Achei este código na net e traduzi alguns pontos para a galera que não está acostumada com o inglês.
Este script executará diferentes técnicas para descobrir muitas informações importantes do seu alvo.
Autor do script:
Lee Baird
#!/bin/bash
clear
echo
echo Reconnaissanse
echo
echo
echo By Lee Baird
echo March 26, 2009
echo "v 0.11"
echo
echo "Este script irá executar diferentes técnicas para descobrir muitas informações importantes do seu alvo."
echo
echo Usar: dominio.com.br ou dominio.com
echo Entre com o dominio.
echo
read dominio
echo
echo "###################################################"
echo
echo "whois" $dominio
whois $dominio
echo "###################################################"
echo
echo "dig" $dominio "any"
dig $dominio any
echo "###################################################"
echo
echo "host -l" $dominio
echo
host -l $dominio
echo
echo "###################################################"
echo
echo "tcptraceroute -i eth0" $dominio
echo
tcptraceroute -i eth0 $dominio
echo
echo "###################################################"
echo
echo "cd /pentest/enumeration/dnsenum"
echo "perl dnsenum.pl --enum -f dns.txt --update a -r" $dominio
echo
cd /pentest/enumeration/dnsenum
perl dnsenum.pl --enum -f dns.txt --update a -r $dominio
echo
echo "###################################################"
echo
echo dnstracer $dominio
echo
dnstracer $dominio
echo
echo "###################################################"
echo
echo "cd /pentest/enumeration/fierce"
echo "perl fierce.pl -dns" $dominio
echo
cd /pentest/enumeration/fierce
perl fierce.pl -dns $dominio
echo
echo "###################################################"
echo
echo "cd /pentest/enumeration/lbd"
echo "./lbd.sh" $dominio
cd /pentest/enumeration/lbd
./lbd.sh $dominio
echo "###################################################"
echo
echo "cd /pentest/enumeration/list-urls"
echo "./list-urls.py http://www."$dominio
cd /pentest/enumeration/list-urls
./list-urls.py http://www.$dominio
echo
echo "###################################################"
echo
echo "nmap -PN -n -F -T4 -sV -A -oG temp.txt" $dominio
cd /root
nmap -PN -n -F -T4 -sV -A -oG temp.txt $dominio
echo
echo "###################################################"
echo
echo "amap -i temp.txt"
amap -i temp.txt
echo
echo "###################################################"
echo
echo "cd /pentest/enumeration/www/httprint/linux"
echo "./httprint -h www."$dominio "-s signatures.txt -P0"
echo
cd /pentest/enumeration/www/httprint/linux
./httprint -h www.$dominio -s signatures.txt -P0
echo
echo "###################################################"
Salve este script com o nome que quiser (optei por recon.sh) e dê permissão de execução:
# chmod +x recon.sh
Executando o script:
# ./recon.sh
Agora só esperar e analisar os resultados.
Se ocorrer algum erro, poste aqui, assim poderei corrigir o script.
IMPORTANTE: Esta dica deverá ser usada com a distribuição
Linux BackTrack 4, não funcionará em outras distros devido aos comandos específicos no script.
Abraços.
Paros Proxy - Web Application Security
Versão para impressora
Indicar para um amigo
Enviar dica