DNS stand for Domain Name System (or Service or Server), an Internet service that translates domain names into IP addresses. Because domain names are alphabetic, they’re easier to remember. The Internet however, is really based on IP addresses. Every time you use a domain name, therefore, a DNS service must translate the name into the corresponding IP address. For example, the domain name www.google.com might translate to 198.xxx.xxx.xxx.
One of the most important stages of an attack is information gathering. To be able to launch an attack, we need to gather basic information about our target. So, the more information we get, the higher the probability of a successful attack.
Enumeration is a process that allows us to gather information from a network. We will examine DNS enumeration and SNMP enumeration techniques.
DNS enumeration is the process of locating all DNS servers and DNS entries for an organization. DNS enumeration will allow us to gather critical information about the organization such as usernames, computer names, IP addresses, and so on. To achieve this task, we will use DNSenum. For SNMP enumeration, we will use a tool called SnmpEnum. SnmpEnum is a powerful SNMP enumeration tool that allows users to analyze SNMP traffic on a network.
Navigate to Application > Kali Linux > Information Gathering > DNS Analysis > Open dnsenum .
and enter the following command
root@Kali:~# dnsenum – - enum example.com
It Will Show you Host address , Name Servers address , Mail ( MX) Server and Zone Trabsfer Information.
If you want to More Powerful scan with Sub-domain, then use the following syntax.
root@Kali:~# dnsenum – - enum -f -r example.com
There are some additional options we can run using DNSenum and they include
- — threads [number] allows you to set how many processes will run at once
- -r allows you to enable recursive lookups
- -d allows you to set the time delay in seconds between WHOIS requests
- -o allows us to specify the output location
- -w allows us to enable the WHOIS queries