We are going to go over the DMitry, the deep magic information gathering tool. It can be used to do the following but not just limited to whois lookup, scan subdomains, and scan a host for open ports. We can see the domain registration information, and name-servers.
The second thing we are going to look at is port scanning. We are going to use the "-pb" switch: p for ports and b to get the banner from the ports and hostname or ip-address.
dmitry -h
Deepmagic Information Gathering Tool
"There be some deep magic going on"
Usage: dmitry [-winsepfb] [-t 0-9] [-o %host.txt] host
-o Save output to %host.txt or to file specified by -o file
-i Perform a whois lookup on the IP address of a host
-w Perform a whois lookup on the domain name of a host
-n Retrieve Netcraft.com information on a host
-s Perform a search for possible subdomains
-e Perform a search for possible email addresses
-p Perform a TCP port scan on a host
* -f Perform a TCP port scan on a host showing output reporting filtered ports
* -b Read in the banner received from the scanned port
* -t 0-9 Set the TTL in seconds when scanning a TCP port ( Default 2 )
*Requires the -p flagged to be passed
dmitry -winsepo example.txt example.com
Run a domain whois lookup (w), an IP whois lookup (i), retrieve Netcraft info (n), search for subdomains (s), search for email addresses (e), do a TCP port scan (p), and save the output to example.txt (o) for the domain example.com:
VideoDorks
BookDorks
AudioDorks
CssDorks
TVDorks
PhotoDorks
ThemeDorks