Backtrack 4: Information Gathering: Dmitry – Deepmagic Information Gathering Tool
Posted by alex in Security at 8:48 PMDmitry or Deepmagic Information Gathering Tool is an all in one host information tool included in Backtrack 4′s Information Gathering section. Personally I prefer doing most info gathering using tools built into Linux however it is nice to run a tool like this in the background and come back later if you are multi-tasking. Before getting into the details of Dmitry please see this article relating to a Segmentation Fault that can occur with Dmitry on Backtrack 4.
Dmitry – Deepmagic Information Gathering Tool Details:
So Dmitry can perform numerous tasks based on the switches provided including a couple whois lookups, netcraft.com data (OS info, uptime info, web server info), subdomain search, email address search, and various TCP port scan options. As you can see letting this fly against a target host will return various information in one swoop. Below is an example using Dmitry against the louisville.edu domain/host.
Dmitry Example Against Louisville.edu Domain/Host:
root@bt:~# dmitry -wnsepb louisville.edu Deepmagic Information Gathering Tool "There be some deep magic going on" HostIP:136.165.238.241 HostName:louisville.edu Gathered Inic-whois information for louisville.edu --------------------------------- Domain Name: LOUISVILLE.EDU Registrant: University of Louisville Information Technology - Communications Services 109 Miller Info Tech Center Louisville, KY 40292 UNITED STATES Administrative Contact: Domain Admin University of Louisville 109 Miller Info Tech Center Information Technology Communications Services Louisville, KY 40292 UNITED STATES (502) 852-1776 domain.admin@hermes.louisville.edu Technical Contact: Domain Tech University of Louisville 109 Miller Info Tech Center Information Technology Communications Services Louisville, KY 40292 UNITED STATES (502) 852-1776 domain.tech@hermes.louisville.edu Name Servers: HERMES.LOUISVILLE.EDU 136.165.253.10 PAN.LOUISVILLE.EDU 136.165.253.89 HERMES.IPV6.LOUISVILLE.EDU 2610:1e0:1800:f1::1 PAN.IPV6.LOUISVILLE.EDU 2610:1e0:1800:af1::1 MIDNIGHT.STATE.KY.US Domain record activated: 11-Sep-1989 Domain record last updated: 17-Feb-2009 Domain expires: 31-Jul-2011 Gathered Netcraft information for louisville.edu --------------------------------- Retrieving Netcraft.com information for louisville.edu No uptime reports available for host: louisville.edu Netcraft.com Information gathered Gathered Subdomain information for louisville.edu --------------------------------- Searching Google.com:80... HostName:blackboard.louisville.edu HostIP:136.165.229.56 HostName:louisville.louisville.edu HostIP:67.215.65.132 HostName:ulink.louisville.edu HostIP:136.165.229.26 HostName:www.law.louisville.edu HostIP:136.165.33.26 HostName:ksdc.louisville.edu HostIP:136.165.30.162 HostName:business.louisville.edu HostIP:136.165.235.106 HostName:graduate.louisville.edu HostIP:136.165.238.236 HostName:delphi.louisville.edu HostIP:136.165.238.157 HostName:art.louisville.edu HostIP:136.165.238.157 HostName:supa.louisville.edu HostIP:136.165.30.162 HostName:n-acetyltransferasenomenclature.louisville.edu HostIP:136.165.238.157 HostName:www.alumni.louisville.edu HostIP:136.165.238.157 HostName:www.louisville.edu HostIP:136.165.238.157 HostName:sun.louisville.edu HostIP:136.165.30.162 HostName:cepm.louisville.edu HostIP:136.165.30.162 HostName:modernlanguages.louisville.edu HostIP:136.165.238.64 HostName:www.ece.louisville.edu HostIP:136.165.48.40 HostName:www.chse.louisville.edu HostIP:136.165.238.157 HostName:www.cs.louisville.edu HostIP:136.165.238.157 HostName:minerva.louisville.edu HostIP:136.165.237.48 HostName:www.math.louisville.edu HostIP:136.165.82.1 HostName:pediatrics.louisville.edu HostIP:136.165.238.64 HostName:www.physics.louisville.edu HostIP:136.165.83.56 HostName:reach.louisville.edu HostIP:136.165.238.64 HostName:gwweb.louisville.edu HostIP:136.165.228.2 HostName:www.med.louisville.edu HostIP:136.165.238.133 HostName:ci.louisville.edu HostIP:136.165.40.22 HostName:pso.louisville.edu HostIP:136.165.30.162 HostName:digital.library.louisville.edu HostIP:136.165.115.187 HostName:www.starautism.louisville.edu HostIP:136.165.238.157 HostName:document.louisville.edu HostIP:67.215.65.132 Searching Altavista.com:80... Found 31 possible subdomain(s) for host louisville.edu, Searched 0 pages containing 0 results Gathered E-Mail information for louisville.edu --------------------------------- Searching Google.com:80... Danna.Morrison@louisville.edu price.foster@louisville.edu macgroup@erdos.math.louisville.edu sc8cc3fd.049@louisville.edu sovanc01@louisville.edu dsteis01@louisville.edu Searching Altavista.com:80... Found 6 E-Mail(s) for host louisville.edu, Searched 0 pages containing 0 results Gathered TCP Port information for 136.165.238.241 --------------------------------- Port State 80/tcp open Portscan Finished: Scanned 150 ports, 1 ports were in state closed All scans completed, exiting
As you can see there is a wealth of information regarding he louisville.edu domain as well as the specific host we hit serving the louisville.edu domain. There isn’t a whole lot to write about such a tool since it really just requires reading what he switches do and letting it fly. For more information on Dmitry type “man dmitry” from a Backtrack terminal window.
|
||
|
|
||||||||
Entries (RSS)
ITS GOOD………BT NOT MUCH INTERESTING…
[Reply]
alex Reply:
February 1st, 2011 at 1:10 PM
Hello Sheetal,
The application or the article? Regardless thanks for leaving feedback.
Thanks.
alex
[Reply]