Information Gatheringwhoissubdomainsemailportscannetcraftosint

DMitry

DMitry is a command line tool for information gathering, capable of finding subdomains, email addresses, uptime information, performing TCP port scans, and whois lookups. It provides deep reconnaissance on hosts through various passive and active techniques.

Description

DMitry (Deepmagic Information Gathering Tool) is a UNIX/Linux command line application written in C, designed for comprehensive host reconnaissance. It enables users to perform whois lookups on domains and IP addresses, retrieve Netcraft information, search for subdomains and email addresses, and conduct TCP port scans. This makes it valuable for initial OSINT phases in penetration testing and security assessments.

Use cases include domain footprinting, identifying potential attack surfaces through open ports and subdomains, and gathering contact information via emails. The tool outputs detailed results including host IP, hostname, and specific findings from each module, which can be saved to files for further analysis.

It is particularly useful in environments requiring quick, command-line driven intelligence collection without relying on graphical interfaces.

How It Works

DMitry operates by querying public sources and performing direct scans: whois lookups contact registry databases for domain/IP ownership; Netcraft retrieval pulls hosting and history data; subdomain and email searches use common wordlists against DNS and web scraping techniques; TCP port scans send SYN packets with configurable TTL to detect open/filtered ports, optionally grabbing banners. Output is aggregated and written to stdout or files.

Installation

bash

sudo apt install dmitry

Flags

-oSave output to %host.txt or to file specified by -o file

-iPerform a whois lookup on the IP address of a host

-wPerform a whois lookup on the domain name of a host

-nRetrieve Netcraft.com information on a host

-sPerform a search for possible subdomains

-ePerform a search for possible email addresses

-pPerform a TCP port scan on a host

-fPerform a TCP port scan on a host showing output reporting filtered ports (requires -p)

-bRead in the banner received from the scanned port (requires -p)

-t 0-9Set the TTL in seconds when scanning a TCP port (Default 2)

Examples

Run a domain whois lookup (-w), an IP whois lookup (-i), retrieve Netcraft info (-n), search for subdomains (-s), search for email addresses (-e), do a TCP port scan (-p), and save the output to example.txt (-o) for the domain example.com

dmitry -winsepo example.txt example.com

Display the help usage information for dmitry

dmitry -h

Perform a whois lookup on the IP address of the host example.com

dmitry -i example.com

Perform a whois lookup on the domain name example.com

dmitry -w example.com

Retrieve Netcraft.com information on example.com

dmitry -n example.com

Perform a search for possible subdomains of example.com

dmitry -s example.com

Perform a search for possible email addresses on example.com

dmitry -e example.com

Perform a TCP port scan on example.com

dmitry -p example.com

Updated 2026-04-16kali.org ↗