Dnsenum is a perl script that can give us some informations about a server.
The program currently performs the following operations:
1) Get the host's addresse (A record).
2) Get the namservers (threaded).
3) Get the MX record (threaded).
4) Perform axfr queries on nameservers and get BIND versions(threaded).
5) Get extra names and subdomains via google scraping (google query = "allinurl: -www site:domain").
6) Brute force subdomains from file, can also perform recursion on subdomain that have NS records (all threaded).
7) Calculate C class domain network ranges and perform whois queries on them (threaded).
8) Perform reverse lookups on netranges ( C class or/and whois netranges) (threaded).
9) Write to domain_ips.txt file ip-blocks.
You can download the lastest version of dnsenum from here
Now we need perl and Net/IP.pm , we can install Net/IP typing :
cpan -i NetAddr::IP
For more info about dnsenum typing : ./dnsenum -h
Syntax : ./dnsenum.pl [options] site
Options:
--dnsserver server : Use this DNS server for A, NS and MX queries.
--noreverse : Skip the reverse lookup operations.
--private : Show and save private ips at the end of the file domain_ips.txt.
--subfile file : Write all valid subdomains to this file.
-t value : The tcp and udp timeout values in seconds (default: 10s)
--threads value : The number of threads
-v : Be verbose: show all the progress and all the error messages.
-p value : Number of google search pages to process when scraping names (default 20)
-s value : The maximum number of subdomains that will be scraped from Google.
-f file : Read subdomains from this file to perform brute force.
-u a|g|r|z : Update the file specified with -f
a Update using all results.
g Update using only google scraping results.
r Update using only reverse lookup results.
z Update using only zonetransfer results.
-r : Recursion on subdomains, brute force all discovred subdomains that have an NS record.
-d value : maximum value of seconds to wait between whois queries, the value is defined randomly (default 3s)
-w : Perform the whois queries on c class network ranges.
-o file : Output in XML format.
Example :
./dnsenum.pl -s 100 --threads 5 -d 5 www.site.com
Ma of subdomains = 100
Number of threads = 5
Max value seconds to wait = 5
Target = www.site.com
./dnsenum.pl -s 100 -p 5 -o /home/HackForLulz/scan/dns www.site.com
Max of subdomains = 100
Max of google pages = 5
Oputput file = /home/HackForLulz/scan/dns
If you have any problem or if you need some explanations just write under this post!
No comments:
Post a Comment