Social Icons

Saturday, September 28, 2013

BACKTRACK 5 R3 : dnsenum


1.  Coming to next good information gathering tool in Backtrack 5 R3...here I give the command run details and a sample result by a tool known as dnsenum

First a small Intro about the tool :

DNSenum is a tool that is designed with the purpose of enumerating DNS information about a domain.Then information that one obtain's from this tool is useful for the phase of information gathering when one is conducting a penetration test.Thus the basic purpose of Dnsenum is to gather as much information as possible about a domain. The program performs the following operations:

-  Get the host's addresse (A record)
-  Get the nameservers (threaded)
-  Get the MX record (threaded)
- Perform axfr (ie DNS zone transfer) queries on nameservers
- Get extra names and subdomains via google scraping (google query = "allinurl: -www site:domain")
- Brute force subdomains from file, can also perform recursion on subdomain that have NS records (all threaded)
- Calculate C class domain network ranges and perform whois queries on them (threaded)
- Perform reverse lookups on netranges ( C class or/and whois netranges) (threaded)
- Write to domain_ips.txt file ip-blocks


(Click on the image to enlarge)
2.   So coming to executing the command,once you click the dnsenum available vide the following route :

Backtrack - Information Gathering - Network Analysis - DNS Analysis - dnsenum
you get to see the following screen...
(Click on the image to enlarge)
Now the run syntax for the command is pretty simple that goes like :

./dnsenum.pl sitename.com

(Click on the image to enlarge)
In the above sample run...I have taken a site dvwa.co.uk
(Click on the image to enlarge)

1 comments:

Powered By Blogger