DNSRecon

DNSRecon umożliwia sprawdzenie rekordów NS stref, enumerację ogólnych rekordów DNS dla danej domeny (MX, SOA, NS, A, AAAA, SPF i TXT), enumeracje rekordów SRV oraz domeny najwyższego poziomu (TLD), sprawdzenie rozpoznawania symboli wieloznacznych, wyszukanie brute-force subdomen dla A i AAA, zgodnie z zadanym słownikiem, enumerację rekordów mDNS dla sieci lokalnej, oraz enumerację hostów i subdomen przy użyciu Google.

root@kali:~# dnsrecon -h
usage: dnsrecon.py [-h] [-d DOMAIN] [-n NS_SERVER] [-r RANGE] [-D DICTIONARY]
                   [-f] [-t TYPE] [-a] [-s] [-g] [-b] [-k] [-w] [-z]
                   [--threads THREADS] [--lifetime LIFETIME] [--tcp] [--db DB]
                   [-x XML] [-c CSV] [-j JSON] [--iw] [-v]

optional arguments:
  -h, --help            show this help message and exit
  -d DOMAIN, --domain DOMAIN
                        Target domain.
  -n NS_SERVER, --name_server NS_SERVER
                        Domain server to use. If none is given, the SOA of the
                        target will be used.
  -r RANGE, --range RANGE
                        IP range for reverse lookup brute force in formats
                        (first-last) or in (range/bitmask).
  -D DICTIONARY, --dictionary DICTIONARY
                        Dictionary file of subdomain and hostnames to use for
                        brute force. Filter out of brute force domain lookup,
                        records that resolve to the wildcard defined IP
                        address when saving records.
  -f                    Filter out of brute force domain lookup, records that
                        resolve to the wildcard defined IP address when saving
                        records.
  -t TYPE, --type TYPE  Type of enumeration to perform.
  -a                    Perform AXFR with standard enumeration.
  -s                    Perform a reverse lookup of IPv4 ranges in the SPF
                        record with standard enumeration.
  -g                    Perform Google enumeration with standard enumeration.
  -b                    Perform Bing enumeration with standard enumeration.
  -k                    Perform crt.sh enumeration with standard enumeration.
  -w                    Perform deep whois record analysis and reverse lookup
                        of IP ranges found through Whois when doing a standard
                        enumeration.
  -z                    Performs a DNSSEC zone walk with standard enumeration.
  --threads THREADS     Number of threads to use in reverse lookups, forward
                        lookups, brute force and SRV record enumeration.
  --lifetime LIFETIME   Time to wait for a server to response to a query.
  --tcp                 Use TCP protocol to make queries.
  --db DB               SQLite 3 file to save found records.
  -x XML, --xml XML     XML file to save found records.
  -c CSV, --csv CSV     Comma separated value file.
  -j JSON, --json JSON  JSON file.
  --iw                  Continue brute forcing a domain even if a wildcard
                        records are discovered.
  -v                    Enable verbose

W wersji występującej w kali-linux

zobacz: https://tools.kali.org/information-gathering/dnsrecon

Dodaj komentarz

Translate »