Tag: enumeration

Enumeration, Footprinting

Enumerate subdomains through a wordlist

Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist. Usage knockpy [-h] [-v] [-w WORDLIST] [-r] [-z] domain   positional arguments: domain specific target domain, like domain.com   optional arguments: -h, –help show this help message and exit -v, –version show program’s version number and exit -w WORDLIST …

Brute-force, Enumeration, Information Gathering

SubBrute – fast subdomain enumeration tool

SubBrute is a DNS meta-query spider tool that enumerates DNS records, and subdomains. SubBrute is a community driven project with the goal of creating the fastest, and most accurate subdomain enumeration tool. Some of the magic behind SubBrute is that it uses open resolvers as a kind of proxy to circumvent DNS rate-limiting. This design …

DNS, Enumeration

Enumerate DNS hostnames using nmap

nmap dns-brute script – Attempts to enumerate DNS hostnames by brute force guessing of common subdomains. With the dns-brute.srv argument, dns-brute will also try to enumerate common DNS SRV records. Script Arguments: dns-brute.threads Thread to use (default 5). dns-brute.srvlist The filename of a list of SRV records to try. Defaults to “nselib/data/dns-srv-names” dns-brute.hostlist The filename …

Enumeration, Microsoft Windows

Disable NetBIOS NULL Sessions

Use Registry Editor to view the following registry key, and then add the following value to this key, or modify it if the value already exists: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSAHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA Value: RestrictAnonymous Value Type: REG_DWORD Value Data: 0x2 (Hex) 0 None. Rely on default permissions 1 Do not allow enumeration of SAM accounts and names 2 No access …

Enumeration

SNMP Enumeration

snmpenum is a perl script capable of enumerating information on machines that are running SNMP.   Usage: ./snmpenum.pl <IP-address> <community> <configfile>./snmpenum.pl <IP-address> <community> <configfile>   Examples: ./snmpenum.pl 192.168.2.11 public windows.txt./snmpenum.pl 192.168.2.11 public windows.txt ./snmpenum.pl 192.168.2.11 public cisco.txt./snmpenum.pl 192.168.2.11 public cisco.txt ./snmpenum.pl 192.168.2.11 public linux.txt./snmpenum.pl 192.168.2.11 public linux.txt snmpenum is pre-installed in BackTrack 5. It is …

Enumeration, Network, Tools

NetBIOS name enumeration

We are going to use nbtscan tool to enumeratate NetBIOS names. NBTscan is a program for scanning IP networks for NetBIOS name information. It sends NetBIOS status query to each address in supplied range and lists received information in human readable form. To install it in Ubuntu: sudo apt-get install nbtscansudo apt-get install nbtscan How …