DMitry (Deepmagic Information Gathering Tool) – это программа командной строки Linux UNIX / (GNU), закодированная исключительно на C, с возможностью собирать как можно больше информации о хосте.
У DMitry есть базовая функциональность с возможностью добавления новых функций, базовая функциональность DMitry позволяет собирать информацию о целевом хосте из простого поиска whois в целевой среде для отчетов UpTime и TCP-порт.
Приложение считается инструментом для сбора информации, когда требуется оперативная информация, устраняя необходимость ввода нескольких команд и своевременного процесса поиска данных из нескольких источников.
Базовая функциональность способна собирать возможные поддомены, адреса электронной почты, информацию о времени безотказной работы, сканирование TCP-порта, поиск WHOIS и т.д.
Особенности
Информация собирается следующими способами:
Выполняет поиск по номеру в Интернете.
Получает возможные данные о времени безотказной работы, данные системы и сервера.
Выполняет поиск субдоменов на целевом хосте.
Выполняет поиск адресов электронной почты на целевом хосте.
Выполняет TCP сканирование портов для целевого хоста.
Модульная программа, позволяющая использовать определенные пользователем модули
Использование
-o filename Create an ascii text output of the results to the "filename" specified. If no output filename is specified then output will be saved to "target.txt". If this option is not specified in any form output will be sent to the standard output (STDOUT) by default. This option MUST trail all other options, i.e. "./dmitry -winseo target". -i Perform an Internet Number whois lookup on the target. This requires that the target be in the form of a 4 part Internet Number with each octal seperated using the ‘.’ notation. For example, "./dmitry -i 255.255.255.255". -w Perform a whois lookup on the ’host’ target. This requires that the target be in a named character format. For example, "./dmitry -w target" will perform a standard named whois lookup. -n Retrieve netcraft.com data concerning the host, this includes Operating System, Web Server release and UpTime information where available. -s Perform a SubDomain search on the specified target. This will use serveral search engines to attempt to locate sub-domains in the form of sub.target. There is no set limit to the level of sub-domain that can be located, however, there is a maximum string length of 40 characters (NCOL 40) to limit memory usage. Possible subdomains are then reversed to an IP address, if this comes back positive then the resulting subdomain is listed. However, if the host uses an asterisk in their DNS records all resolve subdomains will come back positive. -e Perform an EmailAddress search on the specified target. This modules works using the same concept as the SubDomain search by attempting to locate possible e-mail addresses for a target host. The e-mail addresses may also be for possible sub-domains of the target host. There is a limit to the length of the e- mail address set to 50 characters (NCOL 50) to limit memory usage. -p Perform a TCP Portscan on the host target. This is a pretty basic module at the moment, and we do advise users to use some‐ thing like nmap (www.insecure.org/nmap/) instead. This module will list open, closed and filtered ports within a specific range. There will probably be little advancement upon this mod‐ ule, though there will be some alterations to make it a little more user friendly. There are also other options for this mod‐ ule that can affect the scan and its relative output. -f This option will cause the TCP Portscan module to report/display output of filtered ports. These are usually ports that have been filtered and/or closed by a firewall at the specified host/target. This option requires that the ’-p’ option be passed as a previous option. For example, "./dmitry -pf tar‐ get". -b This option will cause the TCP Portscan module to output Banners if they are received when scanning TCP Ports. This option requres that the ’-p’ option be passed as a previous option. For example, "./dmitry -pb target". -t This sets the Time To Live (TTL) of the Portscan module when scanning individual ports. This is set to 2 seconds by default. This is usually required when scanning a host that has a fire‐ wall and/or has filtered ports which can slow a scan down.
