Thursday 8 September 2016

DMitry - Deepmagic Information Gathering Tool


DMitry (Deepmagic Information Gathering Tool) is a UNIX/(GNU)Linux Command Line Application coded in C language.
DMitry has the ability to gather as much information as possible about a host. Base functionality is able to gather possible subdomains, email addresses, uptime information, tcp port scan, whois lookups, and more. The information are gathered with following methods:
  • Perform an Internet Number whois lookup.
  • Retrieve possible uptime data, system and server data.
  • Perform a SubDomain search on a target host.
  • Perform an E-Mail address search on a target host.
  • Perform a TCP Portscan on the host target.
  • A Modular program allowing user specified modules

Download and installation

DMitry can be downloaded by issuing following commands:
$ cd /data/src/
$ wget http://pkgs.fedoraproject.org/repo/pkgs/DMitry/DMitry-1.3a.tar.gz/8d578ba16de34b5cbebf6b767181b00d/DMitry-1.3a.tar.gz
For installation, issue following commands:
$ tar xzvf DMitry-1.3a.tar.gz
$ cd DMitry-1.3a/
$ ./configure
$ make
$ sudo make install
Then optionally create a symbolic link to your /pentest/ directory:
$ mkdir -p /pentest/enumeration/dmitry/
$ ln -s /usr/local/bin/dmitry /pentest/enumeration/dmitry/dmitry

Use

help

DMitry help can be displayed by issuing:
$ dmitry --help
or, for a more complete documentation:
$ man dmitry

options

The options are detailed below:
-o filename
Create an ascii text output of the results to the "filename"
specified. If no output filename is specified then output will
be saved to "target.txt". If this option is not specified in
any form output will be sent to the standard output (STDOUT) by
default. This option MUST trail all other options, i.e.
"./dmitry -winseo target".

-i Perform an Internet Number whois lookup on the target. This
requires that the target be in the form of a 4 part Internet
Number with each octal seperated using the ‘.’ notation. For
example, "./dmitry -i 255.255.255.255".

-w Perform a whois lookup on the ’host’ target. This requires that
the target be in a named character format. For example,
"./dmitry -w target" will perform a standard named whois lookup.

-n Retrieve netcraft.com data concerning the host, this includes
Operating System, Web Server release and UpTime information
where available.

-s Perform a SubDomain search on the specified target. This will
use serveral search engines to attempt to locate sub-domains in
the form of sub.target. There is no set limit to the level of
sub-domain that can be located, however, there is a maximum
string length of 40 characters (NCOL 40) to limit memory usage.
Possible subdomains are then reversed to an IP address, if this
comes back positive then the resulting subdomain is listed.
However, if the host uses an asterisk in their DNS records all
resolve subdomains will come back positive.

-e Perform an EmailAddress search on the specified target. This
modules works using the same concept as the SubDomain search by
attempting to locate possible e-mail addresses for a target
host. The e-mail addresses may also be for possible sub-domains
of the target host. There is a limit to the length of the e-
mail address set to 50 characters (NCOL 50) to limit memory
usage.

-p Perform a TCP Portscan on the host target. This is a pretty
basic module at the moment, and we do advise users to use some‐
thing like nmap (www.insecure.org/nmap/) instead. This module
will list open, closed and filtered ports within a specific
range. There will probably be little advancement upon this mod‐
ule, though there will be some alterations to make it a little
more user friendly. There are also other options for this mod‐
ule that can affect the scan and its relative output.

-f This option will cause the TCP Portscan module to report/display
output of filtered ports. These are usually ports that have
been filtered and/or closed by a firewall at the specified
host/target. This option requires that the ’-p’ option be
passed as a previous option. For example, "./dmitry -pf tar‐
get".

-b This option will cause the TCP Portscan module to output Banners
if they are received when scanning TCP Ports. This option
requres that the ’-p’ option be passed as a previous option.
For example, "./dmitry -pb target".

-t This sets the Time To Live (TTL) of the Portscan module when
scanning individual ports. This is set to 2 seconds by default.
This is usually required when scanning a host that has a fire‐
wall and/or has filtered ports which can slow a scan down.

Example

The following command:
$ dmitry -iwns -o example.out google.com
creates a report named example.out, that looks like this:
HostIP:209.85.227.99
HostName:google.com

Gathered Inet-whois information for 209.85.227.99
---------------------------------

OrgName: Google Inc.
OrgID: GOGL
Address: 1600 Amphitheatre Parkway
City: Mountain View
StateProv: CA
PostalCode: 94043
Country: US

NetRange: 209.85.128.0 - 209.85.255.255
CIDR: 209.85.128.0/17
NetName: GOOGLE
NetHandle: NET-209-85-128-0-1
Parent: NET-209-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.GOOGLE.COM
NameServer: NS2.GOOGLE.COM
NameServer: NS3.GOOGLE.COM
NameServer: NS4.GOOGLE.COM
Comment:
RegDate: 2006-01-13
Updated: 2006-06-01

OrgTechHandle: ZG39-ARIN
OrgTechName: Google Inc.
OrgTechPhone: +1-650-318-0200
OrgTechEmail: arin-contact@google.com

# ARIN WHOIS database, last updated 2010-02-06 20:00
# Enter ? for additional hints on searching ARIN's WHOIS database.
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at https://www.arin.net/whois_tou.html

Gathered Inic-whois information for google.com
---------------------------------

Domain Name: GOOGLE.COM
Registrar: MARKMONITOR INC.
Whois Server: whois.markmonitor.com
Referral URL: http://www.markmonitor.com
Name Server: NS1.GOOGLE.COM
Name Server: NS2.GOOGLE.COM
Name Server: NS3.GOOGLE.COM
Name Server: NS4.GOOGLE.COM
Status: clientDeleteProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Status: serverDeleteProhibited
Status: serverTransferProhibited
Status: serverUpdateProhibited
Updated Date: 18-nov-2008
Creation Date: 15-sep-1997
Expiration Date: 14-sep-2011

>>> Last update of whois database: Sun, 07 Feb 2010 08:06:53 UTC <<<

NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.

TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.

The Registry database contains ONLY .COM, .NET, .EDU domains and

Gathered Netcraft information for google.com
---------------------------------

Retrieving Netcraft.com information for google.com
Netcraft.com Information gathered

Gathered Subdomain information for google.com
---------------------------------
Searching Google.com:80...
HostName:www.google.com
HostIP:209.85.227.99
Searching Altavista.com:80...
Found 1 possible subdomain(s) for host google.com, Searched 0 pages containing 0 results

Read More here.