DMitry tool

Kali Linux Day 2: Information Gathering tool: DMitry

What is DMitry?

DMitry or (Deepmagic Information Gathering Tool) is a tool found in Kali Linux that automates some of the commonly used methods in order to gather information about a specific host or target.

What can it do?

DMitry has the ability to do the following:

  • Perform a whois lookup (via domain)
  • Perform a reverse whois lookup (via IP address)
  • Retrieve Netcraft.com information of the host
  • Perform email search
  • Perform subdomain search
  • Perform TCP port scan (just like nmap)

How do I use it?

Typing

dmitry

in the terminal will show its help section:

DMitry help
DMitry help

Now, just like the previous tool that we discussed, you have to input all required information after the switches. You use switches as a combination and not individually opposite to what you do in acccheck. For example you want to perform:

  • Perform a whois lookup (via domain)
  • Perform a reverse whois lookup (via IP address)
  • Perform email search
  • Perform subdomain search

You will have to enter the following in the terminal:

dmitry -wise <insert target here>

What did you do with it?

NOTE: Be cautious in using the TCP port scan as doing it could be prohibited in your location.

In this test, we will run the tool against Google.com. We will avoid doing TCP port scan and will try to:

  • Perform a whois lookup (via domain)
  • Perform a reverse whois lookup (via IP address)
  • Perform email search
  • Perform subdomain search

using the tool.

DMitry tool
DMitry tool

Here’s the command that I used:

dmitry -wise google.com

It will then output the following results:

Deepmagic Information Gathering Tool
"There be some deep magic going on"

HostIP:172.217.25.238
HostName:google.com

Gathered Inet-whois information for 172.217.25.238
---------------------------------

[deleted some of the info to conserve space]

% This query was served by the RIPE Database Query Service version 1.88 (WAGYU)

Gathered Inic-whois information for google.com
---------------------------------
 Domain Name: GOOGLE.COM
 Registrar: MARKMONITOR INC.
 Sponsoring Registrar IANA ID: 292
 Whois Server: whois.markmonitor.com
 Referral URL: http://www.markmonitor.com
 Name Server: NS1.GOOGLE.COM
 Name Server: NS2.GOOGLE.COM
 Name Server: NS3.GOOGLE.COM
 Name Server: NS4.GOOGLE.COM
 Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
 Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
 Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
 Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited
 Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
 Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited
 Updated Date: 20-jul-2011
 Creation Date: 15-sep-1997
 Expiration Date: 14-sep-2020

>> Last update of whois database: Thu, 23 Feb 2017 00:34:40 GMT <<<

[deleted some of the info to conserve space]

Gathered Subdomain information for google.com
---------------------------------
Searching Google.com:80...
HostName:www.google.com
HostIP:64.233.187.147
HostName:apis.google.com
HostIP:172.217.25.206
HostName:plusone.google.com
HostIP:216.58.200.174
HostName:maps.google.com
HostIP:172.217.26.14
HostName:play.google.com
HostIP:216.58.197.174


[deleted some of the info to conserve space]

Searching Altavista.com:80...
Found 42 possible subdomain(s) for host google.com, Searched 0 pages containing 0 results

[deleted some of the info to conserve space]

Gathered E-Mail information for google.com
---------------------------------
Searching Google.com:80...
Searching Altavista.com:80...
Found 0 E-Mail(s) for host google.com, Searched 0 pages containing 0 results

All scans completed, exiting

What can I do with this?

Whether you are doing security testing or just plain old bored in manually searching things, this tool can help you find additional information regarding a host or a target. Imagine if your company tells you to find all the company websites that you own, you can just run this tool and sit back and wait for results! Pretty handy!

I myself find this very useful specially when I want to enumerate all the subdomains of a particular website. I even found out that there is such thing as:

script.google.com

subdomain from Google! Neat!


Definition of Terms

If even you do not understand some of the terms I used in here, you can always consult this page. Cheers!

 

Advertisements

3 thoughts on “Kali Linux Day 2: Information Gathering tool: DMitry

  1. That is very interesting, You’re a very professional blogger.

    I have joined your rss feed and stay up for in quest of more of your great post.
    Additionally, I’ve shared your site in my social networks

    Like

Care to comment?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s