KailLinux渗透测试实训手册第3章信息收集

Kail Linux渗透测试实训手册第3章信息收集

信息收集是网络攻击最重要的阶段之一。要想进行渗透攻击，就需要收集目标的各类信息。收集到的信息越多，攻击成功的概率也就越大。本章将介绍信息收集的相关工具。本文选自《Kail Linux渗透测试实训手册》

3.1 Recon-NG框架

Recon-NG是由python编写的一个开源的Web侦查（信息收集）框架。Recon-ng框架是一个强大的工具，使用它可以自动的收集信息和网络侦查。下面将介绍使用Recon-NG侦查工具。

启动Recon-NG框架，执行命令如下所示：本文选自《Kail Linux渗透测试实训手册》

root@kali:~# recon-ng _/_/_/ _/_/_/_/ _/_/_/ _/_/_/ _/ _/ _/ _/ _/_/_/ _/ _/ _/ _/ _/ _/ _/_/ _/ _/_/ _/ _/ _/_/_/ _/_/_/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/ _/ _/ _/ _/_/_/ _/ _/ _/ _/ _/ _/ _/ _/_/ _/ _/_/ _/ _/_/ _/ _/_/_/_/ _/_/_/ _/_/_/ _/ _/ _/ _/ _/_/_/ +---------------------------------------------------------------------------+ | _ ___ _ __ | | |_)| _ _|_ |_|.|| _ | _ |_ _ _ _ _ _|_o _ _ (_ _ _ _o_|_ | | |_)|(_|(_|\ | ||||_\ _|_| || (_)| |||(_| | |(_)| | __)(/_(_|_|| | | \/ | | / | | Consulting | Research | Development | Training | | http://www.blackhillsinfosec.com | +---------------------------------------------------------------------------+ [recon-ng v4.1.4, Tim Tomes (@LaNMaSteR53)] [56] Recon modules[5] Reporting modules[2] Exploitation modules[2] Discovery modules[1] Import modules[recon-ng][default] > 以上输出信息显示了Recon-NG框架的基本信息。例如在Recon-NG框架下，包括56个侦查模块、5个报告模块、2个渗透攻击模块、2个发现模块和1个导入模块。看到[recon-ng][default] >提示符，表示成功登录Recon-NG框架。现在，就可以在[recon-ng][default] >提示符后面执行各种操作命令了。本文选自《Kail Linux渗透测试实训手册》

首次使用Recon-NG框架之前，可以使用help命令查看所有可执行的命令。如下所示：

[recon-ng][default] > helpCommands (type [help|?] <topic>):---------------------------------add Adds records to the databaseback Exits current prompt leveldel Deletes records from the databaseexit Exits current prompt levelhelp Displays this menukeys Manages framework API keysload Loads specified modulepdb Starts a Python Debugger sessionquery Queries the databaserecord Records commands to a resource filereload Reloads all modulesresource Executes commands from a resource filesearch Searches available modulesset Sets module optionsshell Executes shell commandsshow Shows various framework itemsspool Spools output to a fileunset Unsets module optionsuse Loads specified moduleworkspaces Manages workspaces

以上输出信息显示了在Recon-NG框架中可运行的命令。该框架和Metasploit框架类似，同样也支持很多模块。此时，可以使用show modules命令查看所有有效的模块列表。执行命令如下所示：本文选自《Kail Linux渗透测试实训手册》

[recon-ng][default] > show modules Discovery --------- discovery/info_disclosure/cache_snoop discovery/info_disclosure/interesting_files Exploitation ------------ exploitation/injection/command_injector exploitation/injection/xpath_bruter Import ------ import/csv_file Recon ----- recon/companies-contacts/facebook recon/companies-contacts/jigsaw recon/companies-contacts/jigsaw/point_usage recon/companies-contacts/jigsaw/purchase_contact recon/companies-contacts/jigsaw/search_contacts recon/companies-contacts/linkedin_auth recon/contacts-contacts/mangle recon/contacts-contacts/namechk recon/contacts-contacts/rapportive recon/contacts-creds/haveibeenpwned…… recon/hosts-hosts/bing_ip recon/hosts-hosts/ip_neighbor recon/hosts-hosts/ipinfodb recon/hosts-hosts/resolve recon/hosts-hosts/reverse_resolve recon/locations-locations/geocode recon/locations-locations/reverse_geocode recon/locations-pushpins/flickr recon/locations-pushpins/picasa recon/locations-pushpins/shodan recon/locations-pushpins/twitter recon/locations-pushpins/youtube recon/netblocks-hosts/reverse_resolve recon/netblocks-hosts/shodan_net recon/netblocks-ports/census_2012 Reporting --------- reporting/csv reporting/html reporting/list reporting/pushpin reporting/xml [recon-ng][default] >

从输出的信息中，可以看到显示了五部分。每部分包括的模块数，在启动Recon-NG框架后可以看到。用户可以使用不同的模块，进行各种的信息收集。本文选自《Kail Linux渗透测试实训手册》