scanner (bash)

Anon_Error · 12-08-2012, 06:17 PM

So i found the code to make a simple scanner and it works for me so I decided to share it.
Note: works on backtrack due to the programs already installed. wont work for other distro's.

Code:
#!/bin/bash

clear

echo

echo "This script will perform various reconnaissance on your target."

echo

echo Usage:  domain.com

echo Enter the domain.

echo

read domain

echo

echo "###########################################################################################"

echo

echo "whois" $domain

whois $domain

echo "###########################################################################################"

echo

echo "dig" $domain "any"

dig $domain any

echo "###########################################################################################"

echo

echo "host -l" $domain

echo

host -l $domain

echo

echo "###########################################################################################"

echo

echo "tcptraceroute -i wlan0" $domain

echo

tcptraceroute -i wlan0 $domain

echo

echo "###########################################################################################"

echo

echo "cd /pentest/enumeration/dnsenum"

echo "perl dnsenum.pl --enum -f dns.txt --update a -r" $domain

echo

cd /pentest/enumeration/dnsenum

perl dnsenum.pl --enum -f dns.txt --update a -r $domain

echo

echo "###########################################################################################"

echo

echo dnstracer $domain

echo

dnstracer $domain

echo

echo "###########################################################################################"

echo

echo "cd /pentest/enumeration/fierce"

echo "perl fierce.pl -dns" $domain

echo

cd /pentest/enumeration/fierce

perl fierce.pl -dns $domain

echo

echo "###########################################################################################"

echo

echo "cd /pentest/enumeration/lbd"

echo "./lbd.sh" $domain

cd /pentest/enumeration/lbd

./lbd.sh $domain

echo "###########################################################################################"

echo

echo "cd /pentest/enumeration/list-urls"

echo "./list-urls.py http://www."$domain

cd /pentest/enumeration/list-urls

./list-urls.py http://www.$domain

echo

echo "###########################################################################################"

echo

echo "nmap -PN -n -F -T4 -sV -A -oG temp.txt" $domain

cd /root

nmap -PN -n -F -T4 -sV -A -oG temp.txt $domain

echo

echo "###########################################################################################"

echo

echo "amap -i temp.txt"

amap -i temp.txt

echo

echo "###########################################################################################"

echo

echo "cd /pentest/enumeration/www/httprint/linux"

echo "./httprint -h www."$domain "-s signatures.txt -P0"

echo

cd /pentest/enumeration/www/httprint/linux

./httprint -h www.$domain -s signatures.txt -P0

echo

echo "###########################################################################################"

shizelkid · 12-08-2012, 08:57 PM

Could you explain a bit more? Im not sure i understand what this is for?
\

Bannedshee · 12-08-2012, 08:59 PM

Lol same XD explain what this does, exactly

Anon_Error · 12-09-2012, 01:03 PM

Basically will do recon on a target and output it all in the CMI of a backtrack box or if you mod it alittle it can work on any distro as long as the tools are there....i was hyped up when i originally posted this so yeah xD and here's the output. This is the actual out put i got and it picked up teamspeak.....

Code:
This script will perform various reconnaissance on your target.

Usage: domain.com

Enter the domain.

google.com

###########################################################################################

whois google.com

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered

with many different competing registrars. Go to http://www.internic.net

for detailed information.

   Server Name: GOOGLE.COM.ZZZZZZZZZZZZZZZZZZZZZZZZZZZ.LOVE.AND.TOLERANCE.THE-WONDERBOLTS.COM

   IP Address: 50.62.130.9

   Registrar: GODADDY.COM, LLC

   Whois Server: whois.godaddy.com

   Referral URL: http://registrar.godaddy.com

   Server Name: GOOGLE.COM.ZZZZZZZZZZZZZZZZZZZZZZZZZZ.HAVENDATA.COM

   IP Address: 50.23.75.44

   Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM

   Whois Server: whois.PublicDomainRegistry.com

   Referral URL: http://www.PublicDomainRegistry.com

   Server Name: GOOGLE.COM.ZZZZZZZZZZZZZ.GET.ONE.MILLION.DOLLARS.AT.WWW.UNIMUNDI.COM

   IP Address: 209.126.190.70

   Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM

   Whois Server: whois.PublicDomainRegistry.com

   Referral URL: http://www.PublicDomainRegistry.com

   Server Name: GOOGLE.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM

   IP Address: 69.41.185.195

   Registrar: TUCOWS.COM CO.

   Whois Server: whois.tucows.com

   Referral URL: http://domainhelp.opensrs.net

   Server Name: GOOGLE.COM.ZOMBIED.AND.HACKED.BY.WWW.WEB-HACK.COM

   IP Address: 217.107.217.167

   Registrar: DOMAINCONTEXT, INC.

   Whois Server: whois.domaincontext.com

   Referral URL: http://www.domaincontext.com

   Server Name: GOOGLE.COM.ZNAET.PRODOMEN.COM

   IP Address: 62.149.23.126

   Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM

   Whois Server: whois.PublicDomainRegistry.com

   Referral URL: http://www.PublicDomainRegistry.com

   Server Name: GOOGLE.COM.Z.LOVE.AND.TOLERANCE.THE-WONDERBOLTS.COM

   IP Address: 50.62.130.9

   Registrar: GODADDY.COM, LLC

   Whois Server: whois.godaddy.com

   Referral URL: http://registrar.godaddy.com

   Server Name: GOOGLE.COM.YUCEKIRBAC.COM

   IP Address: 88.246.115.134

   Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM

   Whois Server: whois.PublicDomainRegistry.com

   Referral URL: http://www.PublicDomainRegistry.com

   Server Name: GOOGLE.COM.YUCEHOCA.COM

   IP Address: 88.246.115.134

   Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM

   Whois Server: whois.PublicDomainRegistry.com

   Referral URL: http://www.PublicDomainRegistry.com

   Server Name: GOOGLE.COM.WORDT.DOOR.VEEL.WHTERS.GEBRUIKT.SERVERTJE.NET

   IP Address: 62.41.27.144

   Registrar: KEY-SYSTEMS GMBH

   Whois Server: whois.rrpproxy.net

   Referral URL: http://www.key-systems.net

   Server Name: GOOGLE.COM.VN

   Registrar: ONLINENIC, INC.

   Whois Server: whois.onlinenic.com

   Referral URL: http://www.OnlineNIC.com

   Server Name: GOOGLE.COM.VABDAYOFF.COM

   IP Address: 8.8.8.8

   Registrar: DOMAIN.COM, LLC

   Whois Server: whois.domain.com

   Referral URL: http://www.domain.com

   Server Name: GOOGLE.COM.UY

   Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM

   Whois Server: whois.PublicDomainRegistry.com

   Referral URL: http://www.PublicDomainRegistry.com

   Server Name: GOOGLE.COM.UA

   Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM

   Whois Server: whois.PublicDomainRegistry.com

   Referral URL: http://www.PublicDomainRegistry.com

   Server Name: GOOGLE.COM.TW

   Registrar: WEB COMMERCE COMMUNICATIONS LIMITED DBA WEBNIC.CC

   Whois Server: whois.webnic.cc

   Referral URL: http://www.webnic.cc

   Server Name: GOOGLE.COM.TR

   Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM

   Whois Server: whois.PublicDomainRegistry.com

   Referral URL: http://www.PublicDomainRegistry.com

   Server Name: GOOGLE.COM.SUCKS.FIND.CRACKZ.WITH.SEARCH.GULLI.COM

   IP Address: 80.190.192.24

   Registrar: EPAG DOMAINSERVICES GMBH

   Whois Server: whois.enterprice.net

   Referral URL: http://www.enterprice.net

   Server Name: GOOGLE.COM.SPROSIUYANDEKSA.RU

   Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE

   Whois Server: whois.melbourneit.com

   Referral URL: http://www.melbourneit.com

   Server Name: GOOGLE.COM.SPAMMING.IS.UNETHICAL.PLEASE.STOP.THEM.HUAXUEERBAN.COM

   IP Address: 211.64.175.67

   IP Address: 211.64.175.66

   Registrar: GODADDY.COM, LLC

   Whois Server: whois.godaddy.com

   Referral URL: http://registrar.godaddy.com

   Server Name: GOOGLE.COM.SOUTHBEACHNEEDLEARTISTRY.COM

   IP Address: 74.125.229.52

   Registrar: GODADDY.COM, LLC

   Whois Server: whois.godaddy.com

   Referral URL: http://registrar.godaddy.com

   Server Name: GOOGLE.COM.SHQIPERIA.COM

   IP Address: 70.84.145.107

   Registrar: ENOM, INC.

   Whois Server: whois.enom.com

   Referral URL: http://www.enom.com

   Server Name: GOOGLE.COM.SA

   Registrar: OMNIS NETWORK, LLC

   Whois Server: whois.omnis.com

   Referral URL: http://domains.omnis.com

   Server Name: GOOGLE.COM.PEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEENIS.COM

   IP Address: 8.8.8.8

   Registrar: DOMAIN.COM, LLC

   Whois Server: whois.domain.com

   Referral URL: http://www.domain.com

   Server Name: GOOGLE.COM.PE

   Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM

   Whois Server: whois.PublicDomainRegistry.com

   Referral URL: http://www.PublicDomainRegistry.com

   Server Name: GOOGLE.COM.MY

   Registrar: WILD WEST DOMAINS, LLC

   Whois Server: whois.wildwestdomains.com

   Referral URL: http://www.wildwestdomains.com

   Server Name: GOOGLE.COM.MX

   Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM

   Whois Server: whois.PublicDomainRegistry.com

   Referral URL: http://www.PublicDomainRegistry.com

   Server Name: GOOGLE.COM.LOLOLOLOLOL.SHTHEAD.COM

   IP Address: 123.123.123.123

   Registrar: AUST DOMAINS INTERNATIONAL PTY LTD DBA AUST DOMAINS, INC.

   Whois Server: whois.syra.com.au

   Referral URL: http://www.austdomains.com.au

   Server Name: GOOGLE.COM.LASERPIPE.COM

   IP Address: 209.85.227.106

   Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM

   Whois Server: whois.PublicDomainRegistry.com

   Referral URL: http://www.PublicDomainRegistry.com

   Server Name: GOOGLE.COM.IS.NOT.HOSTED.BY.ACTIVEDOMAINDNS.NET

   IP Address: 217.148.161.5

   Registrar: ENOM, INC.

   Whois Server: whois.enom.com

   Referral URL: http://www.enom.com

   Server Name: GOOGLE.COM.IS.HOSTED.ON.PROFITHOSTING.NET

   IP Address: 66.49.213.213

   Registrar: NAME.COM LLC

   Whois Server: whois.name.com

   Referral URL: http://www.name.com

   Server Name: GOOGLE.COM.IS.APPROVED.BY.NUMEA.COM

   IP Address: 213.228.0.43

   Registrar: GANDI SAS

   Whois Server: whois.gandi.net

   Referral URL: http://www.gandi.net

   Server Name: GOOGLE.COM.HK

   Registrar: CLOUD GROUP LIMITED

   Whois Server: whois.hostingservicesinc.net

   Referral URL: http://www.resell.biz

   Server Name: GOOGLE.COM.HICHINA.COM

   IP Address: 218.103.1.1

   Registrar: HICHINA ZHICHENG TECHNOLOGY LTD.

   Whois Server: grs-whois.hichina.com

   Referral URL: http://www.net.cn

   Server Name: GOOGLE.COM.HAS.LESS.FREE.PORN.IN.ITS.SEARCH.ENGINE.THAN.SECZY.COM

   IP Address: 209.187.114.130

   Registrar: TUCOWS.COM CO.

   Whois Server: whois.tucows.com

   Referral URL: http://domainhelp.opensrs.net

   Server Name: GOOGLE.COM.DO

   Registrar: GODADDY.COM, LLC

   Whois Server: whois.godaddy.com

   Referral URL: http://registrar.godaddy.com

   Server Name: GOOGLE.COM.CO

   Registrar: NAMESECURE.COM

   Whois Server: whois.namesecure.com

   Referral URL: http://www.namesecure.com

   Server Name: GOOGLE.COM.CN

   Registrar: XIN NET TECHNOLOGY CORPORATION

   Whois Server: whois.paycenter.com.cn

   Referral URL: http://www.xinnet.com

   Server Name: GOOGLE.COM.BR

   Registrar: ENOM, INC.

   Whois Server: whois.enom.com

   Referral URL: http://www.enom.com

   Server Name: GOOGLE.COM.BITERMANSOLUTIONS.COM

   IP Address: 8.8.8.8

   Registrar: GODADDY.COM, LLC

   Whois Server: whois.godaddy.com

   Referral URL: http://registrar.godaddy.com

   Server Name: GOOGLE.COM.BEYONDWHOIS.COM

   IP Address: 203.36.226.2

   Registrar: INSTRA CORPORATION PTY, LTD.

   Whois Server: whois.instra.net

   Referral URL: http://www.instra.com

   Server Name: GOOGLE.COM.AU

   Registrar: PLANETDOMAIN PTY LTD.

   Whois Server: whois.planetdomain.com

   Referral URL: http://www.planetdomain.com

   Server Name: GOOGLE.COM.AR

   Registrar: ENOM, INC.

   Whois Server: whois.enom.com

   Referral URL: http://www.enom.com

   Server Name: GOOGLE.COM.ALL.THE.PEOPLE.WHO.SPAM.THE.WHOIS.ARE.SERIOUSLY.ANNOYING.SOMEPONY.COM

   IP Address: 50.62.130.9

   Registrar: GODADDY.COM, LLC

   Whois Server: whois.godaddy.com

   Referral URL: http://registrar.godaddy.com

   Server Name: GOOGLE.COM.AFRICANBATS.ORG

   Registrar: TUCOWS.COM CO.

   Whois Server: whois.tucows.com

   Referral URL: http://domainhelp.opensrs.net

   Server Name: GOOGLE.COM.9.THE-WONDERBOLTS.COM

   IP Address: 50.62.130.9

   Registrar: GODADDY.COM, LLC

   Whois Server: whois.godaddy.com

   Referral URL: http://registrar.godaddy.com

   Server Name: GOOGLE.COM.1.THE-WONDERBOLTS.COM

   IP Address: 50.62.130.9

   Registrar: GODADDY.COM, LLC

   Whois Server: whois.godaddy.com

   Referral URL: http://registrar.godaddy.com

   Domain Name: GOOGLE.COM

   Registrar: MARKMONITOR INC.

   Whois Server: whois.markmonitor.com

   Referral URL: http://www.markmonitor.com

   Name Server: NS1.GOOGLE.COM

   Name Server: NS2.GOOGLE.COM

   Name Server: NS3.GOOGLE.COM

   Name Server: NS4.GOOGLE.COM

   Status: clientDeleteProhibited

   Status: clientTransferProhibited

   Status: clientUpdateProhibited

   Status: serverDeleteProhibited

   Status: serverTransferProhibited

   Status: serverUpdateProhibited

   Updated Date: 20-jul-2011

   Creation Date: 15-sep-1997

   Expiration Date: 14-sep-2020

>>> Last update of whois database: Sun, 09 Dec 2012 11:50:00 UTC <<<

NOTICE: The expiration date displayed in this record is the date the 

registrar's sponsorship of the domain name registration in the registry is 

currently set to expire. This date does not necessarily reflect the expiration 

date of the domain name registrant's agreement with the sponsoring 

registrar.  Users may consult the sponsoring registrar's Whois database to 

view the registrar's reported date of expiration for this registration.

TERMS OF USE: You are not authorized to access or query our Whois 

database through the use of electronic processes that are high-volume and 

automated except as reasonably necessary to register domain names or 

modify existing registrations; the Data in VeriSign Global Registry 

Services' ("VeriSign") Whois database is provided by VeriSign for 

information purposes only, and to assist persons in obtaining information 

about or related to a domain name registration record. VeriSign does not 

guarantee its accuracy. By submitting a Whois query, you agree to abide 

by the following terms of use: You agree that you may use this Data only 

for lawful purposes and that under no circumstances will you use this Data 

to: (1) allow, enable, or otherwise support the transmission of mass 

unsolicited, commercial advertising or solicitations via e-mail, telephone, 

or facsimile; or (2) enable high volume, automated, electronic processes 

that apply to VeriSign (or its computer systems). The compilation, 

repackaging, dissemination or other use of this Data is expressly 

prohibited without the prior written consent of VeriSign. You agree not to 

use electronic processes that are automated and high-volume to access or 

query the Whois database except as reasonably necessary to register 

domain names or modify existing registrations. VeriSign reserves the right 

to restrict your access to the Whois database in its sole discretion to ensure 

operational stability.  VeriSign may restrict or terminate your access to the 

Whois database for failure to abide by these terms of use. VeriSign 

reserves the right to modify these terms at any time. 

The Registry database contains ONLY .COM, .NET, .EDU domains and

Registrars.

MarkMonitor is the Global Leader in Online Brand Protection.

Domain Management

MarkMonitor Brand Protection™

MarkMonitor AntiPiracy™

MarkMonitor AntiFraud™

Professional and Managed Services

Visit MarkMonitor at www.markmonitor.com

Contact us at 1 (800) 745-9229

In Europe, at +44 (0) 203 206 2220

The Data in MarkMonitor.com's WHOIS database is provided by MarkMonitor.com

for information purposes, and to assist persons in obtaining information

about or related to a domain name registration record.  MarkMonitor.com

does not guarantee its accuracy.  By submitting a WHOIS query, you agree

that you will use this Data only for lawful purposes and that, under no

circumstances will you use this Data to: (1) allow, enable, or otherwise

support the transmission of mass unsolicited, commercial advertising or

solicitations via e-mail (spam); or  (2) enable high volume, automated,

electronic processes that apply to MarkMonitor.com (or its systems).

MarkMonitor.com reserves the right to modify these terms at any time.

By submitting this query, you agree to abide by this policy.

Registrant:

        Dns Admin

        Google Inc.

        Please contact contact-admin@google.com 1600 Amphitheatre Parkway

         Mountain View CA 94043

        US

        dns-admin@google.com +1.6502530000 Fax: +1.6506188571

    Domain Name: google.com

        Registrar Name: Markmonitor.com

        Registrar Whois: whois.markmonitor.com

        Registrar Homepage: http://www.markmonitor.com

    Administrative Contact:

        DNS Admin

        Google Inc.

        1600 Amphitheatre Parkway

         Mountain View CA 94043

        US

        dns-admin@google.com +1.6506234000 Fax: +1.6506188571

    Technical Contact, Zone Contact:

        DNS Admin

        Google Inc.

        2400 E. Bayshore Pkwy

         Mountain View CA 94043

        US

        dns-admin@google.com +1.6503300100 Fax: +1.6506181499

    Created on..............: 1997-09-15.

    Expires on..............: 2020-09-13.

    Record last updated on..: 2012-01-29.

    Domain servers in listed order:

    ns4.google.com

    ns1.google.com

    ns2.google.com

    ns3.google.com

MarkMonitor is the Global Leader in Online Brand Protection.

Domain Management

MarkMonitor Brand Protection™

MarkMonitor AntiPiracy™

MarkMonitor AntiFraud™

Professional and Managed Services

Visit MarkMonitor at www.markmonitor.com

Contact us at 1 (800) 745-9229

In Europe, at +44 (0) 203 206 2220

--

###########################################################################################

dig google.com any

; <<>> DiG 9.7.0-P1 <<>> google.com any

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22689

;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 4

;; QUESTION SECTION:

;google.com.                    IN      ANY

;; ANSWER SECTION:

google.com.             60      IN      A       74.125.137.113

google.com.             60      IN      A       74.125.137.139

google.com.             60      IN      A       74.125.137.102

google.com.             60      IN      A       74.125.137.100

google.com.             60      IN      A       74.125.137.138

google.com.             60      IN      A       74.125.137.101

google.com.             134466  IN      NS      ns2.google.com.

google.com.             134466  IN      NS      ns1.google.com.

google.com.             134466  IN      NS      ns4.google.com.

google.com.             134466  IN      NS      ns3.google.com.

google.com.             85      IN      AAAA    2607:f8b0:4002:c01::8b

;; ADDITIONAL SECTION:

ns1.google.com.         134232  IN      A       216.239.32.10

ns4.google.com.         134232  IN      A       216.239.38.10

ns3.google.com.         134232  IN      A       216.239.36.10

ns2.google.com.         134232  IN      A       216.239.34.10

;; Query time: 15 msec

;; SERVER: 75.75.76.76#53(75.75.76.76)

;; WHEN: Sun Dec  9 05:50:33 2012

;; MSG SIZE  rcvd: 288

###########################################################################################

host -l google.com

; Transfer failed.

Host google.com.hsd1.tx.comcast.net not found: 4(NOTIMP)

; Transfer failed.

###########################################################################################

tcptraceroute -i wlan0 google.com

Selected device wlan0, address 192.168.1.144, port 49163 for outgoing packets

Tracing the path to google.com (173.194.37.32) on TCP port 80 (www), 30 hops max

 1  192.168.1.1  0.823 ms  0.658 ms  0.686 ms

 2  73.2.248.1  8.537 ms  8.320 ms  7.749 ms

 3  68.85.252.133  8.468 ms  8.078 ms  7.281 ms

 4  ae-7-0-ar01.royalton.tx.houston.comcast.net (68.85.247.189)  11.405 ms  11.014 ms  11.850 ms

 5  ae-1-0-ar01.bearcreek.tx.houston.comcast.net (68.85.245.153)  12.999 ms  12.427 ms  11.957 ms

 6  pos-3-8-0-0-cr01.dallas.tx.ibone.comcast.net (68.86.94.121)  24.255 ms  20.325 ms  20.234 ms

 7  pos-0-0-0-0-pe01.1950stemmons.tx.ibone.comcast.net (68.86.86.90)  18.590 ms  21.129 ms  19.718 ms

 8  75.149.231.70  16.573 ms  17.754 ms  17.740 ms

 9  72.14.233.85  18.020 ms  17.998 ms  17.795 ms

10  72.14.237.221  18.207 ms  18.150 ms  18.360 ms

11  209.85.240.83  38.866 ms  33.081 ms  33.826 ms

12  66.249.94.23  33.758 ms  33.105 ms  31.880 ms

13  64.233.175.92  33.128 ms  34.119 ms  34.317 ms

14  atl14s07-in-f0.1e100.net (173.194.37.32) [open]  33.197 ms  34.017 ms  33.701 ms

###########################################################################################

cd /pentest/enumeration/dnsenum

perl dnsenum.pl --enum -f dns.txt --update a -r google.com

scanner: line 37: cd: /pentest/enumeration/dnsenum: No such file or directory

Can't open perl script "dnsenum.pl": No such file or directory

###########################################################################################

dnstracer google.com

Tracing to google.com[a] via 75.75.76.76, maximum of 3 retries

75.75.76.76 (75.75.76.76) Got answer 

###########################################################################################

cd /pentest/enumeration/fierce

perl fierce.pl -dns google.com

scanner: line 51: cd: /pentest/enumeration/fierce: No such file or directory

Can't open perl script "fierce.pl": No such file or directory

###########################################################################################

cd /pentest/enumeration/lbd

./lbd.sh google.com

scanner: line 58: cd: /pentest/enumeration/lbd: No such file or directory

scanner: line 59: ./lbd.sh: No such file or directory

###########################################################################################

cd /pentest/enumeration/list-urls

./list-urls.py http://www.google.com

##########################################################

#                                                       #

#            Extract URLS from a web page               #

#               muts@whitehat.co.il                     #

#                                                       #

##########################################################

http://www.google.com/imghp?hl=en&tab=wi

http://maps.google.com/maps?hl=en&tab=wl

https://play.google.com/?hl=en&tab=w8

http://www.youtube.com/?tab=w1

http://news.google.com/nwshp?hl=en&tab=wn

https://mail.google.com/mail/?tab=wm

https://drive.google.com/?tab=wo

http://www.google.com/intl/en/options/

http://www.google.com/history/optout?hl=en

/preferences?hl=en

https://accounts.google.com/ServiceLogin?hl=en&continue=http://www.google.com/

/advanced_search?hl=en&authuser=0

/language_tools?hl=en&authuser=0

/intl/en/ads/

/services/

https://plus.google.com/116899029375914044550

/intl/en/about.html

/intl/en/policies/

###########################################################################################

nmap -PN -n -F -T4 -sV -A -oG temp.txt google.com

Starting Nmap 6.01 ( http://nmap.org ) at 2012-12-09 05:50 CST

Nmap scan report for google.com (173.194.37.38)

Host is up (0.035s latency).

Other addresses for google.com (not scanned): 173.194.37.36 173.194.37.46 173.194.37.41 173.194.37.40 173.194.37.32 173.194.37.34 173.194.37.39 173.194.37.33 173.194.37.37 173.194.37.35

Not shown: 98 filtered ports

PORT    STATE SERVICE  VERSION

80/tcp  open  http     Google httpd 2.0 (GFE)

|_http-methods: No Allow or Public header in OPTIONS response (status code 405)

| http-robots.txt: 247 disallowed entries (15 shown)

| /search /sdch /groups /images /catalogs /catalogues 

| /news /nwshp /setnewsprefs? /index.html? /? /?hl=*& 

|_/addurl/image? /pagead/ /relpage/

|_http-title: Google

443/tcp open  ssl/http Google httpd 2.0 (GFE)

| ssl-cert: Subject: commonName=*.google.com/organizationName=Google Inc/stateOrProvinceName=California/countryName=US

| Not valid before: 2012-11-21 10:09:04

|_Not valid after:  2013-06-07 19:43:27

|_http-methods: No Allow or Public header in OPTIONS response (status code 405)

| http-robots.txt: 247 disallowed entries (15 shown)

| /search /sdch /groups /images /catalogs /catalogues 

| /news /nwshp /setnewsprefs? /index.html? /? /?hl=*& 

|_/addurl/image? /pagead/ /relpage/

|_http-title: Google

Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port

Device type: general purpose|WAP|remote management|printer

Running (JUST GUESSING): IBM OS/2 4.X (87%), Aerohive embedded (85%), Avocent embedded (85%), HP embedded (85%)

OS CPE: cpe:/o:ibm:os2:4 cpe:/h:hp:laserjet_p2015

Aggressive OS guesses: IBM OS/2 Warp 2.0 (87%), Aerohive HiveAP 320 WAP (HiveOS 3.4) (85%), Avocent ACS 5000 console server (Linux 2.6.11) (85%), HP LaserJet P2015 printer (85%)

No exact OS matches for host (test conditions non-ideal).

Network Distance: 14 hops

Service Info: OS: Linux; CPE: cpe:/o:linux:kernel

TRACEROUTE (using port 443/tcp)

HOP RTT      ADDRESS

1   4.11 ms  192.168.1.1

2   15.57 ms 73.2.248.1

3   15.83 ms 68.85.252.141

4   28.37 ms 68.85.247.189

5   56.71 ms 68.85.245.153

6   27.89 ms 68.86.94.121

7   29.79 ms 68.86.87.218

8   22.36 ms 75.149.231.70

9   25.81 ms 72.14.233.85

10  17.80 ms 72.14.237.217

11  35.35 ms 209.85.240.81

12  33.99 ms 66.249.94.7

13  45.45 ms 64.233.175.92

14  39.99 ms 173.194.37.38

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 27.77 seconds

###########################################################################################

amap -i temp.txt

amap v5.4 (www.thc.org/thc-amap) started at 2012-12-09 05:51:13 - APPLICATION MAPPING mode

Protocol on 173.194.37.38:443/tcp matches ssl

Protocol on 173.194.37.38:80/tcp matches http

Protocol on 173.194.37.38:80/tcp matches teamspeak2

Unidentified ports: 173.194.37.38:443/tcp (total 1).

amap v5.4 finished at 2012-12-09 05:51:30

###########################################################################################

cd /pentest/enumeration/web/httprint/linux

./httprint -h www.google.com -s signatures.txt -P0

httprint v0.301 (beta) - web server fingerprinting tool

(c) 2003-2005 net-square solutions pvt. ltd. - see readme.txt

http://net-square.com/httprint/

httprint@net-square.com

Finger Printing on http://www.google.com:80/

Finger Printing Completed on http://www.google.com:80/

--------------------------------------------------

Host: www.google.com

Fingerprinting Error: Host/URL not found...

--------------------------------------------------

###########################################################################################

Bannedshee · 12-09-2012, 05:18 PM

(12-09-2012, 01:03 PM)Anon_Error Wrote: Basically will do recon on a target and output it all in the CMI of a backtrack box or if you mod it alittle it can work on any distro as long as the tools are there....i was hyped up when i originally posted this so yeah xD and here's the output. This is the actual out put i got and it picked up teamspeak.....

Code:
This script will perform various reconnaissance on your target. Usage: domain.com Enter the domain. google.com ########################################################################################### whois google.com Whois Server Version 2.0 Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. Server Name: GOOGLE.COM.ZZZZZZZZZZZZZZZZZZZZZZZZZZZ.LOVE.AND.TOLERANCE.THE-WONDERBOLTS.COM IP Address: 50.62.130.9 Registrar: GODADDY.COM, LLC Whois Server: whois.godaddy.com Referral URL: http://registrar.godaddy.com Server Name: GOOGLE.COM.ZZZZZZZZZZZZZZZZZZZZZZZZZZ.HAVENDATA.COM IP Address: 50.23.75.44 Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM Whois Server: whois.PublicDomainRegistry.com Referral URL: http://www.PublicDomainRegistry.com Server Name: GOOGLE.COM.ZZZZZZZZZZZZZ.GET.ONE.MILLION.DOLLARS.AT.WWW.UNIMUNDI.COM IP Address: 209.126.190.70 Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM Whois Server: whois.PublicDomainRegistry.com Referral URL: http://www.PublicDomainRegistry.com Server Name: GOOGLE.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM IP Address: 69.41.185.195 Registrar: TUCOWS.COM CO. Whois Server: whois.tucows.com Referral URL: http://domainhelp.opensrs.net Server Name: GOOGLE.COM.ZOMBIED.AND.HACKED.BY.WWW.WEB-HACK.COM IP Address: 217.107.217.167 Registrar: DOMAINCONTEXT, INC. Whois Server: whois.domaincontext.com Referral URL: http://www.domaincontext.com Server Name: GOOGLE.COM.ZNAET.PRODOMEN.COM IP Address: 62.149.23.126 Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM Whois Server: whois.PublicDomainRegistry.com Referral URL: http://www.PublicDomainRegistry.com Server Name: GOOGLE.COM.Z.LOVE.AND.TOLERANCE.THE-WONDERBOLTS.COM IP Address: 50.62.130.9 Registrar: GODADDY.COM, LLC Whois Server: whois.godaddy.com Referral URL: http://registrar.godaddy.com Server Name: GOOGLE.COM.YUCEKIRBAC.COM IP Address: 88.246.115.134 Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM Whois Server: whois.PublicDomainRegistry.com Referral URL: http://www.PublicDomainRegistry.com Server Name: GOOGLE.COM.YUCEHOCA.COM IP Address: 88.246.115.134 Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM Whois Server: whois.PublicDomainRegistry.com Referral URL: http://www.PublicDomainRegistry.com Server Name: GOOGLE.COM.WORDT.DOOR.VEEL.WHTERS.GEBRUIKT.SERVERTJE.NET IP Address: 62.41.27.144 Registrar: KEY-SYSTEMS GMBH Whois Server: whois.rrpproxy.net Referral URL: http://www.key-systems.net Server Name: GOOGLE.COM.VN Registrar: ONLINENIC, INC. Whois Server: whois.onlinenic.com Referral URL: http://www.OnlineNIC.com Server Name: GOOGLE.COM.VABDAYOFF.COM IP Address: 8.8.8.8 Registrar: DOMAIN.COM, LLC Whois Server: whois.domain.com Referral URL: http://www.domain.com Server Name: GOOGLE.COM.UY Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM Whois Server: whois.PublicDomainRegistry.com Referral URL: http://www.PublicDomainRegistry.com Server Name: GOOGLE.COM.UA Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM Whois Server: whois.PublicDomainRegistry.com Referral URL: http://www.PublicDomainRegistry.com Server Name: GOOGLE.COM.TW Registrar: WEB COMMERCE COMMUNICATIONS LIMITED DBA WEBNIC.CC Whois Server: whois.webnic.cc Referral URL: http://www.webnic.cc Server Name: GOOGLE.COM.TR Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM Whois Server: whois.PublicDomainRegistry.com Referral URL: http://www.PublicDomainRegistry.com Server Name: GOOGLE.COM.SUCKS.FIND.CRACKZ.WITH.SEARCH.GULLI.COM IP Address: 80.190.192.24 Registrar: EPAG DOMAINSERVICES GMBH Whois Server: whois.enterprice.net Referral URL: http://www.enterprice.net Server Name: GOOGLE.COM.SPROSIUYANDEKSA.RU Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE Whois Server: whois.melbourneit.com Referral URL: http://www.melbourneit.com Server Name: GOOGLE.COM.SPAMMING.IS.UNETHICAL.PLEASE.STOP.THEM.HUAXUEERBAN.COM IP Address: 211.64.175.67 IP Address: 211.64.175.66 Registrar: GODADDY.COM, LLC Whois Server: whois.godaddy.com Referral URL: http://registrar.godaddy.com Server Name: GOOGLE.COM.SOUTHBEACHNEEDLEARTISTRY.COM IP Address: 74.125.229.52 Registrar: GODADDY.COM, LLC Whois Server: whois.godaddy.com Referral URL: http://registrar.godaddy.com Server Name: GOOGLE.COM.SHQIPERIA.COM IP Address: 70.84.145.107 Registrar: ENOM, INC. Whois Server: whois.enom.com Referral URL: http://www.enom.com Server Name: GOOGLE.COM.SA Registrar: OMNIS NETWORK, LLC Whois Server: whois.omnis.com Referral URL: http://domains.omnis.com Server Name: GOOGLE.COM.PEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEENIS.COM IP Address: 8.8.8.8 Registrar: DOMAIN.COM, LLC Whois Server: whois.domain.com Referral URL: http://www.domain.com Server Name: GOOGLE.COM.PE Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM Whois Server: whois.PublicDomainRegistry.com Referral URL: http://www.PublicDomainRegistry.com Server Name: GOOGLE.COM.MY Registrar: WILD WEST DOMAINS, LLC Whois Server: whois.wildwestdomains.com Referral URL: http://www.wildwestdomains.com Server Name: GOOGLE.COM.MX Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM Whois Server: whois.PublicDomainRegistry.com Referral URL: http://www.PublicDomainRegistry.com Server Name: GOOGLE.COM.LOLOLOLOLOL.SHTHEAD.COM IP Address: 123.123.123.123 Registrar: AUST DOMAINS INTERNATIONAL PTY LTD DBA AUST DOMAINS, INC. Whois Server: whois.syra.com.au Referral URL: http://www.austdomains.com.au Server Name: GOOGLE.COM.LASERPIPE.COM IP Address: 209.85.227.106 Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM Whois Server: whois.PublicDomainRegistry.com Referral URL: http://www.PublicDomainRegistry.com Server Name: GOOGLE.COM.IS.NOT.HOSTED.BY.ACTIVEDOMAINDNS.NET IP Address: 217.148.161.5 Registrar: ENOM, INC. Whois Server: whois.enom.com Referral URL: http://www.enom.com Server Name: GOOGLE.COM.IS.HOSTED.ON.PROFITHOSTING.NET IP Address: 66.49.213.213 Registrar: NAME.COM LLC Whois Server: whois.name.com Referral URL: http://www.name.com Server Name: GOOGLE.COM.IS.APPROVED.BY.NUMEA.COM IP Address: 213.228.0.43 Registrar: GANDI SAS Whois Server: whois.gandi.net Referral URL: http://www.gandi.net Server Name: GOOGLE.COM.HK Registrar: CLOUD GROUP LIMITED Whois Server: whois.hostingservicesinc.net Referral URL: http://www.resell.biz Server Name: GOOGLE.COM.HICHINA.COM IP Address: 218.103.1.1 Registrar: HICHINA ZHICHENG TECHNOLOGY LTD. Whois Server: grs-whois.hichina.com Referral URL: http://www.net.cn Server Name: GOOGLE.COM.HAS.LESS.FREE.PORN.IN.ITS.SEARCH.ENGINE.THAN.SECZY.COM IP Address: 209.187.114.130 Registrar: TUCOWS.COM CO. Whois Server: whois.tucows.com Referral URL: http://domainhelp.opensrs.net Server Name: GOOGLE.COM.DO Registrar: GODADDY.COM, LLC Whois Server: whois.godaddy.com Referral URL: http://registrar.godaddy.com Server Name: GOOGLE.COM.CO Registrar: NAMESECURE.COM Whois Server: whois.namesecure.com Referral URL: http://www.namesecure.com Server Name: GOOGLE.COM.CN Registrar: XIN NET TECHNOLOGY CORPORATION Whois Server: whois.paycenter.com.cn Referral URL: http://www.xinnet.com Server Name: GOOGLE.COM.BR Registrar: ENOM, INC. Whois Server: whois.enom.com Referral URL: http://www.enom.com Server Name: GOOGLE.COM.BITERMANSOLUTIONS.COM IP Address: 8.8.8.8 Registrar: GODADDY.COM, LLC Whois Server: whois.godaddy.com Referral URL: http://registrar.godaddy.com Server Name: GOOGLE.COM.BEYONDWHOIS.COM IP Address: 203.36.226.2 Registrar: INSTRA CORPORATION PTY, LTD. Whois Server: whois.instra.net Referral URL: http://www.instra.com Server Name: GOOGLE.COM.AU Registrar: PLANETDOMAIN PTY LTD. Whois Server: whois.planetdomain.com Referral URL: http://www.planetdomain.com Server Name: GOOGLE.COM.AR Registrar: ENOM, INC. Whois Server: whois.enom.com Referral URL: http://www.enom.com Server Name: GOOGLE.COM.ALL.THE.PEOPLE.WHO.SPAM.THE.WHOIS.ARE.SERIOUSLY.ANNOYING.SOMEPONY.COM IP Address: 50.62.130.9 Registrar: GODADDY.COM, LLC Whois Server: whois.godaddy.com Referral URL: http://registrar.godaddy.com Server Name: GOOGLE.COM.AFRICANBATS.ORG Registrar: TUCOWS.COM CO. Whois Server: whois.tucows.com Referral URL: http://domainhelp.opensrs.net Server Name: GOOGLE.COM.9.THE-WONDERBOLTS.COM IP Address: 50.62.130.9 Registrar: GODADDY.COM, LLC Whois Server: whois.godaddy.com Referral URL: http://registrar.godaddy.com Server Name: GOOGLE.COM.1.THE-WONDERBOLTS.COM IP Address: 50.62.130.9 Registrar: GODADDY.COM, LLC Whois Server: whois.godaddy.com Referral URL: http://registrar.godaddy.com Domain Name: GOOGLE.COM Registrar: MARKMONITOR INC. Whois Server: whois.markmonitor.com Referral URL: http://www.markmonitor.com Name Server: NS1.GOOGLE.COM Name Server: NS2.GOOGLE.COM Name Server: NS3.GOOGLE.COM Name Server: NS4.GOOGLE.COM Status: clientDeleteProhibited Status: clientTransferProhibited Status: clientUpdateProhibited Status: serverDeleteProhibited Status: serverTransferProhibited Status: serverUpdateProhibited Updated Date: 20-jul-2011 Creation Date: 15-sep-1997 Expiration Date: 14-sep-2020 >>> Last update of whois database: Sun, 09 Dec 2012 11:50:00 UTC <<< NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. MarkMonitor is the Global Leader in Online Brand Protection. Domain Management MarkMonitor Brand Protection™ MarkMonitor AntiPiracy™ MarkMonitor AntiFraud™ Professional and Managed Services Visit MarkMonitor at www.markmonitor.com Contact us at 1 (800) 745-9229 In Europe, at +44 (0) 203 206 2220 The Data in MarkMonitor.com's WHOIS database is provided by MarkMonitor.com for information purposes, and to assist persons in obtaining information about or related to a domain name registration record. MarkMonitor.com does not guarantee its accuracy. By submitting a WHOIS query, you agree that you will use this Data only for lawful purposes and that, under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail (spam); or (2) enable high volume, automated, electronic processes that apply to MarkMonitor.com (or its systems). MarkMonitor.com reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy. Registrant: Dns Admin Google Inc. Please contact contact-admin@google.com 1600 Amphitheatre Parkway Mountain View CA 94043 US dns-admin@google.com +1.6502530000 Fax: +1.6506188571 Domain Name: google.com Registrar Name: Markmonitor.com Registrar Whois: whois.markmonitor.com Registrar Homepage: http://www.markmonitor.com Administrative Contact: DNS Admin Google Inc. 1600 Amphitheatre Parkway Mountain View CA 94043 US dns-admin@google.com +1.6506234000 Fax: +1.6506188571 Technical Contact, Zone Contact: DNS Admin Google Inc. 2400 E. Bayshore Pkwy Mountain View CA 94043 US dns-admin@google.com +1.6503300100 Fax: +1.6506181499 Created on..............: 1997-09-15. Expires on..............: 2020-09-13. Record last updated on..: 2012-01-29. Domain servers in listed order: ns4.google.com ns1.google.com ns2.google.com ns3.google.com MarkMonitor is the Global Leader in Online Brand Protection. Domain Management MarkMonitor Brand Protection™ MarkMonitor AntiPiracy™ MarkMonitor AntiFraud™ Professional and Managed Services Visit MarkMonitor at www.markmonitor.com Contact us at 1 (800) 745-9229 In Europe, at +44 (0) 203 206 2220 -- ########################################################################################### dig google.com any ; <<>> DiG 9.7.0-P1 <<>> google.com any ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22689 ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 4 ;; QUESTION SECTION: ;google.com. IN ANY ;; ANSWER SECTION: google.com. 60 IN A 74.125.137.113 google.com. 60 IN A 74.125.137.139 google.com. 60 IN A 74.125.137.102 google.com. 60 IN A 74.125.137.100 google.com. 60 IN A 74.125.137.138 google.com. 60 IN A 74.125.137.101 google.com. 134466 IN NS ns2.google.com. google.com. 134466 IN NS ns1.google.com. google.com. 134466 IN NS ns4.google.com. google.com. 134466 IN NS ns3.google.com. google.com. 85 IN AAAA 2607:f8b0:4002:c01::8b ;; ADDITIONAL SECTION: ns1.google.com. 134232 IN A 216.239.32.10 ns4.google.com. 134232 IN A 216.239.38.10 ns3.google.com. 134232 IN A 216.239.36.10 ns2.google.com. 134232 IN A 216.239.34.10 ;; Query time: 15 msec ;; SERVER: 75.75.76.76#53(75.75.76.76) ;; WHEN: Sun Dec 9 05:50:33 2012 ;; MSG SIZE rcvd: 288 ########################################################################################### host -l google.com ; Transfer failed. Host google.com.hsd1.tx.comcast.net not found: 4(NOTIMP) ; Transfer failed. ########################################################################################### tcptraceroute -i wlan0 google.com Selected device wlan0, address 192.168.1.144, port 49163 for outgoing packets Tracing the path to google.com (173.194.37.32) on TCP port 80 (www), 30 hops max 1 192.168.1.1 0.823 ms 0.658 ms 0.686 ms 2 73.2.248.1 8.537 ms 8.320 ms 7.749 ms 3 68.85.252.133 8.468 ms 8.078 ms 7.281 ms 4 ae-7-0-ar01.royalton.tx.houston.comcast.net (68.85.247.189) 11.405 ms 11.014 ms 11.850 ms 5 ae-1-0-ar01.bearcreek.tx.houston.comcast.net (68.85.245.153) 12.999 ms 12.427 ms 11.957 ms 6 pos-3-8-0-0-cr01.dallas.tx.ibone.comcast.net (68.86.94.121) 24.255 ms 20.325 ms 20.234 ms 7 pos-0-0-0-0-pe01.1950stemmons.tx.ibone.comcast.net (68.86.86.90) 18.590 ms 21.129 ms 19.718 ms 8 75.149.231.70 16.573 ms 17.754 ms 17.740 ms 9 72.14.233.85 18.020 ms 17.998 ms 17.795 ms 10 72.14.237.221 18.207 ms 18.150 ms 18.360 ms 11 209.85.240.83 38.866 ms 33.081 ms 33.826 ms 12 66.249.94.23 33.758 ms 33.105 ms 31.880 ms 13 64.233.175.92 33.128 ms 34.119 ms 34.317 ms 14 atl14s07-in-f0.1e100.net (173.194.37.32) [open] 33.197 ms 34.017 ms 33.701 ms ########################################################################################### cd /pentest/enumeration/dnsenum perl dnsenum.pl --enum -f dns.txt --update a -r google.com scanner: line 37: cd: /pentest/enumeration/dnsenum: No such file or directory Can't open perl script "dnsenum.pl": No such file or directory ########################################################################################### dnstracer google.com Tracing to google.com[a] via 75.75.76.76, maximum of 3 retries 75.75.76.76 (75.75.76.76) Got answer ########################################################################################### cd /pentest/enumeration/fierce perl fierce.pl -dns google.com scanner: line 51: cd: /pentest/enumeration/fierce: No such file or directory Can't open perl script "fierce.pl": No such file or directory ########################################################################################### cd /pentest/enumeration/lbd ./lbd.sh google.com scanner: line 58: cd: /pentest/enumeration/lbd: No such file or directory scanner: line 59: ./lbd.sh: No such file or directory ########################################################################################### cd /pentest/enumeration/list-urls ./list-urls.py http://www.google.com ########################################################## # # # Extract URLS from a web page # # muts@whitehat.co.il # # # ########################################################## http://www.google.com/imghp?hl=en&tab=wi http://maps.google.com/maps?hl=en&tab=wl https://play.google.com/?hl=en&tab=w8 http://www.youtube.com/?tab=w1 http://news.google.com/nwshp?hl=en&tab=wn https://mail.google.com/mail/?tab=wm https://drive.google.com/?tab=wo http://www.google.com/intl/en/options/ http://www.google.com/history/optout?hl=en /preferences?hl=en https://accounts.google.com/ServiceLogin?hl=en&continue=http://www.google.com/ /advanced_search?hl=en&authuser=0 /language_tools?hl=en&authuser=0 /intl/en/ads/ /services/ https://plus.google.com/116899029375914044550 /intl/en/about.html /intl/en/policies/ ########################################################################################### nmap -PN -n -F -T4 -sV -A -oG temp.txt google.com Starting Nmap 6.01 ( http://nmap.org ) at 2012-12-09 05:50 CST Nmap scan report for google.com (173.194.37.38) Host is up (0.035s latency). Other addresses for google.com (not scanned): 173.194.37.36 173.194.37.46 173.194.37.41 173.194.37.40 173.194.37.32 173.194.37.34 173.194.37.39 173.194.37.33 173.194.37.37 173.194.37.35 Not shown: 98 filtered ports PORT STATE SERVICE VERSION 80/tcp open http Google httpd 2.0 (GFE) |_http-methods: No Allow or Public header in OPTIONS response (status code 405) | http-robots.txt: 247 disallowed entries (15 shown) | /search /sdch /groups /images /catalogs /catalogues | /news /nwshp /setnewsprefs? /index.html? /? /?hl=*& |_/addurl/image? /pagead/ /relpage/ |_http-title: Google 443/tcp open ssl/http Google httpd 2.0 (GFE) | ssl-cert: Subject: commonName=*.google.com/organizationName=Google Inc/stateOrProvinceName=California/countryName=US | Not valid before: 2012-11-21 10:09:04 |_Not valid after: 2013-06-07 19:43:27 |_http-methods: No Allow or Public header in OPTIONS response (status code 405) | http-robots.txt: 247 disallowed entries (15 shown) | /search /sdch /groups /images /catalogs /catalogues | /news /nwshp /setnewsprefs? /index.html? /? /?hl=*& |_/addurl/image? /pagead/ /relpage/ |_http-title: Google Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose|WAP|remote management|printer Running (JUST GUESSING): IBM OS/2 4.X (87%), Aerohive embedded (85%), Avocent embedded (85%), HP embedded (85%) OS CPE: cpe:/o:ibm:os2:4 cpe:/h:hp:laserjet_p2015 Aggressive OS guesses: IBM OS/2 Warp 2.0 (87%), Aerohive HiveAP 320 WAP (HiveOS 3.4) (85%), Avocent ACS 5000 console server (Linux 2.6.11) (85%), HP LaserJet P2015 printer (85%) No exact OS matches for host (test conditions non-ideal). Network Distance: 14 hops Service Info: OS: Linux; CPE: cpe:/o:linux:kernel TRACEROUTE (using port 443/tcp) HOP RTT ADDRESS 1 4.11 ms 192.168.1.1 2 15.57 ms 73.2.248.1 3 15.83 ms 68.85.252.141 4 28.37 ms 68.85.247.189 5 56.71 ms 68.85.245.153 6 27.89 ms 68.86.94.121 7 29.79 ms 68.86.87.218 8 22.36 ms 75.149.231.70 9 25.81 ms 72.14.233.85 10 17.80 ms 72.14.237.217 11 35.35 ms 209.85.240.81 12 33.99 ms 66.249.94.7 13 45.45 ms 64.233.175.92 14 39.99 ms 173.194.37.38 OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 27.77 seconds ########################################################################################### amap -i temp.txt amap v5.4 (www.thc.org/thc-amap) started at 2012-12-09 05:51:13 - APPLICATION MAPPING mode Protocol on 173.194.37.38:443/tcp matches ssl Protocol on 173.194.37.38:80/tcp matches http Protocol on 173.194.37.38:80/tcp matches teamspeak2 Unidentified ports: 173.194.37.38:443/tcp (total 1). amap v5.4 finished at 2012-12-09 05:51:30 ########################################################################################### cd /pentest/enumeration/web/httprint/linux ./httprint -h www.google.com -s signatures.txt -P0 httprint v0.301 (beta) - web server fingerprinting tool (c) 2003-2005 net-square solutions pvt. ltd. - see readme.txt http://net-square.com/httprint/ httprint@net-square.com Finger Printing on http://www.google.com:80/ Finger Printing Completed on http://www.google.com:80/ -------------------------------------------------- Host: www.google.com Fingerprinting Error: Host/URL not found... -------------------------------------------------- ###########################################################################################

Wow thats awesome... hmmmm.. (Tries on AnarchyForums) XD

Anon_Error · 12-09-2012, 06:38 PM

If you look through the whois things there are some weird ones I must say.
"GOOGLE.COM.SPAMMING.IS.UNETHICAL.PLEASE.STOP.THEM.HUAXUEERBAN.COM"

w00t · 12-10-2012, 12:30 AM

because the whois request was done for google, rather than www.google.com, which would make more sense

Anon_Error · 12-15-2012, 07:54 PM

yeah xD this was just info i found but ehhh. whatever gets the job done gets it done. Am I right?

scanner (bash)
Author Message