Saturday, March 29, 2014

Information Gathering With dnsrecon Kali Linux


 
dnsrecon is a tool for enumeration, coded in python.
Features of dnsrecon:-
1.    You can brute force Sub Domains by inbuilt wordlist or by your own wordlist.
2.    You can enumerate general record types, like  SOA, NS, A, AAAA, MX and SRV.
3.    You can Reverse Look Up a given CIDR IP range.
4.    You can test all NS Servers in a domain for misconfigured zone transfers.
5.    You can also search Sub domains through Google query.
6.    You can enumerate Top Level Domains.
In this tutorial we will only discuss:-
1.    std:- To enumerate general records types.
2.    srv:- To Enumerate records.
3.    axfr:- Test all NS Servers in a domain for misconfigured zone transfer.
4.    goo:- Search Sub Domains from Google.
5.    tld:- Enumerate Top Level Domains.

So Lets begin:-
·      Open dnsrecon through Kali Linux >> Information Gathering >>  Dns Analysis >> dnsrecon
 1)  For std, type: nsrecon -t std -d youtube.com
[*] Performing General Enumeration of Domain:
[-] DNSSEC is not configured for youtube.com
[*]         SOA ns1.google.com 216.239.32.10
[*]         NS ns1.google.com 216.239.32.10
[*]         NS ns2.google.com 216.239.34.10
[*]         NS ns4.google.com 216.239.38.10
[*]         NS ns3.google.com 216.239.36.10
[*]         MX aspmx.l.google.com 173.194.79.26
[*]         MX alt1.aspmx.l.google.com 74.125.193.27
[*]         MX alt2.aspmx.l.google.com 74.125.196.27
[*]         MX alt3.aspmx.l.google.com 74.125.29.26
[*]         MX alt4.aspmx.l.google.com 74.125.131.26
[*]         MX aspmx.l.google.com 2607:f8b0:400e:c02::1b

2) For srv, type: dnsrecon -t srv -d gmail.com
[*] Enumerating Common SRV Records against gmail.com
[*]         SRV _jabber._tcp.gmail.com alt3.xmpp-server.l.google.com 74.125.142.125 5269 0
[*]         SRV _jabber._tcp.gmail.com alt4.xmpp-server.l.google.com 74.125.139.125 5269 0
[*]         SRV _jabber._tcp.gmail.com xmpp-server.l.google.com 74.125.135.125 5269 0
[*]         SRV _jabber._tcp.gmail.com alt1.xmpp-server.l.google.com 173.194.72.125 5269 0
[*]         SRV _jabber._tcp.gmail.com alt2.xmpp-server.l.google.com 173.194.79.125 5269 0

3) For axfr, type:-dnsrecon -t axfr -d innobuzz.in
[*] Testing NS Servers for Zone Transfer
[*] Checking for Zone Transfer for innobuzz.in name servers
[*] Resolving SOA Record
[*]         SOA ns1.vidya2.com 66.232.121.90
[*] Resolving NS Records
[*] NS Servers found:
[*]        NS ns1.vidya2.com 66.232.121.90
[*]        NS ns2.vidya2.com 66.232.121.90
[*] Removing any duplicate NS server IP Addresses...
[*] 
[*] Trying NS server 66.232.121.90
[*] 66.232.121.90 Has port 53 TCP Open
[-] Zone Transfer Failed!

4) For goo, type:dnsrecon -t goo -d innobuzz.in
[*] Performing Google Search Enumeration against innobuzz.in
[*]         CNAME www.innobuzz.in innobuzz.in
[*]         A innobuzz.in 66.232.121.90
[*]         A cloud.innobuzz.in 66.232.121.90
[*] 3 Records Found

5) For tld, type: dnsrecon -t tld -d innobuzz.in
[*] Performing TLD Brute force Enumeration against innobuzz.in
[*] The operation could take up to: 00:01:06
[*]         A innobuzz.com.ba 195.222.33.180
[*]         CNAME innobuzz.com.be gee2eit7.dsgeneration.com
[*]         A gee2eit7.dsgeneration.com 208.73.210.128
[*]         A innobuzz.biz.cc 82.98.86.171
[*]         A innobuzz.com.cm 85.25.140.105
[*]         A innobuzz.co.cm 85.25.140.105
[*]         A innobuzz.com.com 208.73.211.69
[*]         A innobuzz.net.cm 85.25.140.105
[*]         A innobuzz.biz.cm 77.92.82.89
[*]         A innobuzz.org.com 23.21.224.150
[*]         A innobuzz.biz.cx 188.138.91.237
[*]         A innobuzz.biz.cz 62.116.143.26
[*]         A innobuzz.com.cz 62.109.128.30
[*]         AAAA innobuzz.de 2a00:1158:0:300:455b::1

Points to be noted:-
·      -d is used for denoting domain.
·      -t is used to specify, which type of enumerations you want to use.

No comments:

Post a Comment

Contact Form

Name

Email *

Message *