在上篇中我們有提到關資 whois 的東西,但我自已是覺得在 amass 用來找一些 whois 相關的東西好像有資訊有點少…有點奇怪,然後後來有發現 linux 有相關的東西。
這個指令很簡單就是可以找到 domain 或 ip 這兩個東西是屬於那個組織管理的 。
whois {ip}
像我下面就是用 dig 看一下 github.com 的 ip 後,然後結果如下,然後大概可以知道以下的資訊 :
這個範圍的 ip ( 20.0.0.0 - 20.31.255.255 ) ,現在是由微軟管理的。
然後它的 CIDR 為 20.0.0.0/11,也就是說包含了從 20.0.0.0 到 20.31.255.255 的所有 IP 地址。
它位於美國華盛頓州 Redmond。
RegDate 表示這個IP地址範圍的註冊日期,而 Updated 表示最後更新日期。
然後下面還包含了一些連絡資料。
$ whois 20.27.177.113
% IANA WHOIS server
% for more information on IANA, visit http://www.iana.org
% This query returned 1 object
refer: whois.arin.net
inetnum: 20.0.0.0 - 20.255.255.255
organisation: Administered by ARIN
status: LEGACY
whois: whois.arin.net
changed: 1994-10
source: IANA
# whois.arin.net
NetRange: 20.0.0.0 - 20.31.255.255
CIDR: 20.0.0.0/11
NetName: MSFT
NetHandle: NET-20-0-0-0-1
Parent: NET20 (NET-20-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: Microsoft Corporation (MSFT)
RegDate: 2017-10-18
Updated: 2021-12-14
Ref: https://rdap.arin.net/registry/ip/20.0.0.0
OrgName: Microsoft Corporation
OrgId: MSFT
Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US
RegDate: 1998-07-10
Updated: 2023-06-13
Comment: To report suspected security issues specific to traffic emanating from Microsoft online services, including the distribution of malicious content or other illicit or illegal material through a Microsoft online service, please submit reports to:
Comment: * https://cert.microsoft.com.
Comment:
Comment: For SPAM and other abuse issues, such as Microsoft Accounts, please contact:
Comment: * abuse@microsoft.com.
Comment:
Comment: To report security vulnerabilities in Microsoft products and services, please contact:
Comment: * secure@microsoft.com.
Comment:
Comment: For legal and law enforcement-related requests, please contact:
Comment: * msndcc@microsoft.com
Comment:
Comment: For routing, peering or DNS issues, please
Comment: contact:
Comment: * IOC@microsoft.com
Ref: https://rdap.arin.net/registry/entity/MSFT
OrgAbuseHandle: MAC74-ARIN
OrgAbuseName: Microsoft Abuse Contact
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: abuse@microsoft.com
OrgAbuseRef: https://rdap.arin.net/registry/entity/MAC74-ARIN
OrgTechHandle: BEDAR6-ARIN
OrgTechName: Bedard, Dawn
OrgTechPhone: +1-425-538-6637
OrgTechEmail: dabedard@microsoft.com
OrgTechRef: https://rdap.arin.net/registry/entity/BEDAR6-ARIN
OrgTechHandle: IPHOS5-ARIN
OrgTechName: IPHostmaster, IPHostmaster
OrgTechPhone: +1-425-538-6637
OrgTechEmail: iphostmaster@microsoft.com
OrgTechRef: https://rdap.arin.net/registry/entity/IPHOS5-ARIN
OrgTechHandle: MRPD-ARIN
OrgTechName: Microsoft Routing, Peering, and DNS
OrgTechPhone: +1-425-882-8080
OrgTechEmail: IOC@microsoft.com
OrgTechRef: https://rdap.arin.net/registry/entity/MRPD-ARIN
OrgRoutingHandle: CHATU3-ARIN
OrgRoutingName: Chaturmohta, Somesh
OrgRoutingPhone: +1-425-516-2387
OrgRoutingEmail: someshch@microsoft.com
OrgRoutingRef: https://rdap.arin.net/registry/entity/CHATU3-ARIN
OrgTechHandle: SINGH683-ARIN
OrgTechName: Singh, Prachi
OrgTechPhone: +1-425-707-5601
OrgTechEmail: pracsin@microsoft.com
OrgTechRef: https://rdap.arin.net/registry/entity/SINGH683-ARIN
https://www.geeksforgeeks.org/nmap-command-in-linux-with-examples/
簡單的說它就是可以找到某個 ip 下,有開啟的 port。
nmap {id}
範例如下,我是以 github 的 ip 去看的,看起來他們有開啟 ssh、http、https,如果當你家的 ip 被掃後,發現有不該開的,就要小心囉 ~
$ nmap 20.27.177.113
Starting Nmap 7.94 ( https://nmap.org ) at 2023-09-24 20:02 CST
Stats: 0:00:32 elapsed; 0 hosts completed (1 up), 1 undergoing Connect Scan
Connect Scan Timing: About 68.15% done; ETC: 20:02 (0:00:15 remaining)
Nmap scan report for 20.27.177.113
Host is up (0.069s latency).
Not shown: 997 filtered tcp ports (no-response)
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 48.25 seconds