Enumerate the subdomains of the Baidu website using the Recon/domains-hosts/baidu_site module

Enumerate the subdomains of the Baidu website using the Recon/domains-hosts/baidu_site module

the instance 3-1 the use Recon/domains-hosts/baidu_site module, Enumeration Baidu the subdomain of the site. The steps are as follows: This article is selected from the Kail linux penetration test training manual

( 1 ) using Recon/domains-hosts/baidu_site module. The execution commands are as follows:

• [Recon-ng] [Default] > Use Recon/domains-hosts/baidu_site

( 2 ) to view the configurable option parameters under the module. The execution commands are as follows:

• [Recon-ng] [Default] [Baidu_site] > Show options

• Name Current Value Req Description

• --------------  ----------------------    ---------  -------------------------------------------------------

• Source default Yes Source of input (see ' Show info ' for details)

• [Recon-ng] [Default] [Baidu_site] >

From the output information, you can see that there is an option that needs to be configured.

( 3 ) configuration SOURCE option parameters. The execution commands are as follows:

• [Recon-ng] [Default] [Baidu_site] > set SOURCE baidu.com

• SOURCE = baidu.com

from the output information, you can see SOURCE the option parameter has been set to baidu.com, This article is selected from Kail linux penetration test training manual .

( 4 ) to initiate information collection. The execution commands are as follows:

• [Recon-ng][default][baidu_site] > Run

• ---------

• baidu.com

• ---------

• [*] url:http://www.baidu.com/s?pn=0&wd=site%3abaidu.com

• [*] map.baidu.com

• [*] 123.baidu.com

• [*] jingyan.baidu.com

• [*] top.baidu.com

• [*] www.baidu.com

• [*] hi.baidu.com

• [*] video.baidu.com

• [*] pan.baidu.com

• [*] zhidao.baidu.com

• [*] sleeping to avoid lockout ...

• -------

• SUMMARY

• -------

• [*] 9 Total (2 new) items found.

from the output information, you can see the found 9 The child domain. All data that is enumerated will be connected to the recon-ng placed database. At this point, the user can create a report to view the data being connected.

the instance 3-2 "To view the data obtained. The procedure is as follows:

( 1 ) Select Reporting/csv module, execute the command as follows:

• [Recon-ng] [Default] > Use Reporting/csv

( 2 ) to create a report. The execution commands are as follows:

• [Recon-ng] [Default] [CSV] > Run

• [*] 9 Records added to '/root/.recon-ng/workspaces/default/results.csv '.

from the output information can be seen, enumerated to the 9 A record has been added to the /root/.recon-ng/workspaces/default/results.csv file. Open the file, as shown in the Kail linux penetration test training manual 3.1 .

Figure 3.1 results.csv file

( 3 from this interface, you can see that all subdomains are enumerated.

users can also use Dmitry command to query information about the site. The use of the Dmitry command is described below.

View Dmitry The Help information for the command. The execution commands are as follows:

• Root@kali: ~# dmitry-h

• Deepmagic Information gathering Tool

• "There is some deep magic going on"

• Dmitry:invalid option--' h '

• Usage:dmitry [-WINSEPFB] [-t 0-9] [-O%host.txt] Host

• -O Save output to%host.txt or to file specified By-o file

• -I Perform a whois lookup on the IP address of a host

• -W Perform a whois lookup on the domain name of a host

• -N Retrieve netcraft.com information on a host

• -S Perform a search for possible subdomains

• -e Perform A search for possible email addresses

• -P Perform A TCP port scan on a host

• *-F Perform a TCP port scan on a host showing output reporting filtered ports

• *-B Read in the banner received from the scanned port

• *-T 0-9 Set the TTL in seconds when scanning a TCP port (Default 2)

• *requires The-p flagged to be passed

The above information shows Dmitry The syntax format of the command and all available parameters. Use the - s option of the Dmitry command below to query for a reasonable subdomain. The execution commands are as follows:

• Root@kali: ~# dmitry-s google.com

• Deepmagic Information gathering Tool

• "There is some deep magic going on"

• hostip:173.194.127.71

• HostName:google.com

• Gathered subdomain information for google.com

• ---------------------------------

• Searching google.com:80 ...

• HostName:www.google.com

• hostip:173.194.127.51

• Searching altavista.com:80 ...

• Found 1 Possible subdomain (s) for host google.com, searched 0 pages containing 0 results

• All scans completed, exiting

from the output information, you can see the search to a subdomain. This sub-domain iswww.google.com,IPaddress is173.194.127.51. The command is defaulted fromgoogle.comSite Search, if you cannot connectgoogle.comwebsite, the execution of the above command will appearUnable to connect:socket connect Errorerror MessageThis article is selected fromKail linux penetration test training manual.

Enumerate the subdomains of the Baidu website using the Recon/domains-hosts/baidu_site module