Kali Linux Penetration Testing--information collection

I. Public Web site

We can collect information about the target domain through the public Web site so that we do not have to send data directly to the target network, thus avoiding making the target aware of our actions.

Self-Baidu, no longer repeat.

Two. Registration information for domain names

The WHOIS database records the DNS server information for the domain name and the registrant's contact information, etc.

Kali Linux defaults to a WHOIS client program, and if you need to query whois information for a domain name, you can enter

Whois domin_name

As an example:

[Email protected]:~# whois Sina.com.cnDomain name:sina.com.cnroid:20021209s10011s00082127-cndomain status:clientdeleteprohibiteddomain status:serverdeleteprohibiteddomain Status: Clientupdateprohibiteddomain Status:serverupdateprohibiteddomain status:clienttransferprohibiteddomain Status: Servertransferprohibitedregistrant id:sinacomcn2registrant: Beijing Sina Internet Information Service Co., Ltd. registrant contact email: [Email protected ]sponsoring registrar: Beijing New Network Digital Information Technology Co., Ltd. name Server:ns1.sina.com.cnName Server:ns2.sina.com.cnName Server: Ns3.sina.com.cnName Server:ns4.sina.com.cnRegistration Time:1998- One- - xx:xx:xxExpiration Time:2019- A-Geneva  the: +: *dnssec:unsigned

The results of the WHOIS return include information about the DNS server and the registrant's contact details, registration time and expiry time, and so on.

Three. DNS Record analysis

To find all the hosts and IPs under the domain name, you can use a few tools below

Note: DNS records are divided into the following types:

1. NS Name Resolution Server
2. A IPV4 Address
3. AAAA IPV6 Address
4. MX Mail server address
5. CNAME alias Record
6. PTR Reverse parsing record
7. SOA authorizes the server that manages the domain

1.host

Kali Linux Penetration Testing--information collection