Categories: Information Gathering

Dnsenum – Tool for DNS enumeration to find DNS Servers

Dnsenum is a tool for DNS enumeration, which is the process of locating all DNS servers and DNS entries for an organization.

DNS enumeration will allow us to gather critical information about the organization such as usernames, computer names, IP addresses, and so on.

DNSENUM OPTIONS

--dnsserver     <server> Use this DNS server for A, NS and MX queries.

--enum          Shortcut option equivalent to --threads 5 -s 15 -w.

-h, --help      Print this help message.

--noreverse          Skip the reverse lookup operations.

--nocolor       Disable ANSIColor output.

--private       Show and save private ips at the end of the file domain_ips.txt.

--subfile <file>     Write all valid subdomains to this file.

-t, --timeout <value> The tcp and udp timeout values in seconds (default: 10s).

--threads <value>    The number of threads that will perform different queries.

-v, --verbose        Be verbose: show all the progress and all the error messages.

 

GOOGLE SCRAPING OPTIONS:

-p, --pages <value>  The number of google search pages to process when scraping names, the default is 5 pages, the -s switch must be specified.

-s, --scrap <value>  The maximum number of subdomains that will be scraped from Google (default 15).

 

BRUTE FORCE OPTIONS:

-f, --file <file>    Read subdomains from this file to perform brute force.

-u, --update    <a|g|r|z> Update the file specified with the -f switch with valid subdomains.


a (all)    Update using all results.
g          Update using only google scraping results.
r          Update using only reverse lookup results.
z          Update using only zonetransfer results.

-r, --recursion Recursion on subdomains, brute force all discovred subdomains that have an NS record.

WHOIS NETRANGE OPTIONS:

-d, --delay <value>  The maximum value of seconds to wait between whois queries, the value is defined randomly, default: 3s. 
-w, --whois          Perform the whois queries on c class network ranges.

REVERSE LOOKUP OPTIONS:

-e, --exclude   <regexp> Exclude PTR records that match the regexp expression from reverse lookup results, useful on invalid hostnames.

OUTPUT OPTIONS:

-o --output <file>   Output in XML format. Can be imported in MagicTree

DNSENUM Homepage: https://github.com/fwaeytens/dnsenum

Lab 1: Enumeration With Default Settings

When you run this command with options it automatically takes the defaults  –threads 5 –s 15 –w

Syntax : dnsenum -enum <url>
Command : dnsenum -enum google.com
Enumerated DNS Information from google.com

LAB 2: ENUMERATION OF SUBDOMAIN USING BRUTEFORCE AND FROM FILE

When you run this command, it with perform brute force search on subdomains along with the custom file passed as an attribute.

Syntax : dnsenum –f <file> -r <url>
Command : dnsenum –f subdomain.txt –r hacker.com
Finding Subdomains using a text file
Ravi Sankar

Recent Posts

Install Python 3.7 on Ubuntu 18.04: apt and Source Build Methods

Python 3.7 was a significant release for the language. It introduced data classes, a decorator that automatically…

14 hours ago

Install Odoo 13 on Ubuntu 18.04: Python Venv and Nginx Guide

Odoo is a popular open-source suite of business applications. A single platform covers CRM, e-commerce, accounting,…

14 hours ago

Secure Apache with Let’s Encrypt on Ubuntu 18.04: Free SSL Guide

Let's Encrypt is a free, automated certificate authority run by the Internet Security Research Group…

14 hours ago

Install GCC on Ubuntu 18.04: C and C++ Compiler Setup Guide

GCC (GNU Compiler Collection) is a set of compilers and development libraries for C, C++, Fortran,…

14 hours ago

Install Python 3.8 on Ubuntu 18.04: apt and Source Build Methods

Python is one of the most widely used programming languages in the world. Its clean, readable…

14 hours ago

Install Tomcat 9 on Ubuntu 18.04: Systemd Service Setup Guide

Apache Tomcat is an open-source Java application server that implements the Java Servlet, JavaServer Pages, and…

2 days ago