[BT5]信息收集1-1 Dnsenum
2012-09-27 14:30
134 查看
0.工具介绍
The purpose of Dnsenum is to gather as much information as possible about a domain. The program currently performs the following operations:1) Get the host's addresse (A record). 2) Get the namservers (threaded). 3) Get the MX record (threaded). 4) Perform axfr queries on nameservers and get BIND versions(threaded). 5) Get extra names and subdomains via google scraping (google query = "allinurl: -www site:domain"). 6) Brute force subdomains from file, can also perform recursion on subdomain that have NS records (all threaded). 7) Calculate C class domain network ranges and perform whois queries on them (threaded). 8) Perform reverse lookups on netranges ( C class or/and whois netranges) (threaded). 9) Write to domain_ips.txt file ip-blocks.
1.工具位置
命令行 root@bt:/pentest/enumeration/dns/dnsenum#dir查看目录,有dns-big.txt、dns.txt两个字典文件,README.txt使用说明和dnsenum.pl主脚本程序
图形界面 Applications --> BackTrack --> Information Gathering --> Network Analysis --> Dnsanalysis --> Dnsenum
2.工具参数
-f dns.txt 指定暴力破解文件,可替换为dns-big.txt-dnsserver 指定dns服务器
cisco.com 目标域名
-o cisco.xml 输出结果到cisco.xml
3.部分使用示例
root@bt:/pentest/enumeration/dns/dnsenum# ./dnsenum.pl cisco.com dnsenum.pl VERSION:1.2.2 ----- cisco.com ----- Host's addresses: __________________ cisco.com 83265 IN A 198.133.219.25 Name Servers: ______________ ns2.cisco.com 5263 IN A 64.102.255.44 ns1.cisco.com 600 IN A 72.163.5.201 Mail (MX) Servers: ___________________ ams-mx-01.cisco.com 38590 IN A 64.103.36.169 rtp-mx-01.cisco.com 38590 IN A 64.102.255.47 rcdn-mx-01.cisco.com 75891 IN A 72.163.7.166 alln-mx-01.cisco.com 64280 IN A 173.37.145.198 Trying Zone Transfers and getting Bind Versions: _________________________________________________ Trying Zone Transfer for cisco.com on ns2.cisco.com ... AXFR record query failed: NOERROR ns2.cisco.com Bind Version: Unavailable Trying Zone Transfer for cisco.com on ns1.cisco.com ... AXFR record query failed: NOERROR ns1.cisco.com Bind Version: Unavailable Wildcards detected, all subdomains will point to the same IP address, bye.
4.说明
直接用./dnsenum.pl cisco.com 检测默认dns服务器ip,也就是上面的ns1.cisco.com和ns2.cisco.com对应的IP。接下来会用到,比如说这里的72.163.5.201
这里是Zone Transfers的介绍,不难理解,本机上做这个肯定是失败
http://en.wikipedia.org/wiki/DNS_zone_transfer
5.完整使用示例
root@bt:/pentest/enumeration/dns/dnsenum# ./dnsenum.pl -f dns-big.txt -dnsserver 72.163.5.201 cisco.com -o cisco.xml注意:使用dns-big.txt字典估计耗时得3小时以上
相关文章推荐
- [BT5]信息收集1-1 Dnsenum
- [BT5]信息收集1-1 Dnsenum
- 小白日记3:kali渗透测试之被动信息收集(二)-dig、whios、dnsenum、fierce
- [BT5]信息收集1-2 Dnsmap
- BT5渗透之信息收集
- [BT5]信息收集1-2 Dnsmap
- dnsenum 域名信息收集工具
- [BT5]信息收集1-2 Dnsmap
- 信息收集之DNS信息收集 -- dnsenum
- sql和sybase系统表信息收集
- 小白日记6:kali渗透测试之被动信息收集(五)-Recon-ng
- Kail安装docker和intrigue-core用于信息收集
- 渗透测试 | 信息收集 | 2-主动信息收集
- 进程相关信息收集及分析
- 6.2.3 收集执行计划统计信息
- shell自动收集服务器硬件系统信息通过web页面显示
- 转 :Oracle 数据库信息收集工具RDA使用指南 Oracle 数据库信息收集工具RDA使用指南
- sql语句收集之二(将表中各个不同的类的信息各提取N条(以ID desc)组成新表)
- 自动收集和手工收集统计数据信息讲解