1DMitry(1) General Commands Manual DMitry(1)
2
6 DMitry - Deepmagic Information Gathering Tool
7
9 dmitry [Options] host
10
12 DMitry (Deepmagic Information Gathering Tool) is a UNIX/(GNU)Linux Com‐
13 mand Line program coded purely in C with the ability to gather as much
14 information as possible about a host.
15 DMitry has a base functionality with the ability to add new functions.
17 Basic functionality of DMitry allows for information to be gathered
18 about a target host from a simple whois lookup on the target to UpTime
19 reports and TCP portscans.
20 The application is considered a tool to assist in information gathering
22 when information is required quickly by removing the need to enter mul‐
23 tiple commands and the timely process of searching through data from
24 multiple sources.
25 To get straight into DMitry without reading this document, you can ini‐
27 tially type "dmitry target", this will perform the majority of func‐
28 tions on the target.
29
32 Options should be passed to DMitry in the form of '-option'. Only
33 options known by DMitry will be used and others will be ignored. If
34 options are not passed as a group block, the trailing options will be
35 considered a host target.
36 -o filename
38 Create an ascii text output of the results to the "filename"
39 specified. If no output filename is specified then output will
40 be saved to "target.txt". If this option is not specified in
41 any form output will be sent to the standard output (STDOUT) by
42 default. This option MUST trail all other options, i.e.
43 "./dmitry -winseo target".
44 -i Perform an Internet Number whois lookup on the target. This
46 requires that the target be in the form of a 4 part Internet
47 Number with each octal seperated using the `.' notation. For
48 example, "./dmitry -i 255.255.255.255".
49 -w Perform a whois lookup on the 'host' target. This requires that
51 the target be in a named character format. For example,
52 "./dmitry -w target" will perform a standard named whois lookup.
53 -n Retrieve netcraft.com data concerning the host, this includes
55 Operating System, Web Server release and UpTime information
56 where available.
57 -s Perform a SubDomain search on the specified target. This will
59 use serveral search engines to attempt to locate sub-domains in
60 the form of sub.target. There is no set limit to the level of
61 sub-domain that can be located, however, there is a maximum
62 string length of 40 characters (NCOL 40) to limit memory usage.
63 Possible subdomains are then reversed to an IP address, if this
64 comes back positive then the resulting subdomain is listed.
65 However, if the host uses an asterisk in their DNS records all
66 resolve subdomains will come back positive.
67 -e Perform an EmailAddress search on the specified target. This
69 modules works using the same concept as the SubDomain search by
70 attempting to locate possible e-mail addresses for a target
71 host. The e-mail addresses may also be for possible sub-domains
72 of the target host. There is a limit to the length of the e-
73 mail address set to 50 characters (NCOL 50) to limit memory
74 usage.
75 -p Perform a TCP Portscan on the host target. This is a pretty
77 basic module at the moment, and we do advise users to use some‐
78 thing like nmap (www.insecure.org/nmap/) instead. This module
79 will list open, closed and filtered ports within a specific
80 range. There will probably be little advancement upon this mod‐
81 ule, though there will be some alterations to make it a little
82 more user friendly. There are also other options for this mod‐
83 ule that can affect the scan and its relative output.
84 -f This option will cause the TCP Portscan module to report/display
86 output of filtered ports. These are usually ports that have
87 been filtered and/or closed by a firewall at the specified
88 host/target. This option requires that the '-p' option be
89 passed as a previous option. For example, "./dmitry -pf tar‐
90 get".
91 -b This option will cause the TCP Portscan module to output Banners
93 if they are received when scanning TCP Ports. This option
94 requres that the '-p' option be passed as a previous option.
95 For example, "./dmitry -pb target".
96 -t This sets the Time To Live (TTL) of the Portscan module when
98 scanning individual ports. This is set to 2 seconds by default.
99 This is usually required when scanning a host that has a fire‐
100 wall and/or has filtered ports which can slow a scan down.
101
103 This section presents some example queries that can be made using
104 dmitry. The hosts and targets used in the examples are merely used for
105 demonstration.
106 dmitry -w example-host.com
108 This will perform a named whois (INIC-WHOIS) lookup on the target host,
110 displaying results to the standard output (STDOUT).
111 dmitry -winsepo sometextfile.txt example-host.com
113 This will perform all the basic functions on the target host and store
115 all the output into "sometextfile.txt".
116 dmitry -winsepo example-host.com
118 This will perform all the basic functions on the target host and store
120 all the output into "example-host.com.txt".
121 dmitry -winsepfbo 127.0.0.1
123 This will perform all the basic functions on the target host and store
125 all the output into "127.0.0.1.txt". This will also display banners
126 and show filtered ports.
127
130 Bugs? if you find any e-mail me at james@mor-pah.net with information
131 your OS, what caused the problem, the error, suggestions etc. Thanx
132
135 DMitry, Deepmagic Information Gathering Tool is Copyright (C) 2001 -
136 2005 by James Greig.
137 Source code is provided with this software to allow users and develop‐
139 ers to understand the software for security auditing purposes. We
140 allow users to view the source code so that they are able to port the
141 software to different Operating Systems with the ability to locate bugs
142 and so forth.
143
146 Programmer/Creator
147 James Greig - James@mor-pah.net - http://www.mor-pah.net
148 Conceptual Design
149 Phased - http://www.deepmagic.org.uk
1501.3a March 2006 DMitry(1)