iT邦幫忙

2023 iThome 鐵人賽

DAY 9
0
自我挑戰組

馬克的 Kali Linux 與資安學習小筆記系列 第 9

30-9 搜集情報篇 - whois 與 nmap

  • 分享至 

  • xImage
  •  

在上篇中我們有提到關資 whois 的東西,但我自已是覺得在 amass 用來找一些 whois 相關的東西好像有資訊有點少…有點奇怪,然後後來有發現 linux 有相關的東西。

whois

這個指令很簡單就是可以找到 domain 或 ip 這兩個東西是屬於那個組織管理的 。

whois {ip}

像我下面就是用 dig 看一下 github.com 的 ip 後,然後結果如下,然後大概可以知道以下的資訊 :

  • 這個範圍的 ip ( 20.0.0.0 - 20.31.255.255 ) ,現在是由微軟管理的。

  • 然後它的 CIDR 為 20.0.0.0/11,也就是說包含了從 20.0.0.0 到 20.31.255.255 的所有 IP 地址。

  • 它位於美國華盛頓州 Redmond。

  • RegDate 表示這個IP地址範圍的註冊日期,而 Updated 表示最後更新日期。

  • 然後下面還包含了一些連絡資料。

$ whois 20.27.177.113

% IANA WHOIS server
% for more information on IANA, visit http://www.iana.org
% This query returned 1 object

refer:        whois.arin.net

inetnum:      20.0.0.0 - 20.255.255.255
organisation: Administered by ARIN
status:       LEGACY

whois:        whois.arin.net

changed:      1994-10
source:       IANA

# whois.arin.net

NetRange:       20.0.0.0 - 20.31.255.255
CIDR:           20.0.0.0/11
NetName:        MSFT
NetHandle:      NET-20-0-0-0-1
Parent:         NET20 (NET-20-0-0-0-0)
NetType:        Direct Allocation
OriginAS:
Organization:   Microsoft Corporation (MSFT)
RegDate:        2017-10-18
Updated:        2021-12-14
Ref:            https://rdap.arin.net/registry/ip/20.0.0.0



OrgName:        Microsoft Corporation
OrgId:          MSFT
Address:        One Microsoft Way
City:           Redmond
StateProv:      WA
PostalCode:     98052
Country:        US
RegDate:        1998-07-10
Updated:        2023-06-13
Comment:        To report suspected security issues specific to traffic emanating from Microsoft online services, including the distribution of malicious content or other illicit or illegal material through a Microsoft online service, please submit reports to:
Comment:        * https://cert.microsoft.com.
Comment:
Comment:        For SPAM and other abuse issues, such as Microsoft Accounts, please contact:
Comment:        * abuse@microsoft.com.
Comment:
Comment:        To report security vulnerabilities in Microsoft products and services, please contact:
Comment:        * secure@microsoft.com.
Comment:
Comment:        For legal and law enforcement-related requests, please contact:
Comment:        * msndcc@microsoft.com
Comment:
Comment:        For routing, peering or DNS issues, please
Comment:        contact:
Comment:        * IOC@microsoft.com
Ref:            https://rdap.arin.net/registry/entity/MSFT


OrgAbuseHandle: MAC74-ARIN
OrgAbuseName:   Microsoft Abuse Contact
OrgAbusePhone:  +1-425-882-8080
OrgAbuseEmail:  abuse@microsoft.com
OrgAbuseRef:    https://rdap.arin.net/registry/entity/MAC74-ARIN

OrgTechHandle: BEDAR6-ARIN
OrgTechName:   Bedard, Dawn
OrgTechPhone:  +1-425-538-6637
OrgTechEmail:  dabedard@microsoft.com
OrgTechRef:    https://rdap.arin.net/registry/entity/BEDAR6-ARIN

OrgTechHandle: IPHOS5-ARIN
OrgTechName:   IPHostmaster, IPHostmaster
OrgTechPhone:  +1-425-538-6637
OrgTechEmail:  iphostmaster@microsoft.com
OrgTechRef:    https://rdap.arin.net/registry/entity/IPHOS5-ARIN

OrgTechHandle: MRPD-ARIN
OrgTechName:   Microsoft Routing, Peering, and DNS
OrgTechPhone:  +1-425-882-8080
OrgTechEmail:  IOC@microsoft.com
OrgTechRef:    https://rdap.arin.net/registry/entity/MRPD-ARIN

OrgRoutingHandle: CHATU3-ARIN
OrgRoutingName:   Chaturmohta, Somesh
OrgRoutingPhone:  +1-425-516-2387
OrgRoutingEmail:  someshch@microsoft.com
OrgRoutingRef:    https://rdap.arin.net/registry/entity/CHATU3-ARIN

OrgTechHandle: SINGH683-ARIN
OrgTechName:   Singh, Prachi
OrgTechPhone:  +1-425-707-5601
OrgTechEmail:  pracsin@microsoft.com
OrgTechRef:    https://rdap.arin.net/registry/entity/SINGH683-ARIN

namp

https://www.geeksforgeeks.org/nmap-command-in-linux-with-examples/

簡單的說它就是可以找到某個 ip 下,有開啟的 port。

nmap {id}

範例如下,我是以 github 的 ip 去看的,看起來他們有開啟 ssh、http、https,如果當你家的 ip 被掃後,發現有不該開的,就要小心囉 ~

$ nmap 20.27.177.113

Starting Nmap 7.94 ( https://nmap.org ) at 2023-09-24 20:02 CST
Stats: 0:00:32 elapsed; 0 hosts completed (1 up), 1 undergoing Connect Scan
Connect Scan Timing: About 68.15% done; ETC: 20:02 (0:00:15 remaining)
Nmap scan report for 20.27.177.113
Host is up (0.069s latency).
Not shown: 997 filtered tcp ports (no-response)
PORT    STATE SERVICE
22/tcp  open  ssh
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 48.25 seconds

上一篇
30-8 搜集情報篇 - Amass
下一篇
30-10 OWASP - Information Gathering ( 1 )
系列文
馬克的 Kali Linux 與資安學習小筆記30
圖片
  直播研討會
圖片
{{ item.channelVendor }} {{ item.webinarstarted }} |
{{ formatDate(item.duration) }}
直播中

尚未有邦友留言

立即登入留言