Kail Linux渗透测试实训手册第3章信息收集

信息收集是网络攻击最重要的阶段之一。要想进行渗透攻击，就需要收集目标的各类信息。收集到的信息越多，攻击成功的概率也就越大。本章将介绍信息收集的相关工具。本文选自《Kail Linux渗透测试实训手册》

3.1 Recon-NG框架

Recon-NG是由python编写的一个开源的Web侦查（信息收集）框架。Recon-ng框架是一个强大的工具，使用它可以自动的收集信息和网络侦查。下面将介绍使用Recon-NG侦查工具。

启动Recon-NG框架，执行命令如下所示：本文选自《Kail Linux渗透测试实训手册》

[email protected]:~# recon-ng
_/_/_/ _/_/_/_/ _/_/_/ _/_/_/ _/ _/ _/ _/ _/_/_/
_/ _/ _/ _/ _/ _/ _/_/ _/ _/_/ _/ _/
_/_/_/ _/_/_/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/ _/ _/ _/ _/_/_/
_/ _/ _/ _/ _/ _/ _/ _/_/ _/ _/_/ _/ _/
_/ _/ _/_/_/_/ _/_/_/ _/_/_/ _/ _/ _/ _/ _/_/_/
+---------------------------------------------------------------------------+
| _ ___ _ __ |
| |_)| _ _|_ |_|.|| _ | _ |_ _ _ _ _ _|_o _ _ (_ _ _ _o_|_ |
| |_)|(_|(_|\ | ||||_\ _|_| || (_)| |||(_| | |(_)| | __)(/_(_|_|| | | \/ |
| / |
| Consulting | Research | Development | Training |
| http://www.blackhillsinfosec.com |
+---------------------------------------------------------------------------+
[recon-ng v4.1.4, Tim Tomes (@LaNMaSteR53)]
[56] Recon modules
[5] Reporting modules
[2] Exploitation modules
[2] Discovery modules
[1] Import modules
[recon-ng][default] >

以上输出信息显示了Recon-NG框架的基本信息。例如在Recon-NG框架下，包括56个侦查模块、5个报告模块、2个渗透攻击模块、2个发现模块和1个导入模块。看到[recon-ng][default] >提示符，表示成功登录Recon-NG框架。现在，就可以在[recon-ng][default] >提示符后面执行各种操作命令了。本文选自《Kail Linux渗透测试实训手册》

首次使用Recon-NG框架之前，可以使用help命令查看所有可执行的命令。如下所示：

[recon-ng][default] > help
Commands (type [help|?] <topic>):
---------------------------------
add Adds records to the database
back Exits current prompt level
del Deletes records from the database
exit Exits current prompt level
help Displays this menu
keys Manages framework API keys
load Loads specified module
pdb Starts a Python Debugger session
query Queries the database
record Records commands to a resource file
reload Reloads all modules
resource Executes commands from a resource file
search Searches available modules
set Sets module options
shell Executes shell commands
show Shows various framework items
spool Spools output to a file
unset Unsets module options
use Loads specified module
workspaces Manages workspaces

以上输出信息显示了在Recon-NG框架中可运行的命令。该框架和Metasploit框架类似，同样也支持很多模块。此时，可以使用show modules命令查看所有有效的模块列表。执行命令如下所示：本文选自《Kail Linux渗透测试实训手册》

[recon-ng][default] > show modules
Discovery
---------
discovery/info_disclosure/cache_snoop
discovery/info_disclosure/interesting_files
Exploitation
------------
exploitation/injection/command_injector
exploitation/injection/xpath_bruter
Import
------
import/csv_file
Recon
-----
recon/companies-contacts/facebook
recon/companies-contacts/jigsaw
recon/companies-contacts/jigsaw/point_usage
recon/companies-contacts/jigsaw/purchase_contact
recon/companies-contacts/jigsaw/search_contacts
recon/companies-contacts/linkedin_auth
recon/contacts-contacts/mangle
recon/contacts-contacts/namechk
recon/contacts-contacts/rapportive
recon/contacts-creds/haveibeenpwned
……
recon/hosts-hosts/bing_ip
recon/hosts-hosts/ip_neighbor
recon/hosts-hosts/ipinfodb
recon/hosts-hosts/resolve
recon/hosts-hosts/reverse_resolve
recon/locations-locations/geocode
recon/locations-locations/reverse_geocode
recon/locations-pushpins/flickr
recon/locations-pushpins/picasa
recon/locations-pushpins/shodan
recon/locations-pushpins/twitter
recon/locations-pushpins/youtube
recon/netblocks-hosts/reverse_resolve
recon/netblocks-hosts/shodan_net
recon/netblocks-ports/census_2012
Reporting
---------
reporting/csv
reporting/html
reporting/list
reporting/pushpin
reporting/xml
[recon-ng][default] >

从输出的信息中，可以看到显示了五部分。每部分包括的模块数，在启动Recon-NG框架后可以看到。用户可以使用不同的模块，进行各种的信息收集。本文选自《Kail Linux渗透测试实训手册》

时间： 2024-12-10 20:27:09