• Home »
  • Security »
  • Backtrack 4: Information Gathering: Dmitry – Deepmagic Information Gathering Tool

Backtrack 4: Information Gathering: Dmitry – Deepmagic Information Gathering Tool

Dmitry or Deepmagic Information Gathering Tool is an all in one host information tool included in Backtrack 4’s Information Gathering section. Personally I prefer doing most info gathering using tools built into Linux however it is nice to run a tool like this in the background and come back later if you are multi-tasking. Before getting into the details of Dmitry please see this article relating to a Segmentation Fault that can occur with Dmitry on Backtrack 4.

Dmitry – Deepmagic Information Gathering Tool Details:

So Dmitry can perform numerous tasks based on the switches provided including a couple whois lookups, netcraft.com data (OS info, uptime info, web server info), subdomain search, email address search, and various TCP port scan options. As you can see letting this fly against a target host will return various information in one swoop. Below is an example using Dmitry against the louisville.edu domain/host.

Dmitry Example Against Louisville.edu Domain/Host:

bash

  1. root@bt:~# dmitry -wnsepb louisville.edu
  2. Deepmagic Information Gathering Tool
  3. "There be some deep magic going on"
  4.  
  5. HostIP:136.165.238.241
  6. HostName:louisville.edu
  7.  
  8. Gathered Inic-whois information for louisville.edu
  9. ---------------------------------
  10.  
  11. Domain Name: LOUISVILLE.EDU
  12.  
  13. Registrant:
  14.    University of Louisville
  15.    Information Technology - Communications Services
  16.    109 Miller Info Tech Center
  17.    Louisville, KY 40292
  18.    UNITED STATES
  19.  
  20. Administrative Contact:
  21.    Domain Admin
  22.    University of Louisville
  23.    109 Miller Info Tech Center
  24.    Information Technology Communications Services
  25.    Louisville, KY 40292
  26.    UNITED STATES
  27.    (502) 852-1776
  28.    domain.admin@hermes.louisville.edu
  29.  
  30. Technical Contact:
  31.    Domain Tech
  32.    University of Louisville
  33.    109 Miller Info Tech Center
  34.    Information Technology Communications Services
  35.    Louisville, KY 40292
  36.    UNITED STATES
  37.    (502) 852-1776
  38.    domain.tech@hermes.louisville.edu
  39.  
  40. Name Servers:
  41.    HERMES.LOUISVILLE.EDU           136.165.253.10
  42.    PAN.LOUISVILLE.EDU              136.165.253.89
  43.    HERMES.IPV6.LOUISVILLE.EDU      2610:1e0:1800:f1::1
  44.    PAN.IPV6.LOUISVILLE.EDU         2610:1e0:1800:af1::1
  45.    MIDNIGHT.STATE.KY.US
  46.  
  47. Domain record activated:    11-Sep-1989
  48. Domain record last updated: 17-Feb-2009
  49. Domain expires:             31-Jul-2011
  50.  
  51. Gathered Netcraft information for louisville.edu
  52. ---------------------------------
  53.  
  54. Retrieving Netcraft.com information for louisville.edu
  55. No uptime reports available for host: louisville.edu
  56. Netcraft.com Information gathered
  57.  
  58. Gathered Subdomain information for louisville.edu
  59. ---------------------------------
  60. Searching Google.com:80...
  61. HostName:blackboard.louisville.edu
  62. HostIP:136.165.229.56
  63. HostName:louisville.louisville.edu
  64. HostIP:67.215.65.132
  65. HostName:ulink.louisville.edu
  66. HostIP:136.165.229.26
  67. HostName:www.law.louisville.edu
  68. HostIP:136.165.33.26
  69. HostName:ksdc.louisville.edu
  70. HostIP:136.165.30.162
  71. HostName:business.louisville.edu
  72. HostIP:136.165.235.106
  73. HostName:graduate.louisville.edu
  74. HostIP:136.165.238.236
  75. HostName:delphi.louisville.edu
  76. HostIP:136.165.238.157
  77. HostName:art.louisville.edu
  78. HostIP:136.165.238.157
  79. HostName:supa.louisville.edu
  80. HostIP:136.165.30.162
  81. HostName:n-acetyltransferasenomenclature.louisville.edu
  82. HostIP:136.165.238.157
  83. HostName:www.alumni.louisville.edu
  84. HostIP:136.165.238.157
  85. HostName:www.louisville.edu
  86. HostIP:136.165.238.157
  87. HostName:sun.louisville.edu
  88. HostIP:136.165.30.162
  89. HostName:cepm.louisville.edu
  90. HostIP:136.165.30.162
  91. HostName:modernlanguages.louisville.edu
  92. HostIP:136.165.238.64
  93. HostName:www.ece.louisville.edu
  94. HostIP:136.165.48.40
  95. HostName:www.chse.louisville.edu
  96. HostIP:136.165.238.157
  97. HostName:www.cs.louisville.edu
  98. HostIP:136.165.238.157
  99. HostName:minerva.louisville.edu
  100. HostIP:136.165.237.48
  101. HostName:www.math.louisville.edu
  102. HostIP:136.165.82.1
  103. HostName:pediatrics.louisville.edu
  104. HostIP:136.165.238.64
  105. HostName:www.physics.louisville.edu
  106. HostIP:136.165.83.56
  107. HostName:reach.louisville.edu
  108. HostIP:136.165.238.64
  109. HostName:gwweb.louisville.edu
  110. HostIP:136.165.228.2
  111. HostName:www.med.louisville.edu
  112. HostIP:136.165.238.133
  113. HostName:ci.louisville.edu
  114. HostIP:136.165.40.22
  115. HostName:pso.louisville.edu
  116. HostIP:136.165.30.162
  117. HostName:digital.library.louisville.edu
  118. HostIP:136.165.115.187
  119. HostName:www.starautism.louisville.edu
  120. HostIP:136.165.238.157
  121. HostName:document.louisville.edu
  122. HostIP:67.215.65.132
  123. Searching Altavista.com:80...
  124. Found 31 possible subdomain(s) for host louisville.edu, Searched 0 pages containing 0 results
  125.  
  126. Gathered E-Mail information for louisville.edu
  127. ---------------------------------
  128. Searching Google.com:80...
  129. Danna.Morrison@louisville.edu
  130. price.foster@louisville.edu
  131. macgroup@erdos.math.louisville.edu
  132. sc8cc3fd.049@louisville.edu
  133. sovanc01@louisville.edu
  134. dsteis01@louisville.edu
  135. Searching Altavista.com:80...
  136. Found 6 E-Mail(s) for host louisville.edu, Searched 0 pages containing 0 results
  137.  
  138. Gathered TCP Port information for 136.165.238.241
  139. ---------------------------------
  140.  Port           State
  141. 80/tcp          open
  142.  
  143. Portscan Finished: Scanned 150 ports, 1 ports were in state closed
  144.  
  145. All scans completed, exiting

As you can see there is a wealth of information regarding he louisville.edu domain as well as the specific host we hit serving the louisville.edu domain. There isn’t a whole lot to write about such a tool since it really just requires reading what he switches do and letting it fly. For more information on Dmitry type “man dmitry” from a Backtrack terminal window.

Professional Penetration Testing: Volume 1: Creating and Learning in a Hacking Lab (Paperback)


List Price: $79.95
New From: $41.96 USD In Stock
Used from: $0.46 USD In Stock

Gray Hat Hacking, Second Edition: The Ethical Hacker’s Handbook (Paperback)


List Price: $49.99
New From: $10.00 USD In Stock
Used from: $2.39 USD In Stock

Share