dnsenum
dnsenum Description
Dnsenum is a multithreaded perl script to enumerate DNS information of a domain and to discover non-contiguous ip blocks. The main purpose of Dnsenum is to gather as much information as possible about a domain. The program currently performs the following operations:
- Get the host's addresses (A record).
- Get the namservers (threaded).
- Get the MX record (threaded).
- Perform axfr queries on nameservers and get BIND versions(threaded).
- Get extra names and subdomains via google scraping (google query = "allinurl: -www site:domain").
- Brute force subdomains from file, can also perform recursion on subdomain that have NS records (all threaded).
- Calculate C class domain network ranges and perform whois queries on them (threaded).
- Perform reverse lookups on netranges (C class or/and whois netranges) (threaded).
- Write to domain_ips.txt file ip-blocks.
This program is useful for pentesters, ethical hackers and forensics experts. It also can be used for security tests.
Homepage: https://github.com/SparrowOchon/dnsenum2
Author: Filip Waeytens, tix tixxDZ
License: GPLv2
dnsenum Help
Usage:
dnsenum [Options] <domain>
Note: If no -f tag supplied will default to /usr/share/dnsenum/dns.txt or the dns.txt file in the same directory as dnsenum.pl.
Options:
GENERAL OPTIONS: --dnsserver <server> Use this DNS server for A, NS and MX queries. --enum Shortcut option equivalent to --threads 5 -s 15 -w. -h, --help Print this help message. --noreverse Skip the reverse lookup operations. --nocolor Disable ANSIColor output. --private Show and save private ips at the end of the file domain_ips.txt. --subfile <file> Write all valid subdomains to this file. -t, --timeout <value> The tcp and udp timeout values in seconds (default: 10s). --threads <value> The number of threads that will perform different queries. -v, --verbose Be verbose: show all the progress and all the error messages. GOOGLE SCRAPING OPTIONS: -p, --pages <value> The number of google search pages to process when scraping names, the default is 5 pages, the -s switch must be specified. -s, --scrap <value> The maximum number of subdomains that will be scraped from Google (default 15). BRUTE FORCE OPTIONS: -f, --file <file> Read subdomains from this file to perform brute force. (Takes priority over default dns.txt) -u, --update <a|g|r|z> Update the file specified with the -f switch with valid subdomains. a (all) Update using all results. g Update using only google scraping results. r Update using only reverse lookup results. z Update using only zonetransfer results. -r, --recursion Recursion on subdomains, brute force all discovered subdomains that have an NS record. WHOIS NETRANGE OPTIONS: -d, --delay <value> The maximum value of seconds to wait between whois queries, the value is defined randomly, default: 3s. -w, --whois Perform the whois queries on c class network ranges. **Warning**: this can generate very large netranges and it will take lot of time to perform reverse lookups. REVERSE LOOKUP OPTIONS: -e, --exclude <regexp> Exclude PTR records that match the regexp expression from reverse lookup results, useful on invalid hostnames. OUTPUT OPTIONS: -o --output <file> Output in XML format. Can be imported in MagicTree (www.gremwell.com)
dnsenum Usage Example
To enumerate DNS information of the domain (miloserdov.org) and to discover non-contiguous ip blocks:
dnsenum miloserdov.org
Don’t do a reverse lookup (–noreverse) and save the output to a file (-o mydomain.xml) for the domain example.com:
dnsenum --noreverse -o mydomain.xml example.com
How to install dnsenum
Installation on Kali Linux
The program is pre-installed on Kali Linux.
sudo apt install dnsenum
Installation on Debian, Linux Mint, Ubuntu
sudo apt install cpanminus git clone https://github.com/SparrowOchon/dnsenum2 cd dnsenum2 make sudo make install
Installation on BlackArch
The program is pre-installed on BlackArch.
sudo pacman -S dnsenum
dnsenum Screenshots
dnsenum Tutorials
Coming soon…
Related tools
- DNSRecon (92.3%)
- arp-scan (65.4%)
- Nmap (65.4%)
- NBTscan (65.4%)
- NetBIOS Share Scanner (65.4%)
- trackerjacker (RANDOM - 57.7%)
Comments are Closed