Enumerating DNS records with DNSenum Tool in Kali Linux

DNS stand for Domain Name System (or Service or Server), an Internet service that translates domain names into IP addresses. Because domain names are alphabetic, they’re easier to remember.

The Internet however, is really based on IP addresses. Every time you use a domain name, therefore, a DNS service must translate the name into the corresponding IP address.

For example, the domain name www.way2h.blogspot.com might translate to which is google DNS ip  this is my blog so the domain name was given by google and so this ip is google dns IP

One of the most important stages of an attack is information gathering. To be able to launch an attack, we need to gather basic information about our target. So, the more information we get, the higher is the probability of a successful attack.

Enumeration is a process that allows us to gather information from a network. We will examine DNS enumeration and SNMP enumeration techniques.

DNS enumeration is the process of locating all DNS servers and DNS entries for an organization. DNS enumeration will allow us to gather critical information about the organization such as usernames, computer names, IP addresses, and so on. To achieve this task, we will use DNSenum. For SNMP enumeration, we will use a tool called SnmpEnum. SnmpEnum is a powerful SNMP enumeration tool that allows users to analyze SNMP traffic on a network.

Navigate to Application > Kali Linux > Information Gathering > DNS Analysis > Open dnsenum

and enter the following command:

root@Kali:~# dnsenum – - enum example.com

It Will Show you Host address , Name Servers address , Mail (MX) Server and Zone Trabsfer Information.

If you want to More Powerful scan with Sub-domain, then use the following syntax.

root@Kali:~# dnsenum – - enum -f -r example.com

There are some additional options we can run using DNSenum:

- threads [number] allows you to set how many processes will run at once
-r allows you to enable recursive lookups
-d allows you to set the time delay in seconds between WHOIS requests
-o allows us to specify the output location
-w allows us to enable the WHOIS queries

Hope you enjoyed reading this tutorial! and remember this tut is only for educational purpose dont try to use again any restricted server  do it only if u awn the domain or u have rights to do so....   happy hacking hope u learn something if u have any question related to this then  do comment i will reply you :)  

Post a Comment