1. This post will brief on a tool known as Reverse Raider available in the information gathering menu drop down in Backtrack 5
About the Tool
2. ReverseRaider is a domain scanner that uses various techniques, such as wordlist scanning to find target's subdomains or reverse resolution for a range of ip.It's fully multi-threaded and supports permutation on wordlist, IPv6 and various DNS options (e.g. no-recursion).
3. Developed by Acri Emanuele at crossbower@gmail.com
3. Developed by Acri Emanuele at crossbower@gmail.com
Usage: reverseraider -d domain | -r range [options]
Options:
-r range of ipv4 or ipv6 addresses, for reverse scanning
examples: 208.67.1.1-254 or 2001:0DB8::1428:57ab-6344
-f file containing lists of ip addresses, for reverse scanning
-d domain, for wordlist scanning (example google.com)
-w wordlist file (see wordlists directory...)
Extra options:
-t requests timeout in seconds
-P enable numeric permutation on wordlist (default off)
-D nameserver to use (default: resolv.conf)
-T use TCP queries instead of UDP queries
-R don't set the recursion bit on queries
4. Most of the DNS enumeration scripts available in backtrack focus on typical DNS but reverseraider does what it sounds like it might do which is enumerate reverse DNS names. Enumerating reverse DNS on an IP or set of IP’s can sometimes reveal information you did not previously have. It is possible to be targeting a web server that has a bunch of virtual hosts and you prefer to track down primary web site on the web server which is where reverseraider may provide the results necessary as it is more likely that the most important site on the virtual web server has reverse DNS configured on the host itself.
-P enable numeric permutation on wordlist (default off)
-D nameserver to use (default: resolv.conf)
-T use TCP queries instead of UDP queries
-R don't set the recursion bit on queries
4. Most of the DNS enumeration scripts available in backtrack focus on typical DNS but reverseraider does what it sounds like it might do which is enumerate reverse DNS names. Enumerating reverse DNS on an IP or set of IP’s can sometimes reveal information you did not previously have. It is possible to be targeting a web server that has a bunch of virtual hosts and you prefer to track down primary web site on the web server which is where reverseraider may provide the results necessary as it is more likely that the most important site on the virtual web server has reverse DNS configured on the host itself.
5. I found out this very useful and exhaustive post at http://www.question-defense.com/2012/04/01/backtrack-5-information-gathering-network-analysis-dns-analysis-reverseraider
This post gives an excellent description with details of three methods of using reverseraider.