Kail Linux渗透测试实训手册第3章信息收集

Kail Linux渗透测试实训手册第3章信息收集

    信息收集是网络攻击最重要的阶段之一。要想进行渗透攻击,就需要收集目标的各类信息。收集到的信息越多,攻击成功的概率也就越大。本章将介绍信息收集的相关工具。本文选自《Kail Linux渗透测试实训手册》

3.1  Recon-NG框架

     Recon-NG是由python编写的一个开源的Web侦查(信息收集)框架。Recon-ng框架是一个强大的工具,使用它可以自动的收集信息和网络侦查。下面将介绍使用Recon-NG侦查工具。

启动Recon-NG框架,执行命令如下所示:本文选自《Kail Linux渗透测试实训手册》

  • root@kali :~# recon-ng                                                                                        

  •     _/_/_/    _/_/_/_/    _/_/_/    _/_/_/    _/      _/            _/      _/    _/_/_/

  •    _/    _/  _/        _/        _/      _/  _/_/    _/            _/_/    _/  _/      

  •   _/_/_/    _/_/_/    _/        _/      _/  _/  _/  _/  _/_/_/_/  _/  _/  _/  _/  _/_/_/

  •  _/    _/  _/        _/        _/      _/  _/    _/_/            _/    _/_/  _/      _/

  • _/    _/  _/_/_/_/    _/_/_/    _/_/_/    _/      _/            _/      _/    _/_/_/   

  •                                                                                        

  •      +---------------------------------------------------------------------------+     

  •      |  _                     ___    _                        __                 |     

  •      | |_)| _  _|_  |_|.|| _   |  _ |_ _  _ _  _ _|_o _  _   (_  _  _    _o_|_   |     

  •      | |_)|(_|(_|\  | ||||_\  _|_| || (_)| |||(_| | |(_)| |  __)(/_(_|_|| | | \/ |     

  •      |                                                                        /  |     

  •      |              Consulting | Research | Development | Training               |     

  •      |                     http://www.blackhillsinfosec.com                      |     

  •      +---------------------------------------------------------------------------+     

  •                       [recon-ng v4.1.4, Tim Tomes (@LaNMaSteR53)]                      

  • [56] Recon modules

  • [5]  Reporting modules

  • [2]  Exploitation modules

  • [2]  Discovery modules

  • [1]  Import modules

  • [recon-ng][default] >

    以上输出信息显示了Recon-NG框架的基本信息。例如在Recon-NG框架下,包括56个侦查模块、5个报告模块、2个渗透攻击模块、2个发现模块和1个导入模块。看到[recon-ng][default] >提示符,表示成功登录Recon-NG框架。现在,就可以在[recon-ng][default] >提示符后面执行各种操作命令了。本文选自《Kail Linux渗透测试实训手册》

首次使用Recon-NG框架之前,可以使用help命令查看所有可执行的命令。如下所示:

  • [recon-ng][default] > help

  • Commands (type [help|?] <topic>):

  • ---------------------------------

  • add             Adds records to the database

  • back            Exits current prompt level

  • del             Deletes records from the database

  • exit            Exits current prompt level

  • help            Displays this menu

  • keys            Manages framework API keys

  • load            Loads specified module

  • pdb             Starts a Python Debugger session

  • query           Queries the database

  • record          Records commands to a resource file

  • reload          Reloads all modules

  • resource        Executes commands from a resource file

  • search          Searches available modules

  • set             Sets module options

  • shell           Executes shell commands

  • show            Shows various framework items

  • spool           Spools output to a file

  • unset           Unsets module options

  • use             Loads specified module

  • workspaces      Manages workspaces

以上输出信息显示了在Recon-NG框架中可运行的命令。该框架和Metasploit框架类似,同样也支持很多模块。此时,可以使用show modules命令查看所有有效的模块列表。执行命令如下所示:本文选自《Kail Linux渗透测试实训手册》

  • [recon-ng][default] > show modules

  •   Discovery

  •   ---------

  •     discovery/info_disclosure/cache_snoop

  •     discovery/info_disclosure/interesting_files

  •   Exploitation

  •   ------------

  •     exploitation/injection/command_injector

  •     exploitation/injection/xpath_bruter

  •   Import

  •   ------

  •     import/csv_file

  •   Recon

  •   -----

  •     recon/companies-contacts/facebook

  •     recon/companies-contacts/jigsaw

  •     recon/companies-contacts/jigsaw/point_usage

  •     recon/companies-contacts/jigsaw/purchase_contact

  •     recon/companies-contacts/jigsaw/search_contacts

  •     recon/companies-contacts/linkedin_auth

  •     recon/contacts-contacts/mangle

  •     recon/contacts-contacts/namechk

  •     recon/contacts-contacts/rapportive

  •     recon/contacts-creds/haveibeenpwned

  • ……

  •     recon/hosts-hosts/bing_ip

  •     recon/hosts-hosts/ip_neighbor

  •     recon/hosts-hosts/ipinfodb

  •     recon/hosts-hosts/resolve

  •     recon/hosts-hosts/reverse_resolve

  •     recon/locations-locations/geocode

  •     recon/locations-locations/reverse_geocode

  •     recon/locations-pushpins/flickr

  •     recon/locations-pushpins/picasa

  •     recon/locations-pushpins/shodan

  •     recon/locations-pushpins/twitter

  •     recon/locations-pushpins/youtube

  •     recon/netblocks-hosts/reverse_resolve

  •     recon/netblocks-hosts/shodan_net

  •     recon/netblocks-ports/census_2012

  •   Reporting

  •   ---------

  •     reporting/csv

  •     reporting/html

  •     reporting/list

  •     reporting/pushpin

  •     reporting/xml

  •  [recon-ng][default] >

从输出的信息中,可以看到显示了五部分。每部分包括的模块数,在启动Recon-NG框架后可以看到。用户可以使用不同的模块,进行各种的信息收集。本文选自《Kail Linux渗透测试实训手册》


你可能感兴趣的:(linux,测试,实训,渗透,Kail,信息收集)