Wielowątkowy skrypt napisany w Perl, do wyliczania informacji DNS i wykrywania nieciągłości bloków IP.
root@kali:~# dnsenum -h
dnsenum VERSION:1.2.4
Usage: dnsenum [Options] <domain>
[Options]:
Note: the brute force -f switch is obligatory.
GENERAL OPTIONS:
--dnsserver <server>
Use this DNS server for A, NS and MX queries.
--enum Shortcut option equivalent to --threads 5 -s 15 -w.
-h, --help Print this help message.
--noreverse Skip the reverse lookup operations.
--nocolor Disable ANSIColor output.
--private Show and save private ips at the end of the file domain_ips.txt.
--subfile <file> Write all valid subdomains to this file.
-t, --timeout <value> The tcp and udp timeout values in seconds (default: 10s).
--threads <value> The number of threads that will perform different queries.
-v, --verbose Be verbose: show all the progress and all the error messages.
GOOGLE SCRAPING OPTIONS:
-p, --pages <value> The number of google search pages to process when scraping names,
the default is 5 pages, the -s switch must be specified.
-s, --scrap <value> The maximum number of subdomains that will be scraped from Google (default 15).
BRUTE FORCE OPTIONS:
-f, --file <file> Read subdomains from this file to perform brute force.
-u, --update <a|g|r|z>
Update the file specified with the -f switch with valid subdomains.
a (all) Update using all results.
g Update using only google scraping results.
r Update using only reverse lookup results.
z Update using only zonetransfer results.
-r, --recursion Recursion on subdomains, brute force all discovred subdomains that have an NS record.
WHOIS NETRANGE OPTIONS:
-d, --delay <value> The maximum value of seconds to wait between whois queries, the value is defined randomly, default: 3s.
-w, --whois Perform the whois queries on c class network ranges.
**Warning**: this can generate very large netranges and it will take lot of time to performe reverse lookups.
REVERSE LOOKUP OPTIONS:
-e, --exclude <regexp>
Exclude PTR records that match the regexp expression from reverse lookup results, useful on invalid hostnames.
OUTPUT OPTIONS:
-o --output <file> Output in XML format. Can be imported in MagicTree (www.gremwell.com)
Don’t do a reverse lookup (–noreverse) and save the output to a file (-o mydomain.xml) for the domain example.com:
przykład użycia:
┌──(kali㉿kali)-[~]
└─$ dnsenum --enum qrgo.pl
dnsenum VERSION:1.2.6
----- qrgo.pl -----
Host's addresses:
__________________
qrgo.pl. 80105 IN A 88.218.255.88
Name Servers:
______________
fns1.42.pl. 76233 IN A 79.98.145.34
fns2.42.pl. 78819 IN A 193.70.13.218
Mail (MX) Servers:
___________________
qrgo.pl. 80105 IN A 88.218.255.88
Trying Zone Transfers and getting Bind Versions:
_________________________________________________
Trying Zone Transfer for qrgo.pl on fns1.42.pl ...
qrgo.pl. 86400 IN SOA (
qrgo.pl. 86400 IN NS fns1.42.pl.
qrgo.pl. 86400 IN NS fns2.42.pl.
qrgo.pl. 86400 IN MX 0
qrgo.pl. 86400 IN A 88.218.255.88
about.qrgo.pl. 86400 IN A 195.78.66.4
aboutloadcounter.qrgo.pl. 86400 IN A 195.78.66.4
cov19.qrgo.pl. 86400 IN A 88.218.255.88
Trying Zone Transfer for qrgo.pl on fns2.42.pl ...
qrgo.pl. 86400 IN SOA (
qrgo.pl. 86400 IN A 88.218.255.88
qrgo.pl. 86400 IN MX 0
qrgo.pl. 86400 IN NS fns1.42.pl.
qrgo.pl. 86400 IN NS fns2.42.pl.
about.qrgo.pl. 86400 IN A 195.78.66.4
aboutloadcounter.qrgo.pl. 86400 IN A 195.78.66.4
api.qrgo.pl. 86400 IN CNAME qrgo.pl.
Scraping qrgo.pl subdomains from Google:
_________________________________________
---- Google search page: 1 ----
aboutloadcounter
aboutloadcounter
Google Results:
________________
Brute forcing with /usr/share/dnsenum/dns.txt:
_______________________________________________
Launching Whois Queries:
_________________________
whois ip result: 213.32.64.0 -> 213.32.0.0/17
whois ip result: 195.78.66.0 -> 195.78.66.0/23
whois ip result: 88.218.255.0 -> 88.218.255.0/24
qrgo.pl_______
88.218.255.0/24
195.78.66.0/23
213.32.0.0/17
Performing reverse lookup on 33536 ip addresses:
_________________________________________________
0 results out of 33536 IP addresses.
qrgo.pl ip blocks:
___________________
done.
zobacz: https://tools.kali.org/information-gathering/dnsenum