功能介紹

instarecon將從以下幾個方面展開滲透測試前的信息收集工作

1. DNS (direct, PTR, MX, NS) lookups

包括域名的dns解析結果；

PTR記錄：是電子郵件系統(tǒng)中的郵件交換記錄的一種；另一種郵件交換記錄是A記錄（在IPv4協(xié)議中）或AAAA記錄（在IPv6協(xié)議中）。PTR記錄常被用于反向地址解析。

MX記錄：是郵件交換記錄，它指向一個郵件服務器，用于電子郵件系統(tǒng)發(fā)郵件時根據(jù) 收信人的地址后綴來定位郵件服務器。MX記錄也叫做郵件路由記錄，用戶可以將該域名下的郵件服務器指向到自己的mail server上，然后即可自行操控所有的郵箱設置。

NS記錄：NS（Name Server）記錄是域名服務器記錄，用來指定該域名由哪個DNS服務器來進行解析。

2. Whois (domains and IP) lookups

whois是用來查詢域名的IP以及所有者等信息的傳輸協(xié)議。簡單說，whois就是一個用來查詢域名是否已經(jīng)被注冊，以及注冊域名的詳細信息的數(shù)據(jù)庫（如域名所有人、域名注冊商）。

3. Google dorks in search of subdomains

google搜索引擎記錄的二級域名相關信息

4. Shodan lookups

通過shodan獲取域名相關信息；Shodan真正值得注意的能力就是能找到幾乎所有和互聯(lián)網(wǎng)相關聯(lián)的東西。而Shodan真正的可怕之處就是這些設備幾乎都沒有安裝安全防御措施，其可以隨意進入。

5. Reverse DNS lookups on entire CIDRs

dns的方向查詢，即通過指向的ip反查ip相關的域名信息

唯一可能有點缺憾的是沒有加入dns暴力遍歷。

下載

bash? tools git:(master) ? git clone https://github.com/vergl4s/instarecon.git

接下來需要安裝python的擴展,如果已經(jīng)安裝的pip則直接安裝：

bashsudo pip install pythonwhois ipwhois ipaddress shodan

如果沒有安裝pip，可以這樣安裝

shsudo easy_install pip

使用

使用很簡單，給個示例：

$ ./instarecon.py -s <shodan_key> -o ~/Desktop/github.com.csv github.com

跑一下烏云的信息看看：

[root@localhost instarecon]# python instarecon.py wooyun.org # InstaRecon v0.1 - by Luis Teixeira (teix.co) # Scanning 1/1 hosts # No Shodan key provided# ____________________ Scanning wooyun.org ____________________ ## DNS lookups [*] Domain: wooyun.org[*] IPs & reverse DNS: 162.159.208.53 162.159.209.53# Whois lookups[*] Whois domain: Domain Name:WOOYUN.ORG Domain ID: D159099935-LROR Creation Date: 2010-05-06T08:50:48Z Updated Date: 2015-01-07T03:37:41Z Registry Expiry Date: 2024-05-06T08:50:48Z Sponsoring Registrar:Hichina Zhicheng Technology Limited (R1373-LROR) Sponsoring Registrar IANA ID: 420 WHOIS Server: Referral URL: Domain Status: clientDeleteProhibited -- http://www.icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited -- http://www.icann.org/epp#clientTransferProhibited Registrant ID:hc556860480-cn Registrant Name:Fang Xiao Dun Registrant Organization:Fang Xiao Dun Registrant Street: Haidian District JuYuan Road 6# 502 Registrant City:Beijing Registrant State/Province:Beijing Registrant Postal Code:100080 Registrant Country:CN Registrant Phone:+86.18610137578 Registrant Phone Ext: Registrant Fax: +86.18610137578 Registrant Fax Ext: Registrant Email:xssshell@gmail.com Admin ID:HC-009652962-CN Admin Name:Fang Xiaodun Admin Organization:Beijing Bigfish Technology Admin Street: Haidian District JuYuan Road 6# 502 Admin City:Beijing Admin State/Province:Beijing Admin Postal Code:100080 Admin Country:CN Admin Phone:+86.18610137578 Admin Phone Ext: Admin Fax: +86.18610137578 Admin Fax Ext: Admin Email:xssshell@gmail.com Tech ID:HC-844637505-CN Tech Name:Fang Xiaodun Tech Organization:Beijing Bigfish Technology Tech Street: Haidian District JuYuan Road 6# 502 Tech City:Beijing Tech State/Province:Beijing Tech Postal Code:100080 Tech Country:CN Tech Phone:+86.18610137578 Tech Phone Ext: Tech Fax: +86.18610137578 Tech Fax Ext: Tech Email:xssshell@gmail.com Name Server:NS1.DNSV2.COM Name Server:NS2.DNSV2.COM Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: DNSSEC:UnsignedAccess to Public Interest Registry WHOIS information is provided to assist persons in determining the contents of a domain name registration record in the Public Interest Registry registry database. The data in this record is provided by Public Interest Registry for informational purposes only, and Public Interest Registry does not guarantee its accuracy. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to(a) allow, enable, or otherwise support the transmission by e-mail, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (b) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or Afilias except as reasonably necessary to register domain names or modify existing registrations. All rights reserved. Public Interest Registry reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy. For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.[*] Whois IP: asn: 13335 asn_cidr: 162.159.208.0/24 asn_country_code: US asn_date: 2013-05-23 asn_registry: arin net 0:cidr: 162.158.0.0/15range: 162.158.0.0 - 162.159.255.255name: CLOUDFLARENETdescription: CloudFlare, Inc.handle: NET-162-158-0-0-1address: 665 Third Street #207city: San Franciscostate: CApostal_code: 94107country: USabuse_emails: abuse@cloudflare.comtech_emails: admin@cloudflare.comcreated: 2013-05-23 00:00:00updated: 2013-05-23 00:00:00# Querying Google for subdomains and Linkedin pages, this might take a while [-] Error: No subdomains found in Google. If you are scanning a lot, Google might be blocking your requests.# Reverse DNS lookup on range 162.158.0.0/15 162.159.8.133 - cf-162-159-8-133.cloudflare.com 162.159.9.204 - cf-162-159-9-204.cloudflare.com 162.159.24.5 - dns1.namecheaphosting.com 162.159.24.6 - a.ns.zerigo.net 162.159.24.7 - e.ns.zerigo.net 162.159.24.204 - ns1.proisp.no 162.159.25.5 - dns2.namecheaphosting.com 162.159.25.6 - b.ns.zerigo.net 162.159.25.7 - f.ns.zerigo.net 162.159.25.138 - ns2.proisp.no 162.159.26.6 - c.ns.zerigo.net 162.159.27.6 - d.ns.zerigo.net # Done

可以看到烏云使用的是cloudflare；負責人是fangxiaodun；郵箱是xssshell@gmail.com

來自http://www.codefrom.com/paper/%20%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95%...

總結

以上是生活随笔為你收集整理的渗透测试之全方位信息收集神器 instarecon的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯，歡迎將生活随笔推薦給好友。