임시

dnswalk is a DNS debugger. It performs zone transfers of specified domains, and checks the database in numerous ways for internal consistency, as well as accuracy.

OPTIONS

-r     Recursively descend sub-domains of the specified domain.  Use with care.

-a     Turn on warning of duplicate A records.  (see below)

-d     Print debugging and 'status' information to stderr.  (Use only if redirecting stdout)  See

       DIAGNOSTICS section.

-m     Perform checks only if the zone has been modified since the previous run.

-F     perform  "fascist"  checking.  When checking an A record, compare the PTR name for each IP

       address with the forward name and report mismatches.  (see below)   I  recommend  you  try

       this option at least once to see what sorts of errors pop up - you might be surprised!.

-i     Suppress check for invalid characters in a domain name.  (see below)

-l     Perform  "lame  delegation"  checking.   For every NS record, check to see that the listed

      host is indeed returning authoritative answers for this domain.

X A Y: no PTR record

              X  has an IP address Y, but there is no PTR record to map the IP address Y back to a host‐

              name (usually X). Many Internet servers (such as anonymous FTP servers) will not  talk  to

              addresses that don't have PTR records.

dnstracer determines where a given Domain Name Server (DNS) gets its information from for a given hostname, and follows the chain of DNS servers back to the authoritative answer.

Non-recursive means: if the name-server knows it, it will return the data requested.
If the name-server doesn't know it, it will return pointers to name-servers that are authoritive for the domain part in

the name or it will return the addresses of the root name-servers.

DNSRecon provides the ability to perform:

• Check all NS Records for Zone Transfers
• Enumerate General DNS Records for a given Domain (MX, SOA, NS, A, AAAA, SPF and TXT)
• Perform common SRV Record Enumeration. Top Level Domain (TLD) Expansion
• Check for Wildcard Resolution
• Brute Force subdomain and host A and AAAA records given a domain and a wordlist
• Perform a PTR Record lookup for a given IP Range or CIDR
• Check a DNS Server Cached records for A, AAAA and CNAME Records provided a list of host records in a text file to check
• Enumerate Common mDNS records in the Local Network Enumerate Hosts and Subdomains using Google

Service record (SRV record) is a specification of data in the Domain Name System defining the location, i.e. the hostname and port number, of servers for specified services. It is defined in RFC 2782, and its type code is 33. 

dnsmap was originally released back in 2006 and was inspired by the fictional story “The Thief No One Saw” by Paul Craig, which can be found in the book “Stealing the Network – How to 0wn the Box”.

dnsmap is mainly meant to be used by pentesters during the information gathering/enumeration phase of infrastructure security assessments. During the enumeration stage, the security consultant would typically discover the target company’s IP netblocks, domain names, phone numbers, etc …

Subdomain brute-forcing is another technique that should be used in the enumeration stage, as it’s especially useful when other domain enumeration techniques such as zone transfers don’t work (I rarely see zone transfers being publicly allowed these days by the way).

Multithreaded perl script to enumerate DNS information of a domain and to discover non-contiguous ip blocks.

OPERATIONS:

• Get the host’s addresse (A record).
• Get the namservers (threaded).
• Get the MX record (threaded).
• Perform axfr queries on nameservers and get BIND VERSION (threaded).
• Get extra names and subdomains via google scraping (google query = “allinurl: -www site:domain”).
• Brute force subdomains from file, can also perform recursion on subdomain that have NS records (all threaded).
• Calculate C class domain network ranges and perform whois queries on them (threaded).
• Perform reverse lookups on netranges ( C class or/and whois netranges) (threaded).
• Write to domain_ips.txt file ip-blocks.

dnmap is a framework to distribute nmap scans among several clients. It reads an already created file with nmap commands and send those commands to each client connected to it.

The framework use a client/server architecture. The server knows what to do and the clients do it. All the logic and statistics are managed in the server. Nmap output is stored on both server and client.

Usually you would want this if you have to scan a large group of hosts and you have several different internet connections (or friends that want to help you).

• If the server gets down, it keeps connecting to it until it gets up again.

- 서버 다운시, 다시 실행될 때까지 연결 유지

• Strip strange characters from the command sent by the server. Tries to avoid command injection vulns.

- 전송 명령에서 이상한 문자 존재 시 명령 회피 시도

• It only executes the nmap command. It deletes the command send by the server and changes it by the

known and trusted nmap binary on the system.

- nmap 명령어로만 실행.

• You can select an alias for your user.

- 별칭 선택 가능

• You can change which port the client connects to.

- 클라이언트가 서버 연결할 때 포트 변경 가능

• If the command sent by the server does not have a -oA option, the client add it anyway to the command, so

it will always have a local copy of the output.

- 서버에서 보낸 명령 중 -oA 옵션이 없더라도 클라이언트는 명령 내용을 항상 로컬에 복사

USAGE ./dnmap_client -s <server-ip> -a <alias> (start any number of clients)

• If the server gets down, clients continue trying to connect until the server gets back online. 

- 서버 다운시, 클라이언트는 서버가 켜질 때까지 계속해서 연결 시도

• If the server gets down, when you put it up again it will send commands starting from the last command given before the shutdown. You do not need to remember where it was. 

- 서버 다운시, 마지막 명령에서부터 다시 전송 가능

• You can add new commands to the original file without having to stop the server. The server will read them automatically. 

- 새로운 명령어를 original파일에 추가시키고 싶을 때 서버를 멈추지 않아도 추가 가능. 서버는 자동적으로 읽음

• If some client goes down, the server will remember which command it was executing and it will re-schedule it for later. 

- 몇몇 클라이언트 다운시, 서버는 명령어를 기억하고 클라이언트 실행 시 재 전송 시작

• It will store every detail of the operations in a log file. 

- 로그파일 모든 상세 내용 저장

• It shows real time statistics about the operation of each client You can choose which port to use. Defaults to 46001. Only the Online clients are shown in the running stats. 

- 각각의 클라이언트 동작에 관한 실시간 통계 출력. 사용된 포트 선택 가능(기본값: 46001)

USAGE ./dnmap_server -f commands.txt (start dnmap server)

환경구성

server:192.168.100.14(kali)

client:192.168.100.14(kali)    -같은 pc로 그냥 진행함

target: 192.168.100.5(ubuntu)

DMitry (Deepmagic Information Gathering Tool) is a UNIX/(GNU)Linux Command Line Application coded in C.
DMitry has the ability to gather as much information as possible about a host. Base functionality is able to gather possible subdomains, email addresses, uptime information, tcp port scan, whois lookups, and more.

Copies configuration files from Cisco devices running SNMP.

SNMP에서 community 문자열(string)은 SNMPd(데몬)와 클라이언트가 데이터를 교환하기 전에 인증하는 일종의 패스워드로서 초기값으로 public 또는 private로 설정되어 있다. 이는 상당히 보안상 위험하다.
그럼에도 불구하고 대부분의 시스템, 네트워크 관리자들이 기본적인 문자열인 public을 그대로 사용하거나 다른 문자열로 변경을 해도 상호나 monitor, router, mrtg 등 사회공학적으로 추측할 수 있는 문자열을 사용하고 있어 문제가 되고 있다. community 문자열(string)은 뒤에서 설명할“service password-encryption”라는 명령어로도 암호화되지 않으므로 반드시 기존의 public 대신 누구나 추측하기 어렵고 의미가 없는 문자열로 변경하도록 하여야 한다. 그리고 SNMP에서는 RO(Read Only)와 RW(Read Write) 모드를 제공하는데, 대부분 RO모드를 사용하지만 일부 관리자들은 SNMP를 이용한 쉬운 관리를 위해 RW(Read Write) community 문자열을 사용하는 경우도 있다.

Cookie Cadger helps identify information leakage from applications that utilize insecure HTTP GET requests.

Web providers have started stepping up to the plate since Firesheep was released in 2010. Today, most major websites can provide SSL/TLS during all transactions, preventing cookie data from leaking over wired Ethernet or insecure Wi-Fi. But the fact remains that Firesheep was more of a toy than a tool. Cookie Cadger is the first open-source pen-testing tool ever made for intercepting and replaying specific insecure HTTP GET requests into a browser.

Cookie Cadgers Request Enumeration Abilities

Cookie Cadger is a graphical utility which harnesses the power of the Wireshark suite and Java to provide a fully cross-platform, entirely open- source utility which can monitor wired Ethernet, insecure Wi-Fi, or load a packet capture file for offline analysis.

Cisco Torch mass scanning, fingerprinting, and exploitation tool was written while working on the next edition of the “Hacking Exposed Cisco Networks”, since the tools available on the market could not meet our needs.

The main feature that makes Cisco-torch different from similar tools is the extensive use of forking to launch multiple scanning processes on the background for maximum scanning efficiency. Also, it uses several methods of application layer fingerprinting simultaneously, if needed. We wanted something fast to discover remote Cisco hosts running Telnet, SSH, Web, NTP and SNMP services and launch dictionary attacks against the services discovered..