Kali Tool Learning

Source: Internet
Author: User
Tags domain name registration domain transfer maltego

Pre-use preparation

    1. Enable/Disable HTTP service

Service apache2 Start/stop

Auto-Start HTTP service: UPDATE-RC.D apache2 defaults

    1. Turn MySQL on/off

Service MySQL Start/stop

Test Mysql:mysql-u Root-p

Start MySQL service automatically: update-rc.d mysql defaults

    1. Enable/disable SSH

Service SSH Start/stop

Auto-start SSH service: update-rc.d ssh defaults

    1. Installing additional Kits

Apt-catch search< Package Name >

Apt-catch show< Package Name >

Apt-get Install < package name >

    1. Installing Nessus

Http://www.nessus.org/products/nessus/ness-download-agreement Download Install package = Dpkg-i Install package name

/etc/init.d/nessus start

    1. Installing the Cisco password cracking tool

Download source code = Compile: gcc name-o name

Information collection

    1. Query Domain name registration information

Whois xxx.com

    1. DNS record analysis

Host xxx.com IP address query

Host-l xxx.com Server (ex: ns1.isp.com) for domain transfer

Dig xxx.com any (for type setting) query host IP

Dig @ server (ns1.isp.com) xxx.com AXFR

Dnsenum xxx.com Collecting DNS data

Dnsenum-f dns.txt xxx.com blasting the site subdomain

DNSDICT6 xxx.com Enumerating IPv6 subdomains

Dnsdict6-d-4 xxx.com Enumerate IPv4 subdomains and collect DNS and NS information

Fierce-dns xxx.com-threads 3 (thread) to query information about a domain

Dmitry-iwnse Targethost carries out WHOIS queries, obtains relevant information from netcraft.com, searches all possible subdomains, search all possible email addresses

Dmitry-p Targethost-f-B for simple port scanning

Maltego Start Maltego

Routing information

    1. Tcptraceroute

Tcptraceroute xxx.com using SYN packets for routing information detection

    1. Tctrace

Tctrace-i Nic-D target host gets routing information

    1. Search engine collects relevant information
    2. Theharvester

theharvester-d Xxx.com-l Digital-B Google (browser)

theharvester-d Xxx.com-l Digital-B LinkedIn Collect additional information

B. Metagoofli

Metagoofli-d Xxx.com-l Digital (e.g)-t doc,pdf-n number (e.g 5)-F Test.html-o test from the target domain to collect files and save to the test directory, for each type of file to be collected 20, I hope this Program to download only five files and save the final processing results in test.html

Target recognition

1. Identify the target host

1. Ping

-C Count: The total number of Echo Request packets sent

-I interface address: Set source and network interface (ping Ipv6)

-S Packet Size: sizes per packet (default = 56)

2. Arping

Arping IP Address-C number: detects if a host for a MAC address is online

01.arping-d-I network card IP address-c number 02.echo $? Detects if the IP is occupied by someone else

    1. Fping

fping IP IP IP to detect multiple IPs

FPING-G ip/Network Segment Detection network segment

Fping-r count-G IP detects the IP: Number

Fping-s XXX View Statistics results for multiple targets

    1. Nping

Nping-c IP segment sends IMCP echo request to multiple destinations

Nping---tcp-c number of times-p port IP sends n TCP packets to a port on that IP

    1. Alive6

Alive6-p network card in IPv6 to find the host online

Ip6tables-a input-p ipv6-icmp--type icmpv6-type 128-j DROP masks echo requests from icmpV6 to prevent other hosts from detecting their own IPv6 hosts

    1. Detect-new-ip6

DETECT-NEW-IP6 NIC detects new join host

    1. Passive_discovery6

PASSIVE_DISCOVERY6 network card to find the host's IPv6 address by listening network card

    1. Nbtscan

Nbtscan Network Segment detects the NetBIOS name of each host in the LAN

NBTSCAN-HV network segment detects which services are running on these hosts

Identify the operating system

    1. p0f

P0f-f/etc/p0f/p0f.fp-o P0f.log Identify host operating system

    1. Nmap

Nmap-o IP Detection Host system

Service Enumeration

    1. Port scan

Nmap IP (tcpdump-nnx TCP and host IP listener packet)

-st TCP connection Scan

-ss SYN Connection Scan

-SN-SF-SX (TCP null,fin,xmas Scan)

-SM (TCP Maimon Scan)

-SA (TCP ACK Scan)

-si (TCP idle Scan)

NMAP-SU ip-p Port detects which UDP ports are turned on

-p Set port (scan range)

-F Quick Scan (to scan 100 common ports)

-R sequential Scan (from small to large scan port)

--top-ports <lor great> Scan the port of the front n of the Namp-services

-on outputs the results to the device, excluding the warning information and runtime information

-ox Generating XML Format files

-og generating files that are easy to use with grep

NAMP-SV ip-p 22 Detection target version

Nmap-o IP Get target operating system information

NMAP-PN Disabling ping for host detection

Nmap-a Strength Detection Options

Nmap-6 IPv6 address scan host in IPv6 environment

Unicornscan

Unicornscan-m U-iv ip:1-65535

Unicornscan-m U-iv ip:1-65535-r Digitally adjust the packet rate

2.SMB Enumeration

Nbtscan IP Segment

3.SNMP Enumeration

A) Onesixtyone

Onesixtyone IP (more detail +-D)

b) Snmpcheck

Snmpcheck-t IP collects information about SNMP devices

4.vpn Enumeration

Ike-scan-m-a-pike-hashkey IP

psk-crack-d rockyou.txt Ike-hashkey cracked Hash

ike-scan-m--trans=5,2,1,2--showbackoff IP Identification VPN server (requires constant change of parameters)

Kali Tool Learning

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.