Dnswalk is a DNS debugger. It performs zone transfers of specified
domains, and checks the database in numerous ways for internal
consistency, as well as accuracy.

dnswalk is not for the faint of heart. It should NOT be
used without a firm knowledge of the DNS RFC’s. If you use this
tool for cracking or otherwise evil purposes, the author hereby
considers you a slime-ball. See the end of this README file for
a list of good reading material.

dnswalk [-fradm] domain [> logfile]

dnswalk tends to produce lots of output, so I’d suggest
redirecting this into a file of your choice. I debated using doc’s
strategy of automatically putting it in a logfile, but decided not
to. (The author reserves the right to change his mind) For small,
mostly-correct domains it is pretty manageable, however. For larger
domains, use the included ‘do-dnswalk’ script as a guide.

Options:
-f Force a zone transfer from an authoritative nameserver.
dnswalk normally will look in its saved ‘axfr’ file
for each domain and use that. (if it exists)
-r Recursively descend sub-domains of the specified
domain. Use with caution and care.
-a Turn on warning of duplicate A records. (see below)
-d Some debugging. (Use only if redirecting stdout)
-m Perform checks only if the zone has been modified since
the previous run.
-F perform “fascist” checking. When checking an A record,
compare the PTR name for each IP address with the forward
name and report mismatches. (see below) I recommend
you try this option at least once to see what sorts of
errors pop up - you might be surprised!.
-l Perform “lame delegation” checking. For every NS record,
check to see that the listed host is indeed returning
authoritative answers for this domain. Inspiration for
this comes from the great guys at U-M.

The domain name specified on the command line MUST end with a ‘.’.
You can specify a forward domain, such as “dnswalk pop.psu.edu.”
or a reverse domain, such as “dnswalk 155.118.128.in-addr.arpa.”

(Source: http://www.cpan.org/scripts/netstuff/dnswalk)

Thats all!!

pavs

Backtrack 2 Hacking Hacking Tools Linux News Software Review

It is a tool that allows you to make a consultation by means of IP ranks to obtain DNS names of this IPs in addition with simplicity and speed.

(Source: http://backtrack.offensive-security.com/index.php?title=Tools#DNS-Ptr)

We used this command: dns-ptr 69.41.185.195 20

That all!

pavs

Backtrack 2 Hacking Hacking Tools News Software Review

DMitry (Deepmagic Information Gathering Tool) is a UNIX/(GNU)Linux Command Line Application coded in C. DMitry has the ability to gather as much information as possible about a host. Base functionality is able to gather possible subdomains, email addresses, uptime information, tcp port scan, whois lookups, and more.

The following is a list of the current features:

An Open Source Project.
Perform an Internet Number whois lookup.
Retrieve possible uptime data, system and server data.
Perform a SubDomain search on a target host.
Perform an E-Mail address search on a target host.
Perform a TCP Portscan on the host target.
A Modular program allowing user specified modules

(Source: http://www.mor-pah.net/index.php?file=projects/dmitry)

We used this command: dmitry -winsepffb -o host.txt google.com

The output won’t contain in a single screenshot so we will do a partial screenshot and you can look at the output in a text file.

For some reason the last part of the scan didn’t get saved in the txt file but you can see it on the screenshot.

You can see the whole output: http://www.linuxhaxor.net/host.html

That’s all!!

pavs

Backtrack 2 Hacking Hacking Tools News Software Review

ASS, the autonomous system scanner, is designed to find the AS of the router.
It supports the following protocols: IRDP, IGRP, EIGRP, RIPv1, RIPv2, CDP, HSRP
and OSPF.
In passive mode (./ass -i eth0), it just listens to routing protocol packets
(like broadcast and multicast hellos).
In active mode (./ass -i eth0 -A), it tries to discover routers by asking for
information. This is done to the appropriate address for each protocol (either
broadcast or multicast addresses). If you specify a destination address, this
will be used but may be not as effective as the defaults.
EIGRP scanning is done differently: While scanning, ASS listens for HELLO
packets and then scans the AS directly on the router who advertised himself.
You can force EIGRP scanning into the same AS-Scan behavior as IGRP uses by
giving a destination or into multicast scanning by the option -M.
For Active mode, you can select the protocols you want to scan for. If you
don’t select them, all are scanned. You select protcols by giving the option -P
and any combination of the following chars: IER12, where:

* I = IGRP
* E = EIGRP
* R = IRDP
* 1 = RIPv1
* 2 = RIPv2

Usage is trival:
./ass [-v[v[v]]] -i <interface> [-p] [-c] [-A] [-M] [-P IER12]
-a <autonomous system start> -b <autonomous system stop>
[-S <spoofed source IP>] [-D <destination ip>]
[-T <packets per delay>]

Where:
-i <interface> interface
-v verbose
-A this sets the scanner into active mode
-P <protocols> see above (usage: -P EIR12)
-M EIGRP systems are scanned using the multicast
address and not by HELLO enumeration and
direct query
-a <autonomous system> autonomous system to start from
-b <autonomous system> autonomous system to stop with
-S <spoofed source IP> maybe you need this
-D <destination IP> If you don’t specify this, the appropriate
address per protocol is used
-p don’t run in promiscuous mode (bad idea)
-c terminate after scanning. This is not
recommened since answers may arrive later and
you could see some traffic that did not show
up during your scans
-T <packets per delay> packets how many packets should we wait some
miliseconds (-T 1 is the slowest scan
-T 100 begins to become unreliable)

(Source: http://www.mirrors.wiretapped.net/security/packet-construction/irpas/irpas-README.txt)

We used this command: ass -vvv -i eth0 -P EIR12 -M -a -p -D 192.168.1.1

That’s all.

pavs


Hacking News Software Review