小白日记5:kali渗透测试之被动信息收集(四)--theHarvester,metagoofil,meltag,个人专属密码字典--CUPP
来源:互联网 发布:免费宠物店收银软件 编辑:程序博客网 时间:2024/06/13 17:01
1、theHarvester
theHarvester是一个社会工程学工具,它通过搜索引擎、PGP服务器以及SHODAN数据库收集用户的email,子域名,主机,雇员名,开放端口和banner信息。
注:一般需要翻墙
#可使用proxychains指定代理
二、metagoofil #kali2.0不自带root@kali:~# theharvester -h******************************************************************** ** | |_| |__ ___ /\ /\__ _ _ ____ _____ ___| |_ ___ _ __ ** | __| '_ \ / _ \ / /_/ / _` | '__\ \ / / _ \/ __| __/ _ \ '__| ** | |_| | | | __/ / __ / (_| | | \ V / __/\__ \ || __/ | ** \__|_| |_|\___| \/ /_/ \__,_|_| \_/ \___||___/\__\___|_| ** ** TheHarvester Ver. 2.6 ** Coded by Christian Martorella ** Edge-Security Research ** cmartorella@edge-security.com ********************************************************************Usage: theharvester options -d: Domain to search or company name -b: data source: google, googleCSE, bing, bingapi, pgp #指定搜索引擎或社交媒体 linkedin, google-profiles, people123, jigsaw, twitter, googleplus, all -s: Start in result number X (default: 0) -v: Verify host name via dns resolution and search for virtual hosts -f: Save the results into an HTML and XML file #保存文件 -n: Perform a DNS reverse query on all ranges discovered -c: Perform a DNS brute force for the domain name -t: Perform a DNS TLD expansion discovery -e: Use this DNS server -l: Limit the number of results to work with(bing goes from 50 to 50 results,#限制搜索结果数,默认每次并发为50 -h: use SHODAN database to query discovered hosts google 100 to 100, and pgp doesn't use this option)<span style="color:#ff0000;">Examples: #例子</span> theharvester -d microsoft.com -l 500 -b google theharvester -d microsoft.com -b pgp theharvester -d microsoft -l 200 -b linkedin theharvester -d apple.com -b googleCSE -l 500 -s 300范例:theharvester -d sina.com -l 300 -b bing
metagoofil是一款收集文档信息的工具,可以从目标域的可用文档中收集信息。利用的搜索引擎是google。其支持的格式如下:.doc .odt .xls .ods .ppt .odp .PDF
metagoofil -d 目标域名 -l 10 -f all -o a.html -t a
三、meltago
注:首次使用前需申请账号,需要翻墙
综合性信息收集软件,用户体验友好,为图形化操作界面。向导可使用不同类型的搜索,也可自定义。
1、选择类型(自定义)
切换类型
新建
……
四、Host
查询主机使用的域名
#host 163.com
#host -t MX 163.com
五、其他途径
六、个人专属密码字典--CUPP(命中率相对较高)【默认不在kali】社交网络、工商注册、新闻组/论坛、招聘网站(当公司招收哪类人才,说明其该方向有短板。如:招web渗透工程师)、某些专门做历史归档的网站archive.org(可了解一些其历史信息【技术情况】)
七、图片信息用python编写的,适合社会工程学,当你收集到目标的具体信息后,你就可以通过这个脚本来智能化生成关于目标的字典。【需考虑外国人与中国人密码习惯】
注:若源有问题,可换中科大源
deb http://mirrors.ustc.edu.cn/kali sana main non-free contrib
deb http://mirrors.ustc.edu.cn/kali-security/ sana/updates main contrib non-free
deb-src http://mirrors.ustc.edu.cn/kali-security/ sana/updates main contrib non-free安装:
<span style="font-size:18px;">git clone https://github.com/Mebus/cupp.git #克隆,文件放置位置</span>
用法:
<span style="font-size:18px;">root@kali:~# cd cupp/root@kali:~/cupp# lsCHANGELOG.md cupp3.py cupp.cfg cupp.py LICENSE README.md test_cupp.pyroot@kali:~/cupp# cat README.md #用户手册# cupp.py - Common User Passwords Profiler ## About The most common form of authentication is the combination of a username and a password or passphrase. If both match values stored within a locally stored table, the user is authenticated for a connection. Password strength is a measure of the difficulty involved in guessing or breaking the password through cryptographic techniques or library-based automated testing of alternate values. A weak password might be very short or only use alphanumberic characters, making decryption simple. A weak password can also be one that is easily guessed by someone profiling the user, such as a birthday, nickname, address, name of a pet or relative, or a common word such as God, love, money or password. That is why CUPP has born, and it can be used in situations like legal penetration tests or forensic crime investigations.## Options Usage: cupp.py [OPTIONS] -h this menu -i Interactive questions for user password profiling #交互问题密码分析,【常用】,产生向导生成专属字典 -w Use this option to profile existing dictionary, or WyD.pl output to make some pwnsauce :) -l Download huge wordlists from repository -a Parse default usernames and passwords directly from Alecto DB. Project Alecto uses purified databases of Phenoelit and CIRT which where merged and enhanced. -v Version of the program## Configuration CUPP has configuration file cupp.cfg with instructions.</span><span style="font-size:18px;">## License This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA See './LICENSE' for more information.## Github importThis project was imported into https://github.com/Mebus/cupp by Mebus from: http://www.remote-exploit.org/content/cupp-3.0.tar.gz http://www.remote-exploit.org/articles/misc_research__amp_code/index.html to encourage further developement of the tool.## Original author Muris Kurgas aka j0rgan j0rgan@remote-exploit.org http://www.remote-exploit.org http://www.azuzi.me ## Contributors * Bosko Petrovic aka bolexxx bole_loser@hotmail.com http://www.offensive-security.com http://www.bolexxx.net * Mebus https://github.com/Mebus/ * Abhro https://github.com/Abhro/ * Andrea Giacomo https://github.com/codepr</span>
需使用python调用<span style="font-size:18px;">root@kali:~/cupp# python cupp.py -i</span>
METADATA
元数据(Metadata)是描述其它数据的数据(data about other data),或者说是用于提供某种资源的有关信息的结构数据(structured data)。元数据是描述信息资源或数据等对象的数据,其使用目的在于:识别资源;评价资源;追踪资源在使用过程中的变化;实现简单高效地管理大量网络化数据;实现信息资源的有效发现、查找、一体化组织和对使用资源的有效管理。可以为数据说明其元素或属性(名称、大小、数据类型、等),或其结构(长度、字段、数据列),或其相关数据(位于何处、如何联系、拥有者)。
Exif图片信息:默认情况下,会记录物理位置。【http://baike.baidu.com/link?url=lsZXsROoT4fsYGDT9ilOrJFD_l82wK25U3dKVjIu_wrbX7ifCtGc5z8NmjkvjKlT00QrYG4L_qDebQT227uefq】
Foca信息收集器
Foca是款西班牙同僚开发的信息收集安全利器,主要对DNS和metadata元数据扫描分析。其文件分析可以是多种多样的,最常见的Microsoft Office文件,Open Office或PDF文件,甚至还可以分析Adobe InDesign或者SVG文件。
分析图片:
exiftool +图片名 #root@kali:~# exif QQ图片20160907233944.jpg
<span style="font-size:18px;">root@kali:~# exif QQ图片20160907233944.jpg ‘QQ图片20160907233944.jpg’中的EXIF 信息标识(‘英特尔’字节顺序):--------------------+----------------------------------------------------------信息标识 |值--------------------+----------------------------------------------------------Date and Time |2016:08:05 14:20:30Model |MX4 ProImage Width |2592YCbCr Positioning |CenteredImage Length |1944Orientation |Top-leftSoftware |Flyme5.0 #操作系统Manufacturer |MEIZU X-Resolution |72Y-Resolution |72Resolution Unit |英寸Image Width |160Resolution Unit |英寸Image Length |120Y-Resolution |72Orientation |Top-leftCompression |JPEG 压缩X-Resolution |72色彩空间 |sRGBDate and Time (Digit|2016:08:05 14:20:30F-Number |f/2.2Exposure Program |普通模式焦距 |4.8 mm光圈 |2.27 EV (f/2.2)白平衡 |自动白平衡Pixel X Dimension |2592图像唯一 ID |Shutter Speed |8.77 EV (1/436 sec.)测距模式 |Center-weighted average曝光模式 |自动曝光Date and Time (Origi|2016:08:05 14:20:30用户备注 |Pixel Y Dimension |1944闪光灯 |未闪光Exif Version |Exif版本2.2Focal Length in 35mm|31曝光偏差 |0.50 EVMaximum Aperture Val|2.27 EV (f/2.2)亮度 |3.08 EV (28.97 cd/m^2)场景捕获类型 |标准ISO Speed Ratings |40Exposure Time |1/438 sec.FlashPixVersion |FlashPix版本 1.0<strong>GPS Image Direction |46GPS Image Direction |M</strong>--------------------+----------------------------------------------------------EXIF 数据中含有缩略图(2944 个字节)。</span>
windows下可用foca或查看图片属性
- 小白日记5:kali渗透测试之被动信息收集(四)--theHarvester,metagoofil,meltag,个人专属密码字典--CUPP
- 小白日记2:kali渗透测试之被动信息收集(一)
- 小白日记4:kali渗透测试之被动信息收集(三)--Shodan、Google
- 小白日记6:kali渗透测试之被动信息收集(五)-Recon-ng
- 小白日记3:kali渗透测试之被动信息收集(二)-dig、whios、dnsenum、fierce
- 小白日记9:kali渗透测试之主动信息收集(二)四层发现:TCP、UDP、nmap、hping、scapy
- 小白日记26:kali渗透测试之提权(六)--收集敏感信息,隐藏痕迹
- 小白日记24:kali渗透测试之提权(四)--利用漏洞提权
- 小白日记7:kali渗透测试之主动信息收集-发现(一)--二层发现:arping/shell脚本,Netdiscover,scapy
- 小白日记8:kali渗透测试之主动信息收集(二)三层发现:ping、traceroute、scapy、nmap、fping、Hping
- 小白日记33:kali渗透测试之Web渗透-扫描工具-Burpsuite(一)
- 小白日记34:kali渗透测试之Web渗透-扫描工具-Burpsuite(二)
- 小白日记12:kali渗透测试之服务扫描(二)-SMB扫描
- 小白日记21:kali渗透测试之提权(一)--本地提权
- 小白日记22:kali渗透测试之提权(二)--抓包嗅探
- 小白日记23:kali渗透测试之提权(三)--WCE、fgdump、mimikatz
- 小白日记35:kali渗透测试之Web渗透-手动漏洞挖掘(一)-默认安装引发的漏洞
- 小白日记27:kali渗透测试之Web渗透-Http协议基础,WEB
- git常用命令汇总
- ACM==迷茫
- 有章法的学习c++(6)字面值常量
- tomcat 的http和ajp协议
- Android文件存储之SDcard
- 小白日记5:kali渗透测试之被动信息收集(四)--theHarvester,metagoofil,meltag,个人专属密码字典--CUPP
- Java IO深入理解
- 排序算法之冒泡排序
- 线索二叉树
- 【iOS知识学习】_int、NSInteger、NSUInteger、NSNumber的区别和联系
- POJ 3107树的重心
- 自白初衷
- Valid Perfect Square
- mybatis 原始dao开发和mapper代理开发的比较