When we start to talk about penetration tests, the fist phase will always be “Information Gathering”. Different sources are categorizing the types of information gathering from separate scopes. Active or passive, online or offline etc. I will try to introduce you a helpful tool with this post, called Dmitry.
Dmitry (Deepmagic Information Gathering Tool) is a GPLv3 licensed program written with C language by James Greig. It is UNIX/(GNU) Linux Command Line Application so working in the command line. I did no come across to it's GUI version so far. Dmitry's main ability is gathering information as much as it can. The sources may vary with the parameters you gave. It is able to gather possible subdomains, email addresses, uptime information, tcp port scan, whois lookups. Some functions can be thought as active information gathering so you should be careful if not permitted.
Main feature of Dmitry:
- Perform an Internet Number whois lookup.
- Retrieve possible uptime data, system and server data.
- Perform a SubDomain search on a target host.
- Perform an E-Mail address search on a target host.
- Perform a TCP Portscan on the host target.
- A Modular program allowing user specified modules
The program is tested with the following platforms according to the information from the main page of the application.
Dmitry Tested Platforms:
- FreeBSD 4.* 5.* 6.0
- MacOSX 10.*
- SuSE Linux 8.*
- linux LFS 6.1
- OpenBSD 3.8
When you installed Dmitry, you can get help information with the help parameter. You should use one – for help. Here is the commnad line output.
root@kali:~# dmitry -h Deepmagic Information Gathering Tool "There be some deep magic going on" dmitry: invalid option -- 'h' Usage: dmitry [-winsepfb] [-t 0-9] [-o %host.txt] host -o Save output to %host.txt or to file specified by -o file -i Perform a whois lookup on the IP address of a host -w Perform a whois lookup on the domain name of a host -n Retrieve Netcraft.com information on a host -s Perform a search for possible subdomains -e Perform a search for possible email addresses -p Perform a TCP port scan on a host * -f Perform a TCP port scan on a host showing output reporting filtered ports * -b Read in the banner received from the scanned port * -t 0-9 Set the TTL in seconds when scanning a TCP port ( Default 2 ) *Requires the -p flagged to be passed
After you read the output, you can see that it is able to look whois information from Ip address or hostname. Also it can gather information from Netcraft.com and look for possible subdomains. Dmitry can search for possible email addresses. TCP scan option is considered as active information gathering.
You can see Dmitry's example of usage below.
root@kali:~# dmitry -winsepo example.txt example.com Deepmagic Information Gathering Tool "There be some deep magic going on" Writing output to 'example.txt' HostIP:22.214.171.124 HostName:example.com Gathered Inet-whois information for 126.96.36.199 ---------------------------------
Please feel free to add your comments and opinions to the disqus section.
subscribe via RSS