dnsenum

Wielowątkowy skrypt napisany w Perl, do wyliczania informacji DNS i wykrywania nieciągłości bloków IP.

root@kali:~# dnsenum -h
dnsenum VERSION:1.2.4
Usage: dnsenum [Options] <domain>
[Options]:
Note: the brute force -f switch is obligatory.
GENERAL OPTIONS:
  --dnsserver   <server>
            Use this DNS server for A, NS and MX queries.
  --enum        Shortcut option equivalent to --threads 5 -s 15 -w.
  -h, --help        Print this help message.
  --noreverse       Skip the reverse lookup operations.
  --nocolor     Disable ANSIColor output.
  --private     Show and save private ips at the end of the file domain_ips.txt.
  --subfile <file>  Write all valid subdomains to this file.
  -t, --timeout <value> The tcp and udp timeout values in seconds (default: 10s).
  --threads <value> The number of threads that will perform different queries.
  -v, --verbose     Be verbose: show all the progress and all the error messages.
GOOGLE SCRAPING OPTIONS:
  -p, --pages <value>   The number of google search pages to process when scraping names,
            the default is 5 pages, the -s switch must be specified.
  -s, --scrap <value>   The maximum number of subdomains that will be scraped from Google (default 15).
BRUTE FORCE OPTIONS:
  -f, --file <file> Read subdomains from this file to perform brute force.
  -u, --update  <a|g|r|z>
            Update the file specified with the -f switch with valid subdomains.
    a (all)     Update using all results.
    g       Update using only google scraping results.
    r       Update using only reverse lookup results.
    z       Update using only zonetransfer results.
  -r, --recursion   Recursion on subdomains, brute force all discovred subdomains that have an NS record.
WHOIS NETRANGE OPTIONS:
  -d, --delay <value>   The maximum value of seconds to wait between whois queries, the value is defined randomly, default: 3s.
  -w, --whois       Perform the whois queries on c class network ranges.
             **Warning**: this can generate very large netranges and it will take lot of time to performe reverse lookups.
REVERSE LOOKUP OPTIONS:
  -e, --exclude <regexp>
            Exclude PTR records that match the regexp expression from reverse lookup results, useful on invalid hostnames.
OUTPUT OPTIONS:
  -o --output <file>    Output in XML format. Can be imported in MagicTree (www.gremwell.com)
  
  Don’t do a reverse lookup (–noreverse) and save the output to a file (-o mydomain.xml) for the domain example.com:

przykład użycia:

┌──(kali㉿kali)-[~]
└─$ dnsenum --enum qrgo.pl             

dnsenum VERSION:1.2.6

-----   qrgo.pl   -----                                                    
                                                                           
                                                                           
Host's addresses:                                                          
__________________                                                         
                                                                           
qrgo.pl.                                 80105    IN    A        88.218.255.88

                                                                           
Name Servers:                                                              
______________                                                             
                                                                           
fns1.42.pl.                              76233    IN    A        79.98.145.34
fns2.42.pl.                              78819    IN    A        193.70.13.218

                                                                           
Mail (MX) Servers:                                                         
___________________                                                        
                                                                           
qrgo.pl.                                 80105    IN    A        88.218.255.88

                                                                           
Trying Zone Transfers and getting Bind Versions:                           
_________________________________________________                          
                                                                           
                                                                           
Trying Zone Transfer for qrgo.pl on fns1.42.pl ... 
qrgo.pl.                                 86400    IN    SOA               (
qrgo.pl.                                 86400    IN    NS       fns1.42.pl.
qrgo.pl.                                 86400    IN    NS       fns2.42.pl.
qrgo.pl.                                 86400    IN    MX                0
qrgo.pl.                                 86400    IN    A        88.218.255.88
about.qrgo.pl.                           86400    IN    A        195.78.66.4
aboutloadcounter.qrgo.pl.                86400    IN    A        195.78.66.4
cov19.qrgo.pl.                           86400    IN    A        88.218.255.88

Trying Zone Transfer for qrgo.pl on fns2.42.pl ... 
qrgo.pl.                                 86400    IN    SOA               (
qrgo.pl.                                 86400    IN    A        88.218.255.88
qrgo.pl.                                 86400    IN    MX                0
qrgo.pl.                                 86400    IN    NS       fns1.42.pl.
qrgo.pl.                                 86400    IN    NS       fns2.42.pl.
about.qrgo.pl.                           86400    IN    A        195.78.66.4
aboutloadcounter.qrgo.pl.                86400    IN    A        195.78.66.4
api.qrgo.pl.                             86400    IN    CNAME      qrgo.pl.

                                                                           
Scraping qrgo.pl subdomains from Google:                                   
_________________________________________                                  
                                                                           
                                                                           
 ----   Google search page: 1   ---- 

  aboutloadcounter
  aboutloadcounter

                                                                           
Google Results:                                                            
________________                                                           
                                                                           
                                                                           
                                                                           
Brute forcing with /usr/share/dnsenum/dns.txt:                             
_______________________________________________                            
                                                                           
                                                                           
                                                                           
Launching Whois Queries:                                                   
_________________________                                                  
                                                                           
 whois ip result:   213.32.64.0        ->      213.32.0.0/17               
 whois ip result:   195.78.66.0        ->      195.78.66.0/23
 whois ip result:   88.218.255.0       ->      88.218.255.0/24

                                                                           
qrgo.pl_______                                                             
                                                                           
 88.218.255.0/24                                                           
 195.78.66.0/23
 213.32.0.0/17

                                                                           
Performing reverse lookup on 33536 ip addresses:                           
_________________________________________________ 

0 results out of 33536 IP addresses.


qrgo.pl ip blocks:
___________________

done.

zobacz: https://tools.kali.org/information-gathering/dnsenum

Dodaj komentarz

Translate »