there will be some alterations to make it  a  little
     more  user friendly.  There are also other options for this mod‐
     ule that can affect the scan and its relative output.

-f     This option will cause the TCP Portscan module to report/display
     output  of  filtered  ports.   These are usually ports that have
     been filtered and/or closed  by  a  firewall  at  the  specified
     host/target.   This  option  requires  that  the  ’-p’ option be
     passed as a previous option.  For example,  "./dmitry  -pf  tar‐
     get".

-b     This option will cause the TCP Portscan module to output Banners
     if they are received  when  scanning  TCP  Ports.   This  option
     requres  that  the  ’-p’  option be passed as a previous option.
     For example, "./dmitry -pb target".

-t     This sets the Time To Live (TTL) of  the  Portscan  module  when
     scanning individual ports.  This is set to 2 seconds by default.
     This is usually required when scanning a host that has  a  fire‐
     wall and/or has filtered ports which can slow a scan down.

Example

The following command:

$ dmitry -iwns -o example.out google.com

creates a report named example.out, that looks like this:

HostIP:209.85.227.99
HostName:google.com

Gathered Inet-whois information for 209.85.227.99
---------------------------------

OrgName:    Google Inc. 
OrgID:      GOGL
Address:    1600 Amphitheatre Parkway
City:       Mountain View
StateProv:  CA
PostalCode: 94043
Country:    US

NetRange:   209.85.128.0 - 209.85.255.255 
CIDR:       209.85.128.0/17 
NetName:    GOOGLE
NetHandle:  NET-209-85-128-0-1
Parent:     NET-209-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.GOOGLE.COM
NameServer: NS2.GOOGLE.COM
NameServer: NS3.GOOGLE.COM
NameServer: NS4.GOOGLE.COM
Comment:    
RegDate:    2006-01-13
Updated:    2006-06-01

OrgTechHandle: ZG39-ARIN
OrgTechName:   Google Inc. 
OrgTechPhone:  +1-650-318-0200
OrgTechEmail:  [email protected]

# ARIN WHOIS database, last updated 2010-02-06 20:00
# Enter ? for additional hints on searching ARIN's WHOIS database.
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at https://www.arin.net/whois_tou.html

Gathered Inic-whois information for google.com
---------------------------------

   Domain Name: GOOGLE.COM
   Registrar: MARKMONITOR INC.
   Whois Server: whois.markmonitor.com
   Referral URL: http://www.markmonitor.com
   Name Server: NS1.GOOGLE.COM
   Name Server: NS2.GOOGLE.COM
   Name Server: NS3.GOOGLE.COM
   Name Server: NS4.GOOGLE.COM
   Status: clientDeleteProhibited
   Status: clientTransferProhibited
   Status: clientUpdateProhibited
   Status: serverDeleteProhibited
   Status: serverTransferProhibited
   Status: serverUpdateProhibited
   Updated Date: 18-nov-2008
   Creation Date: 15-sep-1997
   Expiration Date: 14-sep-2011

>>> Last update of whois database: Sun, 07 Feb 2010 08:06:53 UTC <<<

NOTICE: The expiration date displayed in this record is the date the 
registrar's sponsorship of the domain name registration in the registry is 
currently set to expire. This date does not necessarily reflect the expiration 
date of the domain name registrant's agreement with the sponsoring 
registrar.  Users may consult the sponsoring registrar's Whois database to 
view the registrar's reported date of expiration for this registration.

TERMS OF USE: You are not authorized to access or query our Whois 
database through the use of electronic processes that are high-volume and 
automated except as reasonably necessary to register domain names or 
modify existing registrations; the Data in VeriSign Global Registry 
Services' ("VeriSign") Whois database is provided by VeriSign for 
information purposes only, and to assist persons in obtaining information 
about or related to a domain name registration record. VeriSign does not 
guarantee its accuracy. By submitting a Whois query, you agree to abide 
by the following terms of use: You agree that you may use this Data only 
for lawful purposes and that under no circumstances will you use this Data 
to: (1) allow, enable, or otherwise support the transmission of mass 
unsolicited, commercial advertising or solicitations via e-mail, telephone, 
or facsimile; or (2) enable high volume, automated, electronic processes 
that apply to VeriSign (or its computer systems). The compilation, 
repackaging, dissemination or other use of this Data is expressly 
prohibited without the prior written consent of VeriSign. You agree not to 
use electronic processes that are automated and high-volume to access or 
query the Whois database except as reasonably necessary to register 
domain names or modify existing registrations. VeriSign reserves the right 
to restrict your access to the Whois database in its sole discretion to ensure 
operational stability.  VeriSign may restrict or terminate your access to the 
Whois database for failure to abide by these terms of use. VeriSign 
reserves the right to modify these terms at any time. 

The Registry database contains ONLY .COM, .NET, .EDU domains and

Gathered Netcraft information for google.com
---------------------------------

Retrieving Netcraft.com information for google.com
Netcraft.com Information gathered

Gathered Subdomain information for google.com
---------------------------------
Searching Google.com:80...
HostName:www.google.com
HostIP:209.85.227.99
Searching Altavista.com:80...
Found 1 possible subdomain(s) for host google.com, Searched 0 pages containing 0 results

Comments

Talk:Dmitry