kali学习-社会工程学工具
本文记录 Kali Linux 2018.7 学习使用和渗透测试的详细过程,教程为安全牛课堂里的《Kali Linux 渗透测试》课程
参考 https://blog.csdn.net/Kevinhanser/article/details/79734491
1. 搜索引擎
2. SHODAN
3. GOOGLE搜索
4. YANDEX
5. 查询用户信息
6. CUPP 制作个人专属字典
7. 图片信息
8.Rencon-ng
1. 搜索引擎
-
简介
- 公司新闻动态
- 重要雇员信息
- 机密⽂文档 / 网络拓扑
- ⽤用户名密码
- 目标系统软硬件技术架构
2. SHODAN
-
简介
- 搜索联网的设备
- Banner:http、ftp、ssh、telnet
- 官网
-
查8.8.8.8
-
常见filter:
-
net
net:8.8.8.0/24
- 1
- 2
-
city
city:Beijing
- 1
- 2
-
country(CN、US)
country:US
- 1
- 2
-
port(80、21、22、23)
port:80
- 1
- 2
port:80,22
- 1
- 2
-
os
os:linux
- 1
- 2
-
Hostname(主机或域名)
hostname:www.baidu.com
- 1
- 2
3. GOOGLE搜索
-
简介
- inurl:”level/15/exec/-/show”
- intitle:”netbotz appliance” “ok”
- inurl /admin/login.php
- inurl:qq.txt
- filetype:xls “username | password“
- inurl:ftp “password” filetype:xls site:baidu.com
- Service.pwd
- http://exploit-db.com/google-dorks
4. YANDEX
-
简介
- 世界第四大搜索引擎——俄罗斯
- https://www.yandex.com/
5.查询用户信息
-
邮件
Usage: theharvester options -d: Domain to search or company name -b: data source: google, googleCSE, bing, bingapi, pgp, linkedin, google-profiles, jigsaw, twitter, googleplus, all -s: Start in result number X (default: 0) -v: Verify host name via dns resolution and search for virtual hosts -f: Save the results into an HTML and XML file (both) -n: Perform a DNS reverse query on all ranges discovered -c: Perform a DNS brute force for the domain name -t: Perform a DNS TLD expansion discovery -e: Use this DNS server -l: Limit the number of results to work with(bing goes from 50 to 50 results, google 100 to 100, and pgp doesn't use this option) -h: use SHODAN database to query discovered hosts Examples: theharvester -d microsoft.com -l 500 -b google -h myresults.html theharvester -d microsoft.com -b pgp theharvester -d microsoft -l 200 -b linkedin theharvester -d apple.com -b googleCSE -l 500 -s 300 root@kali:~# theharvester -d microsoft.com -b pgp
-
文件
Usage: metagoofil options
-d: domain to search -t: filetype to download (pdf,doc,xls,ppt,odp,ods,docx,xlsx,pptx) -l: limit of results to search (default 200) -h: work with documents in directory (use "yes" for local analysis) -n: limit of files to download -o: working directory (location to save downloaded files) -f: output file
-
Examples:
metagoofil -d apple.com -t doc,pdf -l 200 -n 50 -o applefiles -f results.html
metagoofil -h yes -o applefiles -f results.html (local dir analysis)
6. CUPP 制作个人专属字典
-
简介
- 按个人信息生成其专属的密码字典
-
安装
git clone https://github.com/Mebus/cupp.git python cupp.py -i (注意python3版本与python2.7版本)
7. 图片信息
-
exif (linux)
用法: exif [选项...] 文件 -v, --version 显示软件版本 -i, --ids 显示 IDs,以代替信息标识名称 -t, --tag=信息标识 选择信息标识 --ifd=IFD 选择 IFD -l, --list-tags 列出所有 EXIF 信息标识 -|, --show-mnote 显示 MakerNote 的内容 --remove 删除信息标识或是 ifd -s, --show-description 显示信息标识说明 -e, --extract-thumbnail 解出缩略图 -r, --remove-thumbnail 删除缩略图 -n, --insert-thumbnail=FILE 将 FILE 作为缩略图插入 --no-fixup 不修复文件中存在的标识信息 -o, --output=FILE 将数据写入 FILE --set-value=STRING tag 值 -c, --create-exif 如果 EXIF 数据不存在就创建它 -m, --machine-readable 以机器可读的格式(tab 分隔)输出 -w, --width=宽度 输出宽度 -x, --xml-output 以 XML 格式输出 -d, --debug 显示调示信息 帮助选项: -?, --help 显示此帮助信息 --usage 显示简短的使用信息
-
foca (windows)
8 Rencon-ng
Recon-NG是由python编写的一个开源的Web侦查(信息收集)框架。Recon-ng框架是一个全特性的工具,使用它可以自动的收集信息和网络侦查。其命令格式与Metasploit!默认集成数据库,可把查询结果结构化存储在其中,有报告模块,把结果导出为报告。1、启动Recon-NG框架[recon-ng][default] >提示符表示启动成功root@kali:~
使用help命令查看所有可执行的命令或-h[recon-ng][default] > help
add Adds records to the database back Exits the current context delete Deletes records from the database exit Exits the framework help Displays this menu <strong>keys Manages framework API keys load Loads specified module pdb Starts a Python Debugger session query Queries the database record Records commands to a resource file <strong>reload Reloads all modules resource Executes commands from a resource file <strong>search Searches available modules set Sets module options <strong>shell Executes shell commands show Shows various framework items snapshots Manages workspace snapshots </strong>spool Spools output to a file unset Unsets module options <span style="color:#ff0000;">use Loads specified module workspaces Manages workspaces
root@kali:~ usage: recon-ng [-h] [-v] [-w workspace] [-r filename] [--no-check] [--no-analytics] -h, --help show this help message and exit -v, --version show program's version number and exit -w workspace load/create a workspace -r filename load commands from a resource file --no-check disable version check --no-analytics disable analytics reporting
[recon-ng][sina.com] > show options Name Current Value Required Description ---------- ------------- -------- ----------- DEBUG False yes enable debugging output NAMESERVER 8.8.8.8 yes nameserver for DNS interrogation PROXY no proxy server (address:port) THREADS 10 yes number of threads (where applicable) TIMEOUT 10 yes socket timeout (seconds) <strong>USER-AGENT Recon-ng/v4 yes user-agent string VERBOSE True yes enable verbose output
-
添加keys模块的使用
root@localhost:~# recon-ng -w sina
参考文献:
https://blog.csdn.net/kevinhanser/article/details/79734494
人的痛苦源于对自己无能的愤怒!