Category: Enumeration

All about Enumerations!

Enumeration, Footprinting

Enumerate subdomains through a wordlist

Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist. Usage knockpy [-h] [-v] [-w WORDLIST] [-r] [-z] domain   positional arguments: domain specific target domain, like domain.com   optional arguments: -h, –help show this help message and exit -v, –version show program’s version number and exit -w WORDLIST …

Brute-force, Enumeration, Information Gathering

SubBrute – fast subdomain enumeration tool

SubBrute is a DNS meta-query spider tool that enumerates DNS records, and subdomains. SubBrute is a community driven project with the goal of creating the fastest, and most accurate subdomain enumeration tool. Some of the magic behind SubBrute is that it uses open resolvers as a kind of proxy to circumvent DNS rate-limiting. This design …

DNS, Enumeration

Enumerate DNS hostnames using nmap

nmap dns-brute script – Attempts to enumerate DNS hostnames by brute force guessing of common subdomains. With the dns-brute.srv argument, dns-brute will also try to enumerate common DNS SRV records. Script Arguments: dns-brute.threads Thread to use (default 5). dns-brute.srvlist The filename of a list of SRV records to try. Defaults to “nselib/data/dns-srv-names” dns-brute.hostlist The filename …

DNS, Enumeration

Trace a chain of DNS servers back to the source

dnstracer – determines where a given Domain Name Server (DNS) gets its information from for a given hostname, and follows the chain of DNS servers back to the authoritative answer. dnstracer – Kali Linux Git repo Options and Usage: DNSTRACER version 1.8.1 – (c) Edwin Groothuis – http://www.mavetju.org Usage: dnstracer [options] [host] -c: disable local …

DNS, Enumeration, Network

Passive DNS network mapping

Dnsmap – Passive DNS network mapper a.k.a. subdomains bruteforcer. dnsmap is mainly meant to be used by pentesters during the information gathering/enumeration phase of infrastructure security assessments. During the enumeration stage, the security consultant would typically discover the target company’s IP netblocks, domain names, phone numbers, etc … Subdomain brute-forcing is another technique that should …

DNS, Enumeration, Information Gathering, Reconnaissance

Retrieve MX records

nslookup is a command-line administrative tool for testing and troubleshooting DNS servers. The syntax for noninteractive mode is: nslookup [-option] [hostname] [server]nslookup [-option] [hostname] [server] Parameters Commands:   (identifiers are shown in uppercase, [] means optional)  NAME            – print info about the host/domain NAME using default                    server  NAME1 NAME2     – as above, but use NAME2 …

Brute-force, DNS, Enumeration

Enumerate DNS info about domains

DNSenum is a pentesting cool created to enumerate DNS info about domains. The purpose of Dnsenum is to gather as much information as possible about a domain. The program currently performs the following operations: 1) Get the host’s addresses (A record). 2) Get the namservers (threaded). 3) Get the MX record (threaded). 4) Perform axfr …