Categories
Apps & Packages

DMitry – Deepmagic Information Gathering Tool

DMitry is an information gathering tool that is used to collect possible data such as subdomains, email addresses, uptime info, TCP port scan, whois lookups and more.

In a previous article, Network Scanning Tools (part 1), we briefly covered DMitry and described it as:

DMitry is short for Deepmagic Information Gathering Tool and is a Linux CLI-based utility. Its aim is to gather information about a host such as subdomains, email addresses, uptime, TCP port scan, and whois lookup.

Below is a list of the core features of DMitry:

  • An Open Source Project.
  • Perform an Internet Number whois lookup.
  • Retrieve possible uptime data, system and server data.
  • Perform a SubDomain search on a target host.
  • Perform an E-Mail address search on a target host.
  • Perform a TCP Portscan on the host target.
  • A Modular program allowing user specified modules.

In this article we are going to look at this tool in more detail and carry out some examples of using it.

Tool Usage

The synopsis or syntax of DMitry is as follows:

dmitry [Options] host

The main options are as follows:

  • -o filename
    • Output the results to the specified filename. If no filename specified then the default of “target.txt” will be used.
  • -i
    • Perform Internet Number whois lookup on target. Target is specified as an IP address in the format 255.255.255.255.
  • -w
    • Perform whois lookup on target. Target is specified as a domain name e.g. abc.com.
  • -n
    • Retrieve netcraft.com data on target. This includes operating system, web server release, and uptime information where available.
  • -s
    • Perform subdomain search on target. This uses several search engines and possible results are reversed to an IP address for verification.
  • -e
    • Perform email address search on target. This uses several search engines in the same manner as the subdomain search and includes subdomains of the target.
  • -p
    • Perform TCP port scan on target. This will list Open, Closed and Filtered ports within a specific range.
  • -f
    • Causes TCP port scan to report/display the output of Filtered ports. Requires the -p option to be specified prior to -f e.g. dmitry -pf target.
  • -b
    • Causes the TCP port scan to output banners if they are received when scanning TCP ports. Requires the -p option to be specified prior to -b e.g. dmitry -pb target.
  • -t
    • Sets the Time To Live (TTL) of the TCP port scan when scanning individual TCP ports. Set to 2 seconds by default. Usually required when scanning a host target that has a firewall and/or has Filtered ports which can slow the scan.

Test Environment

For the purposes of this article we will be using DMitry v1.3a installed on Ubuntu 20.10. The final example also uses Kali Linux 2020.4 and Metasploitable 2 virtual machines running within VirtualBox 6.1.

Demonstrations

1) Whois Lookup on domain name

Perform a Whois Lookup on a specified domain name and output the results to the command line console:

2) Internet Number whois lookup on IP address

Perform an Internet Number whois lookup on a specified IP address and output the results to the command line console:

3) Retrieve netcraft.com data on domain name & output to file

Retrieve data on a specified domain name from netcraft.com and output the results to the default filename:

List the contents of the output file:

4) SubDomain search on domain name & output to specified file

Search for SubDomains associated with a domain name and output the results to a specified file:

List the (edited) contents of the output file which are very similar to the information output to the console whilst running the command:

5) Email Address search on domain name

Perform an Email Address search on a specified domain name and output the results to the command line console:

6) TCP port scan on specified domain name & IP Address

Perform a TCP port scan on a specified domain and output the results to the command line console:

Perform a TCP port scan on the IP Address of a vulnerable Metasploitable 2 virtual machine from a Kali Linux virtual machine:

Further Information


Do you have any experience of using DMitry for information gathering? If so please share any tops, comments and suggestions below.

Leave a Reply