In a previous article, Network Scanning Tools (part 1), we briefly covered DMitry and described it as:
DMitry is short for Deepmagic Information Gathering Tool and is a Linux CLI-based utility. Its aim is to gather information about a host such as subdomains, email addresses, uptime, TCP port scan, and whois lookup.
Below is a list of the core features of DMitry:
- An Open Source Project.
- Perform an Internet Number whois lookup.
- Retrieve possible uptime data, system and server data.
- Perform a SubDomain search on a target host.
- Perform an E-Mail address search on a target host.
- Perform a TCP Portscan on the host target.
- A Modular program allowing user specified modules.
In this article we are going to look at this tool in more detail and carry out some examples of using it.
Tool Usage
The synopsis or syntax of DMitry is as follows:
dmitry [Options] hostThe main options are as follows:
- -o filename
- Output the results to the specified filename. If no filename specified then the default of “target.txt” will be used.
- -i
- Perform Internet Number whois lookup on target. Target is specified as an IP address in the format 255.255.255.255.
- -w
- Perform whois lookup on target. Target is specified as a domain name e.g. abc.com.
- -n
- Retrieve netcraft.com data on target. This includes operating system, web server release, and uptime information where available.
- -s
- Perform subdomain search on target. This uses several search engines and possible results are reversed to an IP address for verification.
- -e
- Perform email address search on target. This uses several search engines in the same manner as the subdomain search and includes subdomains of the target.
- -p
- Perform TCP port scan on target. This will list Open, Closed and Filtered ports within a specific range.
- -f
- Causes TCP port scan to report/display the output of Filtered ports. Requires the -p option to be specified prior to -f e.g. dmitry -pf target.
- -b
- Causes the TCP port scan to output banners if they are received when scanning TCP ports. Requires the -p option to be specified prior to -b e.g. dmitry -pb target.
- -t
- Sets the Time To Live (TTL) of the TCP port scan when scanning individual TCP ports. Set to 2 seconds by default. Usually required when scanning a host target that has a firewall and/or has Filtered ports which can slow the scan.
Test Environment
For the purposes of this article we will be using DMitry v1.3a installed on Ubuntu 20.10. The final example also uses Kali Linux 2020.4 and Metasploitable 2 virtual machines running within VirtualBox 6.1.
Demonstrations
1) Whois Lookup on domain name
Perform a Whois Lookup on a specified domain name and output the results to the command line console:
2) Internet Number whois lookup on IP address
Perform an Internet Number whois lookup on a specified IP address and output the results to the command line console:
3) Retrieve netcraft.com data on domain name & output to file
Retrieve data on a specified domain name from netcraft.com and output the results to the default filename:
List the contents of the output file:
4) SubDomain search on domain name & output to specified file
Search for SubDomains associated with a domain name and output the results to a specified file:
List the (edited) contents of the output file which are very similar to the information output to the console whilst running the command:
5) Email Address search on domain name
Perform an Email Address search on a specified domain name and output the results to the command line console:
6) TCP port scan on specified domain name & IP Address
Perform a TCP port scan on a specified domain and output the results to the command line console:
Perform a TCP port scan on the IP Address of a vulnerable Metasploitable 2 virtual machine from a Kali Linux virtual machine:
Further Information
- Homepage:
- Download & Documentation:
Do you have any experience of using DMitry for information gathering? If so please share any tops, comments and suggestions below.