호스팅 TIP > 시스템보안 > [Domain Analyzer Security Tool] 도메인 분석기 보안툴

호스팅 TIP

보안

시스템

프로그래밍

시스템보안

월간 인기 게시물

	게시물 111건

[Domain Analyzer Security Tool] 도메인 분석기 보안툴

글쓴이 : 최고관리자 날짜 : 2014-07-28 (월) 13:39 조회 : 5143

글주소 :

참고 Url

http://domainanalyzer.sourceforge.net/

http://rajhackingarticles.blogspot.com.ar/2012/09/domain-analyzer-security-tool.html

http://www.dnspython.org/

http://dl.fedoraproject.org/pub/epel/6/x86_64/repoview/GeoIP.html

OS : CentOS 6.4 el6.x86_64

# tar zxvf domain_analyzer_v0.8.tar.gz

# cd domain-analyzer

Crawler

# ./crawler.py -u www.aaa.com

Usage: ./crawler.py <options>

Options:

-u, --url URL to start crawling.

-m, --max-amount-to-crawl Max deep to crawl. Using breadth first algorithm

-w, --write-to-file Save summary of crawling to a text file. Output directory is created automatically.

-s, --subdomains Also scan subdomains matching with url domain.

-r, --follow-redirect Do not follow redirect. By default follow redirection at main URL.

-f, --fetch-files Download there every file detected in 'Files' directory. Overwrite existing content.

-F, --file-extension Download files specified by comma separated extensions. This option also activates 'fetch-files' option. 'Ex.: -F pdf,xls,doc'

-d, --docs-files Download docs files:xls,pdf,doc,docx,txt,odt,gnumeric,csv, etc. This option also activates 'fetch-files' option.

-E, --exclude-extensions Do not download files that matches with this extensions. Options '-f','-F' or '-d' needed.

-h, --help Show this help message and exit.

-V, --version Output version information and exit.

-v, --verbose Be verbose

-D, --debug Debug.

Domain Analyzer

error message

You need to install python-dnspython. apt-get install python-dnspython

# wget http://dl.fedoraproject.org/pub/epel/6/x86_64/GeoIP-1.5.1-5.el6.x86_64.rpm

# rpm -Uhv GeoIP-1.5.1-5.el6.x86_64.rpm

# wget http://www.dnspython.org/kits/1.11.1/dnspython-1.11.1.tar.gz

# cd dnspython-1.11.1

# python setup.py install

# ./domain_analyzer.py -d naver.com

sage: ./domain_analyzer.py -d <domain> <options>
options:
-h, --help                            Show this help message and exit.
-V, --version                         Output version information and exit.
-D, --debug                           Debug.
-d, --domain                          Domain to analyze.
-L <list>, --common-hosts-list <list> Relative path to txt file containing common hostnames. One name per line.
-j, --not-common-hosts-names          Do not check common host names. Quicker but you will lose hosts.
-t, --not-zone-transfer               Do not attempt to transfer the zone.
-n, --not-net-block                   Do not attempt to -sL each IP netblock.
-o, --store-output                    Store everything in a directory named as the domain. Nmap output files and the summary are stored inside.
-a, --not-scan-or-active              Do not use nmap to scan ports nor to search for active hosts.
-p, --not-store-nmap                  Do not store any nmap output files in the directory <output-directory>/nmap.
-e, --zenmap                          Move xml nmap files to a directory and open zenmap with the topology of the whole group. Your user should have access to the DISPLAY variable.
-g, --not-goog-mail                   Do not use goog-mail.py (embebed) to look for emails for each domain
-s, --not-subdomains                  Do not analyze sub-domains recursively. You will lose subdomain internal information.
-f, --create-pdf                      Create a pdf file with all the information.
-l, --world-domination                Scan every gov,mil,org and net domains of every country on the world. Interesting if you don't use -s
-r, --robin-hood                      Send the pdf report to every email found using domains the MX servers found. Good girl.
-w, --not-webcrawl                    Do not web crawl every web site (in every port) we found looking for public web mis-configurations (Directory listing, etc.).
-m, --max-amount-to-crawl             If you crawl, do it up to this amount of links for each web site. Defaults to 50.
-F, --download-files                  If you crawl, download every file to disk.
-c, --not-countrys                    Do not resolve the country name for every IP and hostname.
-C, --not-colors                      Do not use colored output.
-q, --not-spf                         Do not check SPF records.
-k, --random-domains                  Find this amount of domains from google and analyze them. For base domain use -d
-v, --ignore-host-pattern             When using nmap to find active hosts and to port scan, ignore hosts which names match this pattern. Separete them with commas.
-x, --nmap-scantype                   Nmap parameters to port scan. Defaults to: '-O --reason --webxml --traceroute -sS -sV -sC -PN -n -v -F' .
-b, --robtex-domains                  If we found a DNS server with zone transfer activated, search other UNrelated domains using that DNS server with robtex and analyze them too.
-B, --all-robtex                      Like -b, but also if no Zone Transfer was found. Useful to analyze all the domains in one corporative DNS server. Includes also -b.
Press CTRL-C at any time to stop only the current step.

여행스케치

웹소식

자유게시판

인기검색어

	ceph
	volume	1
	http	1
	for	1
	ddos	1
	zero
	mon	3
	remote	1
	forward	6
	sq	2