How to Use Dmitry to Scan Web Pages

What is Dmitry?

Dmitry, or Deepmagic Information Gathering Tool, is a command line utility included in Kali Linux. It is designed to allow a user to collect public information about a target host. It can be used to gather a number of valuable pieces of information, such as:

  1. The whois details of a target host. This will provide information about a registered doamin, such as the name, address, and contact information of the person who registered it.
  2. The netcraft data for a target host. This can include details such as the operating system, web server release, and uptime information of a web host.
  3. A subdomain search of a target, which will locate any subdomains that exist on the main domain.
  4. A search of email addresses that exist on the domain
  5. A TCP scan of the target to reveal any open ports and services running on the server

Why is Dmitry Used?

Dmitry is part of a subset of information gathering tools included in Kali Linux. The purpose of these tools is to help attackers identify information about a target, to assist with locating potential attack vectors that may work on the system.

Dmitry is great for revealing information that exists through search engines about the owner, and the host of a web page. This information can be really valuable for social engineering attacks, as it provides the attacker with potential points of contact. It can also help the attacker seem more credible if they are able to give information about the web page or domain that the owner is using.

How do you use Dmitry?

To start, you can navigate to Dmitry through the main menu of Kali Linux.

Image for post
The information gathering section has Dmitry as the first option

Alternatively, you can also type “Dmitry” into the command line of Kali Linux to see the available options and help for the application. Once Dmitry is launched, you will be able to execute a command against a target, in the following format.

Dmitry [flags] [-t 0–9] [-o] target

Let’s break down the command and discuss each of the options. Parameters that are in square brackets are optional, and only need to be included if the user wishes to have them. Dmitry has the following flags available:

  1. -o: Allows the user to specify a location to write the output of the application to. If this parameter is not specified, the output is written to the command line window. This parameter must be the last one given, and must be followed by a file path.
  2. -i: Performs a whois lookup on the IP address of the target. Use this option when you want to do a whois lookup, and want to use the IP instead of a domain name.
  3. -w: Performs a whois lookup on the domain name of the host. Use this option when you want to do a whois lookup, and want to use the domain name of a target instead of the IP.
  4. -n: Retrieves all available Netcraft information for a given target.
  5. -s: Does a search for all subdomains of a target.
  6. -e: Does a search for all emails of a target domain.
  7. -p: Performs a TCP port scan of the target.

Examples of using Dmitry

Let’s try doing a basic scan of a public web page, www.nmap.org. Suppose we first want to do a whois to find out information about the site owner. We would run the Dmitry command:

Dmitry -w www.nmap.org
Image for post
Output from our initial scan

If we wanted to save the information to a text file, we could slightly modify the query as follows:

Dmitry -wo out.txt www.nmap.org

This will give us a file in our root directory with the results of the scan.

From here we could continue adding flags to get more information about the domain we are scanning. It is important to note that the -o flag should always come last in our list of flags, followed by the output file name if it is being used.

Dmitry is a tool that can be used to gather information about web pages. Other information gathering tools in Kali Linux provide enhanced versions of what Dmitry offers, but Dmitry can still be valuable as a lightweight alternative to the more intensive tools.

Dmitry can also help you scan your own domains to better understand what information attackers may have about you. This will help you better harden your security, and prevent attacks through social engineering methods.

Leave a Reply

Your email address will not be published. Required fields are marked *