Tadaypy - Smart Information Gathering Python (SIGP)
usage: tada.py [-h] [-a ALL] [-u URL]
optional arguments:
-h, --help show this help message and exit
-a ALL, --all ALL list of domain names
-u URL, --URL URL Enter a domain name
-
Single URL:
python tada.py -u domain.com -
Scan with a list:
python tada.py -a domain.txt
It will returns information about registered domain names, including the name servers they are configured to work with
Dig will let you perform any valid DNS query, the most common of which are:
-
A (the IP address),
-
TXT (text annotations),
-
MX (mail exchanges), and
-
NS nameservers.
Use the specified interface for outgoing packets
-
Get the host's addresse (A record).
-
Get the namservers (threaded).
-
Get the MX record (threaded).
-
Perform axfr queries on nameservers and get BIND VERSION (threaded).
-
Get extra names and subdomains via google scraping (google query = "allinurl: -www site:domain").
-
Brute force subdomains from file, can also perform recursion on subdomain that have NS records (all threaded).
-
Calculate C class domain network ranges and perform whois queries on them (threaded).
-
Perform reverse lookups on netranges ( C class or/and whois netranges) (threaded).
Fierce is a semi-lightweight scanner that helps locate non-contiguous IP space and hostnames against specified domains.
It's really meant as a pre-cursor to nmap, unicornscan, nessus, nikto, etc, since all of those require that you already know what IP space you are looking for.
This does not perform exploitation and does not scan the whole internet indiscriminately. It is meant specifically to locate likely targets both inside and outside a corporate network.
Because it uses DNS primarily you will often find mis-configured networks that leak internal address space. That's especially useful in targeted malware
-
Scan fewer ports than the default scan
-
Scan 100 most common ports (Fast)
-
Detect OS and Services
-
More aggressive Service Detection
-
prohibits the dynamic scan delay from exceeding 10 ms for TCP ports