DNS enumeration is the process of discovering all the DNS records associated with a particular domain or hostname. The purpose of DNS enumeration is to gather information about the target system that can be used in a variety of ways, including reconnaissance, vulnerability assessment, and penetration testing.
There are various tools and techniques that can be used for DNS enumeration, including:
- DNS zone transfer: This technique involves requesting a copy of the DNS zone file from the target DNS server. This can be done using tools like Dig or NSLookup.
- Reverse DNS lookup: This technique involves looking up the hostname associated with a particular IP address. This can be done using tools like Dig or NSLookup.
- Brute-force DNS enumeration: This technique involves guessing subdomains or hostnames associated with the target domain. This can be done using tools like Fierce, Sublist3r, or Knock.
- Google Hacking: This technique involves using Google search operators to find DNS records related to the target domain. This can be done using the Google search engine.
DNS enumeration can reveal valuable information about the target system, such as IP addresses, hostnames, and mail servers. This information can be used to map out the target network and identify potential vulnerabilities. However, it is important to note that DNS enumeration can also be used for malicious purposes, so it should only be done with proper authorization and in a responsible manner.
Dnsenum is a popular open-source tool used for DNS enumeration. It is a command-line tool that can be used to gather information about DNS records associated with a particular domain or hostname. The tool uses a variety of techniques, including zone transfers, brute-force, and reverse DNS lookups to enumerate DNS records.
Here are some of the features of Dnsenum:
- Zone transfers: Dnsenum can perform a DNS zone transfer to gather all the DNS records associated with the target domain. This is done by requesting a copy of the DNS zone file from the target DNS server.
- Brute-force: Dnsenum can perform a brute-force DNS enumeration to guess subdomains or hostnames associated with the target domain. It can use a wordlist or dictionary to generate possible domain names.
- Reverse DNS lookup: Dnsenum can perform a reverse DNS lookup to find the hostname associated with a particular IP address.
- Output formats: Dnsenum can output the results of the DNS enumeration in different formats, including plain text, CSV, XML, and HTML.
Dnsenum is a powerful tool that can be used for DNS reconnaissance and information gathering. However, it should be used responsibly and only with proper authorization. It is also important to note that some DNS servers may be configured to block zone transfers, so this technique may not always be effective.
Enumeration With Default Settings
When you run the following command with options, it automatically takes the default values i.e. -threads 5 -s 15 -w
Command: dnsenum -enum <example.com>
Enumeration of Sub-domain using Brute force (Custom File)
You can create a custom wordlist or dictionary file by adding domain names or keywords related to the target domain. For example, if the target domain is facebook.com, you can create a wordlist that includes keywords like “dev”, “prod”, “up”, “ctscan” and so on.
When you run the below command, it performs brute force search on subdomains along with the custom file passed (file.txt) as an attribute.
Command: dnsenum -f <file.txt> -r <example.com>
Once the tool has finished running, you can analyze the results. The output section (Brute forcing with file.txt) will contain a list of subdomains that were discovered during the enumeration process.
You may also read:
- How To Reload Your Logstash Configuration File Automatically
- [Kali Linux] Live Host Identification with Netdiscover
- SSH Enumeration and Penetration Testing – A Brief Guide
- How to Install Winlogbeat in Windows OS
- [Tutorial] How to Install MobSF on Kali Linux 2022.1
- How To Install Jenkins on Ubuntu Machine
- [Tutorial] How To Install Webmin in Ubuntu
- How to Install Apache Tomcat on Ubuntu Machine
- A Step-by-Step Guide to Installing the LAMP Stack on Ubuntu
- Find OS Version with 5 Different Methods in Windows PowerShell
- [Linux] MySQL: The Easy Way to Check Your Version
- How To Install Remmina in Ubuntu – A Remote Desktop Client
- Creating New Files and Directories Using Windows PowerShell New-Item CMDLET
- 18 Most Frequently Used Commands in Linux
- How to Install Apache Cassandra in Ubuntu