Fly Zone

dig (domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried. Most DNS administrators use dig to troubleshoot DNS problems because of its flexibility, ease of use and clarity of output. Other lookup tools tend to have less functionality than dig.

dig是查询域名信息的灵活工具，功能要比nslookup多很多，是域名管理员的首选测试和排错工具，以前常用nslookup查询，dig确实更胜一筹并且返回的信息更加的详细，大家也可以试试。

dig [@server] [-b address] [-c class] [-f filename] [-k filename] [-p port#] [-q name] [-t type] [-x addr] [-y [hmac:]name:key] [-4] [-6] [name] [type] [class] [queryopt...]

dig [-h] //获取完整信息 (更多…)

ASS, the autonomous system scanner, is designed to find the AS of the router. It supports the following protocols: IRDP, IGRP, EIGRP, RIPv1, RIPv2, CDP, HSRP and OSPF.

Autonomous System Scanner，进行自治系统扫描，该程序需要在有路由协议运行的网络里面，并且支持的协议比较单一，不支持主流的OSPF（官方介绍上说是支持，但是命令里面没有，估计后继版本会支持）。该工具个人觉得作用不是很大，还有个疑问就是，IGP除了EIGRP后面是跟的自治系统号，其余的都没有，有的是进程号，何谓AS Scanner，求解？测试RIP没有啥效果，只有EIGRP有效果。 (更多…)

0trace is a traceroute tool that can be run within an existing, open TCP connection – therefore bypassing some types of stateful packet filters with ease.

简单的说0trace可以利用tcp连接，实现traceroute的功能，进行路由节点查询。

在VMware NAT模式下测试，该数据结果来自网络。本地电信检测0trace发送的数据，同时返回tcp rst报文，终止probes的发送，只能查到至网关的一跳路由节点。

整体来看，对于限制了traceroute，但是没有限制的运营商，该工具测试起来应该比较简单和方便，如果运营商有限制，效果还是不明显，直接使用traceroute可能来的更为方便，也算是进行路由节点查询的一个方法吧。

不过在使用过程中发现0trace的增强版intrace更加的人性化，提供的信息也更加的多，具体可以查看该项目的google code，不错，但是同样存在运营商重置tcp连接的可能。

好不容易Google到，而且格式编辑的很累，大家顶一下~

简略内容见：BackTrack的安全工具列表

BackTrack的安全工具介绍（基于BT3 Finial）

Information Gathering

0trace 0.01

This tool enables the user to perform hop enumeration (“traceroute”) within an established TCP connection, such as a HTTP or SMTP session. This is opposed to sending stray packets, as traceroute-type tools usually do. The important benefit of using an established connection and matching TCP packets to send a TTL-based probe is that such traffic is happily allowed through by many stateful firewalls and other defenses without further inspection (since it is related to an entry in the connection table).
Info: http://lcamtuf.coredump.cx/

Ass

ASS is a Autonomous System Scanner. Because routing protocols use autonomous systems to distinguish between various routing “domains” and various ways to communicate, you need something which works like a TCP port scanner but knows more than one protocol.
Info: http://phenoelit-us.org/irpas/docu.html#ass (更多…)

BackTrack的安全工具列表（基于BT3 Finial）

1.1 Information Gathering

1.1.1 0trace 0.01
1.1.2 Ass
1.1.3 dig
1.1.4 DMitry
1.1.5 DNS-Ptr
1.1.6 dnstracer 1.5
1.1.7 dnswalk
1.1.8 dns-bruteforce
1.1.9 dnsenum
1.1.10 dnsmap
1.1.11 DNSPredict
1.1.12 Finger Google
1.1.13 Firewalk
1.1.14 Fport 2.0 (Windows Executable)
1.1.15 Goog Mail Enum
1.1.16 Google-search
1.1.17 Googrape
1.1.18 Gooscan
1.1.19 Host
1.1.20 InTrace 1.3
1.1.21 Itrace
1.1.22 Maltego 2.0
1.1.23 Metagoofil 1.4
1.1.24 Mbenum 1.5.0 (Windows Executable)
1.1.25 Netenum
1.1.26 Netmask
1.1.27 Nmbscan 1.2.4
1.1.28 Protos
1.1.29 PsTools (Windows Executables)
1.1.29.1 PsInfo
1.1.29.2 PsFile
1.1.29.3 PsList
1.1.29.4 PsGetSID
1.1.29.5 PsLoggedOn
1.1.29.6 PsLogList
1.1.30 PStoreView 1.0 (Windows Binary)
1.1.31 QGoogle
1.1.32 Relay Scanner
1.1.33 SMTP-Vrfy
1.1.34 Subdomainer 1.3
1.1.35 TCPtraceroute 1.5beta7
1.1.36 TCtrace
1.1.37 Whoami (Windows Executable) (更多…)

Backtrack Menu Intro

1.Information Gathering //踩点、信息收集//
2.Network Mapping //网络映射//
3.Vulnerability ldentification //确定可利用漏洞//
4.Web Application Analysis //Web应用程序分析//
5.Radio Network Analysis //无线网络分析//
6.Penetration //渗透//
7.Privilge Escalation //提权//
8.Maintaining Access //后门//
9.Covering Tracks //清除痕迹//
10.Digital Forensics //数字取证//
11.Reverse Engineering //反编译//
12.Voice Over IP //IP电话//
13.Miscellaneous //其他//