Inguma/CLI/Modules:Discover
Jump to navigation
Jump to search
| You are here: | Modules::discover
|
arping
Description
Send an arp who has message to discover hosts
Parameters
- target = <target host or network>
- timeout = <timeout>
Example
inguma> target = "192.168.100.0/24" inguma> arping Adding to discovered hosts 192.168.100.1 Adding to discovered hosts 192.168.100.14 Adding to discovered hosts 192.168.100.16 Adding to discovered hosts 192.168.100.50 Adding to discovered hosts 192.168.100.30 Adding to discovered hosts 192.168.100.51 Adding to discovered hosts 192.168.100.24 Adding to discovered hosts 192.168.100.25 Adding to discovered hosts 192.168.100.28 Adding to discovered hosts 192.168.100.52 List of discovered hosts ------------------------ 00:50:8b:bb:5e:09 192.168.100.1 (Unknow) 00:0c:29:a5:9a:85 192.168.100.14 (Unknow) 00:0c:29:11:09:5e 192.168.100.16 (Unknow) 00:1b:11:5b:ff:f9 192.168.100.50 (Unknow) 00:0c:29:97:3d:55 192.168.100.30 (Unknow) 00:10:83:09:af:c0 192.168.100.51 (Unknow) 00:0c:29:31:85:0f 192.168.100.24 (Unknow) 00:0c:29:f9:9a:38 192.168.100.25 (Unknow) 00:0c:29:b8:7e:ec 192.168.100.28 (Unknow) 00:50:56:4e:bb:43 192.168.100.52 (Unknow)
asn
Description
ASN whois database query
Parameters
- target = <target host or coma separated list of hosts>
Example
inguma> target = "192.168.100.16" inguma> asn ------------------------ ASN database information ------------------------ 192.168.100.16 AS8151 UniNet
bluetooth
Description
A simple bluetooth scanner
Usage
- mode = <discover|gather>
- <discover: search for bluetooth devices>
- <gather: gather services of specified device (target)>
- target = <all|localhost|address>
- <all: gather services of all devices available>
- <localhost: scan localhost services>
- <address: scan specified address>
Example
inguma> mode = 'discover' inguma> target = 'all' inguma> bluetooth Searching Bluetooth devices...
db2discover
Description
IBM DB2 database servers discover module
Parameters
- target = <target host or network>
- port = <target port>
- timeout = <timeout>
Example
inguma> target = "192.168.100.0/24" inguma> db2discover Total of 0 IBM DB2 Server(s) found.
externip
Description
Get your external ip address (even when using proxies)
Parameters
N/A
Example
inguma> externip 80.14.163.161
geoip
Description
Get geographic information of an IP address
Parameters
- target = <target IP>
- <if set to "all", all IP stored on KB will be used>
- <if set to "download", GeoIP database will be downloaded>
Example
inguma> target = "download" inguma> geoip Downloading http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz Extracting files... Operation complete inguma> target = "46.252.206.1" inguma> geoip IP | Latitude Longitude Country City Region +----------------+--------------------------------------------------------------------------------+ 46.252.206.1 ==> 52.5 5.75 Netherlands None None +-------------------------------------------------------------------------------------------------+
getmac
Description
Get the host's MAC address
Parameters
- target = <target host or network>
Example
inguma> target = "192.168.100.24" inguma> getmac 192.168.100.24 MAC: 00:0c:29:31:85:0f Unknow
hostname
Description
Get the host's name
Parameters
- target = <target host or network>
Example
inguma> target = "192.168.100.18" inguma> hostname 192.168.100.18 name: aldpillap.local
icmping
Description
Ping a host
Parameters
- target = <target host or network>
- timeout = <timeout>
- waitTime = <wait time between packets>
- packetType = <numeric packet type> (Default to ECHO_REQUEST)
- iface = <iface>
Default packet type sent is ECHO_REQUEST (value: 0). To change it, use packetType numerical value with one of the following:
- ECHO_REPLY = 0
- DEST_UNREACH = 3
- SOURCE_QUENCH = 4
- REDIRECT = 5
- ECHO_REQUEST = 8
- ROUTER_ADVERTISEMENT = 9
- ROUTER_SOLICITATION = 10
- TIME_EXCEEDED = 11
- PARAMETER_PROBLEM = 12
- TIMESTAMP_REQUEST = 13
- TIMESTAMP_REPLY = 14
- INFORMATION_REQUEST = 15
- INFORMATION_RESPONSE = 16
- ADDRESS_MASK_REQUEST = 17
- ADDRESS_MASK_REPPLY = 18
Example
inguma> target = "192.168.100.10-50" inguma> timeout = 0.1 inguma> icmping Sending probe to 192.168.100.10 WARNING: Mac address to reach destination not found. Using broadcast. Sending probe to 192.168.100.11 WARNING: Mac address to reach destination not found. Using broadcast. Sending probe to 192.168.100.12 WARNING: Mac address to reach destination not found. Using broadcast. Sending probe to 192.168.100.13 WARNING: Mac address to reach destination not found. Using broadcast. Sending probe to 192.168.100.14 Sending probe to 192.168.100.15 WARNING: Mac address to reach destination not found. Using broadcast. Sending probe to 192.168.100.16 Sending probe to 192.168.100.17 WARNING: Mac address to reach destination not found. Using broadcast. Sending probe to 192.168.100.18 Sending probe to 192.168.100.19 WARNING: Mac address to reach destination not found. Using broadcast. Sending probe to 192.168.100.20 WARNING: Mac address to reach destination not found. Using broadcast. Sending probe to 192.168.100.21 ...(TRUNCATED...) Discovered hosts ---------------- Found host 1 192.168.100.14 Found host 2 192.168.100.16 Found host 3 192.168.100.24 Found host 4 192.168.100.25 Found host 5 192.168.100.28 Found host 6 192.168.100.30 Found host 7 192.168.100.50
ipaddr
Description
Returns the ip address associated to a hostname or host alias.
Usage
- target = <target host or network>
Example
inguma> target = "aldpillap.local" inguma> ipaddr Target: aldpillap.local IP Address: 192.168.100.18 Adding to discovered hosts 192.168.100.18
isnated
Description
Check if the target's port is NATed by sending an ICMP packet to get the number of hops and, by comparing it with the number of hops by sending a TCP packet.
Parameters
- target = <target host or network>
- timeout = <timeout>
Example
inguma> target = "192.168.1.254" inguma> iface = "en1" inguma> portscan Portscan results ---------------- Port 80/http is opened at 192.168.1.254 Port 139/netbios-ssn is opened at 192.168.1.254 Port 21/ftp is opened at 192.168.1.254 Port 445/microsoft-ds is opened at 192.168.1.254 inguma> isnated Ports are NOT NATed
ispromisc
Description
Check if the target is in promiscous mode
Parameters
- target = <target host or network>
Example
inguma> target = "192.168.100.16" inguma> ispromisc Target is promiscuous: True
netcraft
Description
Query netcraft database
Parameters
- target = <target host or network>
Example
inguma> target = "******club.net" inguma> netcraft Netcraft database information ----------------------------- Site: http://******club.net Last reboot: unknown Domain: ******club.net Netblock owner: Free SAS IP address: 88.190.***.*** Site rank: unknown Country: FR Nameserver: ns0.online.net Date first seen: April 2007 DNS admin: **********@proxad.net Domain Registrar: unknown Reverse DNS: ***-***.online.net Organisation: unknown Nameserver Organisation: unknown Check another site:: Netcraft Site Report Gadget
subdomainer
Description
Find subdomains for a given domain
Parameters
- target = <target domain. ej: example.com>
Example
inguma> target="google.com" inguma> subdomainer Testing wildcard... Searching subdomains... Domain: sms.google.com: IP: 209.85.229.113 Domain: web.google.com: IP: 209.85.229.100 Domain: ns.google.com: IP: 216.239.32.10 Domain: code.google.com: IP: 209.85.227.138 Domain: images.google.com: IP: 209.85.229.100 Domain: ns1.google.com: IP: 216.239.32.10 Domain: ns2.google.com: IP: 216.239.34.10 Domain: blog.google.com: IP: 209.85.227.191 Domain: docs.google.com: IP: 209.85.229.138 Domain: catalog.google.com: IP: 209.85.227.101 Domain: vpn.google.com: IP: 64.9.224.68 Domain: mail.google.com: IP: 209.85.229.17 Domain: documents.google.com: IP: 209.85.147.139 Domain: map.google.com: IP: 209.85.227.139 Domain: wap.google.com: IP: 209.85.147.138 Domain: games.google.com: IP: 209.85.147.138 Domain: directory.google.com: IP: 209.85.169.100 Domain: page.google.com: IP: 209.85.227.101 Domain: mobile.google.com: IP: 209.85.229.193 Domain: email.google.com: IP: 209.85.229.100 Domain: finance.google.com: IP: 209.85.147.138 Domain: print.google.com: IP: 209.85.229.147 Domain: search.google.com: IP: 209.85.229.100 Domain: developer.google.com: IP: 209.85.229.100 Domain: news.google.com: IP: 209.85.229.101 Domain: downloads.google.com: IP: 209.85.229.147 Domain: ns3.google.com: IP: 216.239.36.10 Domain: shopping.google.com: IP: 209.85.147.138 Domain: video.google.com: IP: 209.85.169.138 Domain: download.google.com: IP: 209.85.169.104 Domain: smtp.google.com: IP: 216.239.44.95 Domain: pages.google.com: IP: 209.85.147.138 Domain: jobs.google.com: IP: 209.85.147.100 Domain: dir.google.com: IP: 209.85.169.113 Domain: help.google.com: IP: 209.85.147.138 Domain: services.google.com: IP: 209.85.147.138 Domain: desktop.google.com: IP: 209.85.227.103 Domain: music.google.com: IP: 209.85.147.138 Domain: maps.google.com: IP: 209.85.227.138 Domain: alerts.google.com: IP: 209.85.147.138 Domain: proxy.google.com: IP: 64.233.179.4 Domain: support.google.com: IP: 209.85.147.139 Domain: local.google.com: IP: 209.85.227.102 Domain: apps.google.com: IP: 209.85.229.102 Domain: enterprise.google.com: IP: 209.85.147.138 Domain: uploads.google.com: IP: 74.125.54.213
tcping
Description
TCP Ping
Parameters
- target = <target host or network>
- timeout = <timeout>
- waitTime = <wait time between packets>
- port = <destination port to ping>
- iface = <iface>
Example
inguma> target = "192.168.100.0/24" inguma> tcping Sending probe to 192.168.100.0 using port 80 WARNING: Mac address to reach destination not found. Using broadcast. Sending probe to 192.168.100.1 using port 80 Sending probe to 192.168.100.2 using port 80 WARNING: Mac address to reach destination not found. Using broadcast. Sending probe to 192.168.100.3 using port 80 WARNING: Mac address to reach destination not found. Using broadcast. Sending probe to 192.168.100.4 using port 80 WARNING: Mac address to reach destination not found. Using broadcast. Sending probe to 192.168.100.5 using port 80 WARNING: Mac address to reach destination not found. Using broadcast. Sending probe to 192.168.100.6 using port 80 (...TRUNCATED...)
tcptrace
Description
Trace a route to a host(s)
Parameters
- target = <target host or network>
- timeout = <timeout>
- minttl = <minimun ttl>
- maxttl = <maximun ttl>
- sport = <source port>
- dport = <destination port>
- iface = <interface to use>
Example
inguma> target = "**ogle.com" inguma> tcptrace Trace to target(s) ------------------ host 1 192.168.**.** host 2 192.168.**.** host 3 10.125.**.** host 4 10.125.**.** host 5 193.253.**.** host 6 81.253.**.** host 7 81.253.**.** host 8 72.14.**.** (...TRUNCATED...)
udping
Description
UDP Ping
Parameters
- target = <target host or network>
- timeout = <timeout>
- waitTime = <wait time between packets>
- port = <destination port to ping>
- iface = <iface>
Example
inguma> target = "192.168.100.0/24" inguma> udping Sending probe to 192.168.100.0 using port 0 WARNING: Mac address to reach destination not found. Using broadcast. Sending probe to 192.168.100.1 using port 0 Sending probe to 192.168.100.2 using port 0 WARNING: Mac address to reach destination not found. Using broadcast. Sending probe to 192.168.100.3 using port 0 WARNING: Mac address to reach destination not found. Using broadcast. (...TRUNCATED...)
whois
Description
Query multiple whois databases
Parameters
- target = <target host or network>
- db = <internic|ripe|arin|lacnic|apnic|afrinic>
- Internic - Internet Network Information Center
- RIPE: Reseaux IP Europeens - Network Coordination Centre User Link
- ARIN: American Registry for Internet Numbers User Link
- LACNIC: Latin America and Caribbean Network Information Centre User Link
- APNIC: Asia Pacific Network Information Centre User Link
- AFRINIC: African Network Information Centre User Link
Example
inguma> target = "***gle.com" inguma> db = "internic" inguma> whois Connecting to server: whois.internic.net ... Connected, sending query: google.com ... -------------------------- Whois database information -------------------------- Whois Server Version 2.0 Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. ***GLE.COM.ZZZZZZZZZZZZZ.GET.ONE.MILLION.DOLLARS.AT.WWW.***MUNDI.COM ***GLE.COM.ZZZZZZ.THE.BEST.WEBHOSTING.AT.WWW.**TUCH.COM ***GLE.COM.ZZZZZ.GET.LAID.AT.WWW.***GINGCOMMUNITY.COM ***GLE.COM.ZOMBIED.AND.HACKED.BY.WWW.***-HACK.COM ***GLE.COM.**AET.***DOMEN.COM ***GLE.COM.***KIRBAC.COM ***GLE.COM.***EHOCA.COM ***GLE.COM.***DT.DOOR.VEEL.WHTERS.GEBRUIKT.SERVER***.NET ***GLE.COM.VN ***GLE.COM.***DAYOFF.COM (...TRUNCATED...)
wifi
Description
A simple passive information gathering tool for wireless networks
Warning
- WARNING: Be sure to put your card in monitor mode (You can use Airmon-ng).
- Channel hopping must be done externaly (Kismet).
Parameters
- interface = <e.g. wlan0>
- mode = <Beacon|NonBeacon|MAC|arpip>
- <Beacon: show devices that emit beacon>
- <NonBeacon: try to show 'hidden'devices>
- <MAC: list MAC addresses of AP and clients>
- <arpip: show device's MAC and IP when possible>
Example
inguma> interface = "wlan0" inguma> mode = "Beacon" inguma> wifi 00:1b:11:**:**:**['\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'|short-slot+ESS+privacy] 00:07:cb:**:**:**['wifi***'|short-slot+ESS+privacy] ^C
Note
For wifi networks that don't broadcast their SSID, the string \x00...\x00 is displayed (1 \x00 per character in the name).