从一个域名能够得到哪些信息

如果对一个网站很感兴趣,要怎样来得到你想要的信息呢!下面我来一步一步演示,就用几个常用的命令就可以得到很多信息了。

ping命令常用,可以从域名获取ip地址,使用很简单

[root@xxxxxx ~]# ping xiaomastack.com
PING xiaomastack.com (121.40.74.211) 56(84) bytes of data.
64 bytes from 121.40.74.211: icmp_seq=1 ttl=49 time=10.2 ms
64 bytes from 121.40.74.211: icmp_seq=2 ttl=49 time=10.7 ms
64 bytes from 121.40.74.211: icmp_seq=3 ttl=49 time=10.3 ms

使用host命令可以很直观的判断解析的类型,比如A记录或CNAME记录,比如下面的blog.xiaomastack.com 是一个A记录,www.xiaomastack.com是CNAME记录,一般域名做CDN加速就是采用的CNAME记录

正常的A记录解析的域名一般是这样的
[root@xxxxxx ~]# host blog.xiaomastack.com
blog.xiaomastack.com has address 121.40.74.211

采用CNAME解析的域名一般是这样的【常用在CDN加速,如果是CDN加速,解析出来的地址一般是离你比较近的那个加速点的地址】
[root@xxxxxx ~]# host www.xiaomastack.com
www.xiaomastack.com is an alias for www.xiaomastack.com.w.alikunlun.com.
www.xiaomastack.com.w.alikunlun.com is an alias for aries.m.alikunlun.com.
aries.m.alikunlun.com has address 114.80.174.110
aries.m.alikunlun.com has address 114.80.174.120

使用nslookup一样也能达到host同样的效果。

dig命令可以查到域名解析的服务器

[root@xxxxxx ~]# dig +trace www.xiaomastack.com
从根.一层一层的开始解析,一直解析到www这个二级域名
下面省略N行
最后几行的信息是这样的(可以看到解析此域名的服务器和解析的类型)
xiaomastack.com.	172800	IN	NS	dns13.hichina.com.
xiaomastack.com.	172800	IN	NS	dns14.hichina.com.
;; Received 181 bytes from 192.33.14.30#53(192.33.14.30) in 27 ms

www.xiaomastack.com.	600	IN	CNAME	www.xiaomastack.com.w.alikunlun.com.
;; Received 83 bytes from 42.120.248.215#53(42.120.248.215) in 16 ms

namp就更强大了,能够扫描到域名所在服务器开放了那些端口,开启了什么服务,是什么操作系统等。

-v参数扫描主机详细的参数,具体什么参数自己看
[root@xxxxxx~]# nmap -v blog.xiaomastack.com

Starting Nmap 5.51 ( http://nmap.org ) at 2014-07-27 16:17 CST
Initiating Ping Scan at 16:17
Scanning blog.xiaomastack.com (121.40.74.211) [4 ports]
Completed Ping Scan at 16:17, 0.03s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 16:17
Completed Parallel DNS resolution of 1 host. at 16:17, 0.00s elapsed
Initiating SYN Stealth Scan at 16:17
Scanning blog.xiaomastack.com (121.40.74.211) [1000 ports]
Discovered open port 80/tcp on 121.40.74.211
Discovered open port 3306/tcp on 121.40.74.211
Discovered open port 22/tcp on 121.40.74.211
Completed SYN Stealth Scan at 16:17, 4.16s elapsed (1000 total ports)
Nmap scan report for blog.xiaomastack.com (121.40.74.211)
Host is up (0.010s latency).
Not shown: 996 filtered ports
PORT     STATE  SERVICE
22/tcp   open   ssh
80/tcp   open   http
3306/tcp open   mysql
8090/tcp closed unknown

Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 4.28 seconds
           Raw packets sent: 2003 (88.096KB) | Rcvd: 8 (332B)
-O参数尝试去猜测操作系统类型
[root@xxxxxx ~]# nmap -O blog.xiaomastack.com

Starting Nmap 5.51 ( http://nmap.org ) at 2014-07-27 16:19 CST
Nmap scan report for blog.xiaomastack.com (121.40.74.211)
Host is up (0.011s latency).
Not shown: 996 filtered ports
PORT     STATE  SERVICE
22/tcp   open   ssh
80/tcp   open   http
3306/tcp open   mysql
8090/tcp closed unknown
Device type: WAP|general purpose|specialized
Running (JUST GUESSING): Netgear embedded (89%), Linux 2.6.X|2.4.X (88%), Linksys Linux 2.4.X (87%), Asus Linux 2.6.X (87%), Crestron 2-Series (86%)
Aggressive OS guesses: Netgear DG834G WAP (89%), Linux 2.6.32 (88%), Linux 2.6.34 (88%), Linux 2.6.22 (Fedora Core 6) (87%), OpenWrt White Russian 0.9 (Linux 2.4.30) (87%), OpenWrt 0.9 - 7.09 (Linux 2.4.30 - 2.4.34) (87%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (87%), Asus RT-N16 WAP (Linux 2.6) (87%), Crestron XPanel control system (86%), Linux 2.6.22 (Ubuntu 7.04, x86, SMP) (85%)
No exact OS matches for host (test conditions non-ideal).

OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 10.97 seconds

还有其他的命令或参数可以从一个域名获取更多的信息。大家可以尽情的去挖掘。

转载请注明出去:http://www.xiaomastack.com/2014/07/27/shellbashcommand/ 谢谢!

发表评论:

你的电子邮件地址将不会被公开.

16 ÷ 8 =