Kail Linux滲透測試實訓手冊第3章資訊收集

資訊收集是網路攻擊最重要的階段之一。要想進行滲透攻擊，就需要收集目標的各類資訊。收集到的資訊越多，攻擊成功的機率也就越大。本章將介紹資訊收集的相關工具。本文選自《Kail Linux滲透測試實訓手冊》

3.1 Recon-NG框架

Recon-NG是由python編寫的一個開源的Web偵查（資訊收集）框架。Recon-ng框架是一個強大的工具，使用它可以自動的收集資訊和網路偵查。下面將介紹使用Recon-NG偵查工具。

啟動Recon-NG框架，執行命令如下所示：本文選自《Kail Linux滲透測試實訓手冊》

root@kali:~# recon-ng
_/_/_/ _/_/_/_/ _/_/_/ _/_/_/ _/ _/ _/ _/ _/_/_/
_/ _/ _/ _/ _/ _/ _/_/ _/ _/_/ _/ _/
_/_/_/ _/_/_/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/ _/ _/ _/ _/_/_/
_/ _/ _/ _/ _/ _/ _/ _/_/ _/ _/_/ _/ _/
_/ _/ _/_/_/_/ _/_/_/ _/_/_/ _/ _/ _/ _/ _/_/_/
+---------------------------------------------------------------------------+
| _ ___ _ __ |
| |_)| _ _|_ |_|.|| _ | _ |_ _ _ _ _ _|_o _ _ (_ _ _ _o_|_ |
| |_)|(_|(_|\ | ||||_\ _|_| || (_)| |||(_| | |(_)| | __)(/_(_|_|| | | \/ |
| / |
| Consulting | Research | Development | Training |
| |
+---------------------------------------------------------------------------+
[recon-ng v4.1.4, Tim Tomes (@LaNMaSteR53)]
[56] Recon modules
[5] Reporting modules
[2] Exploitation modules
[2] Discovery modules
[1] Import modules
[recon-ng][default] >

以上輸出資訊顯示了Recon-NG框架的基本資訊。例如在Recon-NG框架下，包括56個偵查模組、5個報告模組、2個滲透攻擊模組、2個發現模組和1個匯入模組。看到[recon-ng][default] >提示符，表示成功登入Recon-NG框架。現在，就可以在[recon-ng][default] >提示符後面執行各種操作命令了。本文選自《Kail Linux滲透測試實訓手冊》

首次使用Recon-NG框架之前，可以使用help命令檢視所有可執行的命令。如下所示：

[recon-ng][default] > help
Commands (type [help|?] ):
---------------------------------
add Adds records to the database
back Exits current prompt level
del Deletes records from the database
exit Exits current prompt level
help Displays this menu
keys Manages framework API keys
load Loads specified module
pdb Starts a Python Debugger session
query Queries the database
record Records commands to a resource file
reload Reloads all modules
resource Executes commands from a resource file
search Searches available modules
set Sets module options
shell Executes shell commands
show Shows various framework items
spool Spools output to a file
unset Unsets module options
use Loads specified module
workspaces Manages workspaces

以上輸出資訊顯示了在Recon-NG框架中可執行的命令。該框架和Metasploit框架類似，同樣也支援很多模組。此時，可以使用show modules命令檢視所有有效的模組列表。執行命令如下所示：本文選自《Kail Linux滲透測試實訓手冊》

[recon-ng][default] > show modules
Discovery
---------
discovery/info_disclosure/cache_snoop
discovery/info_disclosure/interesting_files
Exploitation
------------
exploitation/injection/command_injector
exploitation/injection/xpath_bruter
Import
------
import/csv_file
Recon
-----
recon/companies-contacts/facebook
recon/companies-contacts/jigsaw
recon/companies-contacts/jigsaw/point_usage
recon/companies-contacts/jigsaw/purchase_contact
recon/companies-contacts/jigsaw/search_contacts
recon/companies-contacts/linkedin_auth
recon/contacts-contacts/mangle
recon/contacts-contacts/namechk
recon/contacts-contacts/rapportive
recon/contacts-creds/haveibeenpwned
……
recon/hosts-hosts/bing_ip
recon/hosts-hosts/ip_neighbor
recon/hosts-hosts/ipinfodb
recon/hosts-hosts/resolve
recon/hosts-hosts/reverse_resolve
recon/locations-locations/geocode
recon/locations-locations/reverse_geocode
recon/locations-pushpins/flickr
recon/locations-pushpins/picasa
recon/locations-pushpins/shodan
recon/locations-pushpins/twitter
recon/locations-pushpins/youtube
recon/netblocks-hosts/reverse_resolve
recon/netblocks-hosts/shodan_net
recon/netblocks-ports/census_2012
Reporting
---------
reporting/csv
reporting/html
reporting/list
reporting/pushpin
reporting/xml
[recon-ng][default] >

從輸出的資訊中，可以看到顯示了五部分。每部分包括的模組數，在啟動Recon-NG框架後可以看到。使用者可以使用不同的模組，進行各種的資訊收集。本文選自《Kail Linux滲透測試實訓手冊》

Kail Linux滲透測試實訓手冊第3章資訊收集

Kail Linux滲透測試實訓手冊第3章資訊收集

3.1 Recon-NG框架

相關文章