从一个域名能够得到哪些信息

如果对一个网站很感兴趣,要怎样获取感兴趣的信息,用几个常用的命令就可以获取很多信息了。

ping

ping命令常用,可以从域名获取ip地址,使用很简单

1
2
3
4
5
$ ping azjoy.com 
PING azjoy.com (121.40.74.211) 56(84) bytes of data.
64 bytes from 121.40.74.211: icmp_seq=1 ttl=49 time=10.2 ms
64 bytes from 121.40.74.211: icmp_seq=2 ttl=49 time=10.7 ms
64 bytes from 121.40.74.211: icmp_seq=3 ttl=49 time=10.3 ms
host

使用host命令可以很直观的判断解析的类型,比如A记录或CNAME记录,比如blog.azjoy.com 是一个A记录,www.azjoy.com是CNAME记录,一般域名做CDN加速需要CNAME记录

1
2
3
4
5
6
7
8
9
正常的A记录解析的域名一般这样
$ host blog.azjoy.com
blog.azjoy.com has address 121.40.74.211

采用CNAME解析的域名一般用在CDN加速,如果是CDN加速,解析出来的地址一般是距离比较近的那个加速点的地址
$ host www.azjoy.com
www.azjoy.com is an alias for www.azjoy.com.w.alikunlun.com. www.azjoy.com.w.alikunlun.com is an alias for aries.m.alikunlun.com.
aries.m.alikunlun.com has address 114.80.174.110
aries.m.alikunlun.com has address 114.80.174.120
nslookup

使用nslookup一样也能达到host同样的效果。 dig命令可以查到域名解析的服务器

1
2
3
4
5
6
$ dig +trace www.azjoy.com 
从根.一层一层的开始解析,一直解析到www这个二级域名 下面省略N行 最后几行的信息可以看到解析此域名的服务器和解析的类型azjoy.com. 172800 IN NS dns13.hichina.com.
azjoy.com. 172800 IN NS dns14.hichina.com.
;; Received 181 bytes from 192.33.14.30#53(192.33.14.30) in 27 ms
www.azjoy.com. 600 IN CNAME www.azjoy.com.w.alikunlun.com.
;; Received 83 bytes from 42.120.248.215#53(42.120.248.215) in 16 ms
nmap

namp就更强了,能够扫描到域名所在服务器开放了那些端口,开启了什么服务,是什么操作系统等。

  • -v参数扫描主机详细的参数
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
$ nmap -v blog.azjoy.com 
Starting Nmap 5.51 ( http://nmap.org ) at 2014-07-27 16:17 CST
Initiating Ping Scan at 16:17
Scanning blog.azjoy.com (121.40.74.211) [4 ports]
Completed Ping Scan at 16:17, 0.03s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 16:17
Completed Parallel DNS resolution of 1 host. at 16:17, 0.00s elapsed
Initiating SYN Stealth Scan at 16:17
Scanning blog.azjoy.com (121.40.74.211) [1000 ports]
Discovered open port 80/tcp on 121.40.74.211
Discovered open port 3306/tcp on 121.40.74.211
Discovered open port 22/tcp on 121.40.74.211
Completed SYN Stealth Scan at 16:17, 4.16s elapsed (1000 total ports)
Nmap scan report for blog.azjoy.com (121.40.74.211)
Host is up (0.010s latency). Not shown: 996 filtered ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
3306/tcp open mysql
8090/tcp closed unknown
Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 4.28 seconds
Raw packets sent: 2003 (88.096KB) | Rcvd: 8 (332B)
  • -O参数尝试去猜测操作系统类型
$ nmap -O blog.azjoy.com 
Starting Nmap 5.51 ( http://nmap.org ) at 2014-07-27 16:19 CST 
Nmap scan report for blog.azjoy.com (121.40.74.211) 
Host is up (0.011s latency). Not shown: 996 filtered ports 
PORT STATE SERVICE 
22/tcp open ssh 
80/tcp open http 
3306/tcp open mysql 
8090/tcp closed unknown 
Device type: WAP|general purpose|specialized 
Running (JUST GUESSING): Netgear embedded (89%), Linux 2.6.X|2.4.X (88%), Linksys Linux 2.4.X (87%), Asus Linux 2.6.X (87%), Crestron 2-Series (86%) 
Aggressive OS guesses: Netgear DG834G WAP (89%), Linux 2.6.32 (88%), Linux 2.6.34 (88%), Linux 2.6.22 (Fedora Core 6) (87%), OpenWrt White Russian 0.9 (Linux 2.4.30) (87%), OpenWrt 0.9 - 7.09 (Linux 2.4.30 - 2.4.34) (87%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (87%), Asus RT-N16 WAP (Linux 2.6) (87%), Crestron XPanel control system (86%), Linux 2.6.22 (Ubuntu 7.04, x86, SMP) (85%) 
No exact OS matches for host (test conditions non-ideal). 
OS detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 10.97 seconds

还有很多其它命令或参数可以从域名获取更多的信息。

----------------本文结束 感谢阅读----------------