[الدرس الثالث ] جمع المعلومات الجزء الاول

get_host()
get_netcraft()
get_nwhois()
get_iwhois()
get_subdomains()
get_emails()
subdomains()
portscan()

-n Retrieve Netcraft.com information on a host
-s Perform a search for possible subdomains
-e Perform a search for possible email addresses
-p Perform a TCP port scan on a host
* -f Perform a TCP port scan on a host showing output reporting filtered ports
* -b Read in the banner received from the scanned port
* -t 0-9 Set the TTL in seconds when scanning a TCP port ( Default 2 )

dmitry -winsepffb -o host.txt google.com

HostIP:64.233.187.99
Host****:google.com

Gathered Inet-whois information for 64.233.187.99
---------------------------------

Org****: Google Inc.
OrgID: GOGL
Address: 1600 Amphitheatre Parkway
City: Mountain View
StateProv: CA
PostalCode: 94043
Country: US

NetRange: 64.233.160.0 - 64.233.191.255
CIDR: 64.233.160.0/19
Net****: GOOGLE
NetHandle: NET-64-233-160-0-1
Parent: NET-64-0-0-0-0
NetType: Direct Al********
****Server: NS1.GOOGLE.COM
****Server: NS2.GOOGLE.COM
****Server: NS3.GOOGLE.COM
****Server: NS4.GOOGLE.COM
Comment:
RegDate: 2003-08-18
Updated: 2007-04-10

RTechHandle: ZG39-ARIN
RTech****: Google Inc.
RTechPhone: +1-650-318-0200
RTechEmail: arin-contact@google.com

OrgTechHandle: ZG39-ARIN
OrgTech****: Google Inc.
OrgTechPhone: +1-650-318-0200
OrgTechEmail: arin-contact@google.com

# ARIN WHOIS database, last updated 2007-07-10 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

Gathered Inic-whois information for google.com
---------------------------------

Domain ****: GOOGLE.COM
Registrar: MARKMONITOR INC.
Whois Server: whois.markmonitor.com
Referral URL: http://www.markmonitor.com
**** Server: NS1.GOOGLE.COM
**** Server: NS2.GOOGLE.COM
**** Server: NS3.GOOGLE.COM
**** Server: NS4.GOOGLE.COM
Status: clientDeleteProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 10-apr-2006
Creation Date: 15-sep-1997
Expiration Date: 14-sep-2011

>>> Last update of whois database: Wed, 11 Jul 2007 07:58:19 UTC <<<

NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain **** registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain **** registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.

TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain ****s or
modify existing registrations; the Data in VeriSign Global Registry
Services ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain **** registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain ****s or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.

The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.

Gathered Netcraft information for google.com
---------------------------------

Retrieving Netcraft.com information for google.com
Operating System: Linux
***Server: GWS/2.1
No uptime reports available for host: google.com
Netcraft.com Information gathered

Gathered Subdomain information for google.com
---------------------------------
Searching Google.com:80...
Host****:images.google.com
HostIP:64.233.169.99
Host****:video.google.com
HostIP:216.239.51.99
Host****:news.google.com
HostIP:72.14.219.99
Host****:maps.google.com
HostIP:66.102.1.103
Host****:mail.google.com
HostIP:66.249.83.19
Host****:www.google.com
HostIP:64.233.169.103
Host****:blogsearch.google.com
HostIP:66.102.1.104
Host****:books.google.com
HostIP:72.14.247.133
Host****:docs.google.com
HostIP:66.249.81.100
Host****:finance.google.com
HostIP:66.102.1.99
Host****:groups.google.com
HostIP:64.233.179.99
Host****:labs.google.com
HostIP:209.85.163.132
Host****:picasa***.google.com
HostIP:72.14.255.91
Host****:scholar.google.com
HostIP:66.102.1.103
Host****:earth.google.com
HostIP:64.233.169.104
Host****:toolbar.google.com
HostIP:66.102.1.102
Host****:sketchup.google.com
HostIP:72.14.207.99
Host****:code.google.com
HostIP:66.102.1.147
Host****:directory.google.com
HostIP:64.233.169.99
Host****:desktop.google.com
HostIP:64.233.161.104
Host****:pages.google.com
HostIP:72.14.207.118
Host****:picasa.google.com
HostIP:66.102.1.99
Host****:moon.google.com
HostIP:64.233.169.147
Host****:base.google.com
HostIP:216.239.51.99
Host****:checkout.google.com
HostIP:66.249.81.115
Host****:pack.google.com
HostIP:66.102.1.99
Host****:***accelerator.google.com
HostIP:66.102.1.103
Host****:catalogs.google.com
HostIP:72.14.247.133
Host****:adwords.google.com
HostIP:64.233.161.112
Host****:answers.google.com
HostIP:64.233.179.88
Host****:tools.google.com
HostIP:66.102.1.101
Host****:gears.google.com
HostIP:66.102.1.113
Host****:translate.google.com
HostIP:66.102.1.99
Host****:wap.google.com
HostIP:64.233.169.147
Host****:services.google.com
HostIP:64.233.179.110
Host****:investor.google.com
HostIP:66.102.1.104
Host****:upload.video.google.com
HostIP:64.233.161.116
Host****:local.google.com
HostIP:66.102.1.104
Host****:wifi.google.com
HostIP:64.233.179.123
Host****:w.google.com
HostIP:64.233.169.99
Host****:api.google.com
HostIP:64.233.179.104
Host****:eval.google.com
HostIP:216.239.51.84
Host****:mobile.google.com
HostIP:66.102.1.104
Host****:www.l.google.com
HostIP:64.233.169.103
Host****:print.google.com
HostIP:66.102.1.103
Host****:froogle.google.com
HostIP:216.239.51.104
Searching Altavista.com:80...
Found 46 possible subdomain(s) for host google.com, Searched 9 pages containing 900 results

Gathered E-Mail information for google.com
---------------------------------
Searching Google.com:80...
Searching Altavista.com:80...
Found 0 E-Mail(s) for host google.com, Searched 3 pages containing 300 results

./dnsenum.pl --enum -f dns.txt -u a -r u413.com

#
dnsenum.pl VERSION:1.2
#

#
----- u413.com -----
#

#
-----------------
#
Host's addresses:
#
-----------------
#
u413.com. 3262 IN A 173.201.74.219
#

#
-------------
#
**** servers:
#
-------------
#
ns26.domaincontrol.com. 863 IN A 208.109.255.13
#
ns25.domaincontrol.com. 885 IN A 216.69.185.13
#

#
-----------
#
MX record:
#
-----------
#
ASPMX.L.GOOGLE.com. 293 IN A 209.85.223.91
#
ALT1.ASPMX.L.GOOGLE.com. 293 IN A 209.85.217.21
#
ALT2.ASPMX.L.GOOGLE.com. 293 IN A 74.125.93.27
#
ASPMX2.GOOGLEMAIL.com. 3600 IN A 209.85.135.27
#
ASPMX3.GOOGLEMAIL.com. 3600 IN A 72.14.213.27
#

#
---------------------
#
Trying Zonetransfers:
#
---------------------
#

#
trying zonetransfer for u413.com on ns26.domaincontrol.com ...
#

#
trying zonetransfer for u413.com on ns25.domaincontrol.com ...
#

#
--------------------------------------------
#
Scraping u413.com subdomains from google:
#
--------------------------------------------
#

#
---- Google search page: 1 ----
#

#
Google results: 0
#
perhaps google is blocking our queries.
#

#
------------------------------
#
Brute forcing with dns.txt:
#
------------------------------
#
email.u413.com. 3600 IN C**** mail.u413.com.
#
mail.u413.com. 3600 IN C**** ghs.google.com.
#
ghs.google.com. 51332 IN C**** ghs.l.google.com.
#
ghs.l.google.com. 300 IN A 74.125.77.121
#
ftp.u413.com. 3600 IN C**** u413.com.
#
u413.com. 3600 IN A 173.201.74.219
#
mail.u413.com. 3600 IN C**** ghs.google.com.
#
ghs.google.com. 57651 IN C**** ghs.l.google.com.
#
ghs.l.google.com. 300 IN A 74.125.77.121
#
pop.u413.com. 3600 IN C**** pop.gmail.com.
#
pop.gmail.com. 300 IN C**** gmail-pop.l.google.com.
#
gmail-pop.l.google.com. 300 IN A 74.125.95.109
#
smtp.u413.com. 3600 IN C**** smtp.gmail.com.
#
smtp.gmail.com. 300 IN C**** gmail-smtp-msa.l.google.com.
#
gmail-smtp-msa.l.google.com. 300 IN A 72.14.221.109
#
gmail-smtp-msa.l.google.com. 300 IN A 72.14.221.111
#
www.u413.com. 3600 IN C**** u413.com.
#
u413.com. 3600 IN A 173.201.74.219
#

#
---------------------
#
Performing recursion:
#
---------------------
#

#
---- checking subdomains NS records ----
#
u413.com. 3581 IN NS ns25.domaincontrol.com.
#
u413.com. 3581 IN NS ns26.domaincontrol.com.
#
u413.com. 3600 IN NS ns25.domaincontrol.com.
#
u413.com. 3600 IN NS ns26.domaincontrol.com.
#

#
Can't perform recursion no NS records.
#

#
-----------------------
#
Lunching whois queries:
#
-----------------------
#
whois ip result: 173.201.74.0 -> 173.201.0.0/16
#

#
----------------------------
#
u413.com whois netranges:
#
----------------------------
#
173.201.0.0/16
#

#
----------------------------------------------------
#
Performing reverse lookup on 65536 ip addresses:
#
----------------------------------------------------
#

#
0 results out of 65536 ip addresses.
#

#
---------------------
#
u413.com ip blocks:
#
---------------------
#

#
done.