Category: DNS

All about DNS!

DNS, Enumeration

Enumerate DNS hostnames using nmap

nmap dns-brute script – Attempts to enumerate DNS hostnames by brute force guessing of common subdomains. With the dns-brute.srv argument, dns-brute will also try to enumerate common DNS SRV records. Script Arguments: dns-brute.threads Thread to use (default 5). dns-brute.srvlist The filename of a list of SRV records to try. Defaults to “nselib/data/dns-srv-names” dns-brute.hostlist The filename …

DNS, Enumeration

Trace a chain of DNS servers back to the source

dnstracer – determines where a given Domain Name Server (DNS) gets its information from for a given hostname, and follows the chain of DNS servers back to the authoritative answer. dnstracer – Kali Linux Git repo Options and Usage: DNSTRACER version 1.8.1 – (c) Edwin Groothuis – http://www.mavetju.org Usage: dnstracer [options] [host] -c: disable local …

DNS

Reverse DNS lookup for IPv6

dnsrevenum6 – Performs a fast reverse DNS enumeration and is able to cope with slow servers. Syntax: dnsrevenum6 dns-server ipv6addressdnsrevenum6 dns-server ipv6address Examples: dnsrevenum6 dns.test.com 2001:db8:42a8::/48 dnsrevenum6 dns.test.com 8.a.2.4.8.b.d.0.1.0.0.2.ip6.arpadnsrevenum6 dns.test.com 2001:db8:42a8::/48 dnsrevenum6 dns.test.com 8.a.2.4.8.b.d.0.1.0.0.2.ip6.arpa Usage Find ipv6 address first with dnsdict6 dnsdict6 -d example.comdnsdict6 -d example.com Reverse DNS lookup dnsrevenum6 8.8.8.8 ipv6:address:retrieved:from:dnsdict6/48dnsrevenum6 8.8.8.8 ipv6:address:retrieved:from:dnsdict6/48

DNS, Enumeration, Network

Passive DNS network mapping

Dnsmap – Passive DNS network mapper a.k.a. subdomains bruteforcer. dnsmap is mainly meant to be used by pentesters during the information gathering/enumeration phase of infrastructure security assessments. During the enumeration stage, the security consultant would typically discover the target company’s IP netblocks, domain names, phone numbers, etc … Subdomain brute-forcing is another technique that should …

DNS, Enumeration, Information Gathering, Reconnaissance

Retrieve MX records

nslookup is a command-line administrative tool for testing and troubleshooting DNS servers. The syntax for noninteractive mode is: nslookup [-option] [hostname] [server]nslookup [-option] [hostname] [server] Parameters Commands:   (identifiers are shown in uppercase, [] means optional)  NAME            – print info about the host/domain NAME using default                    server  NAME1 NAME2     – as above, but use NAME2 …

DNS, Information Gathering

Resolve hostname to ip without using ping

To resolve a hostname to its IP address without using Ping (ICMP echo request), you can use dig or nslookup. You should avoid using ping because ICMP requests may alert administrators when an IDS/IPS system is installed at the target system or even worse ICMP echo requests are blocked from a firewall.   dig hostnamedig …

Brute-force, DNS, Enumeration

Enumerate DNS info about domains

DNSenum is a pentesting cool created to enumerate DNS info about domains. The purpose of Dnsenum is to gather as much information as possible about a domain. The program currently performs the following operations: 1) Get the host’s addresses (A record). 2) Get the namservers (threaded). 3) Get the MX record (threaded). 4) Perform axfr …