Enumerating DNS records with DNSenum Tool in Kali Linux
DNS
stand for Domain Name System (or Service or Server), an Internet service
that translates domain names into IP addresses. Because domain names
are alphabetic, they’re easier to remember.
The Internet however, is
really based on IP addresses. Every time you use a domain name,
therefore, a DNS service must translate the name into the corresponding
IP address.
For example, the domain name
www.way2h.blogspot.com might translate to 74.125.236.67 which is google DNS ip this is my blog so the domain name was given by google and so this ip is google dns IP
One of the most important stages of an attack is information gathering.
To be able to launch an attack, we need to gather basic information
about our target. So, the more information we get, the higher is the
probability of a successful attack.
Enumeration is a process that
allows us to gather information from a network. We will examine DNS
enumeration and SNMP enumeration techniques.
DNS enumeration is
the process of locating all DNS servers and DNS entries for an
organization. DNS enumeration will allow us to gather critical
information about the organization such as usernames, computer names, IP
addresses, and so on. To achieve this task, we will use DNSenum. For
SNMP enumeration, we will use a tool called SnmpEnum. SnmpEnum is a
powerful SNMP enumeration tool that allows users to analyze SNMP traffic
on a network.
Navigate to Application > Kali Linux > Information Gathering > DNS Analysis > Open dnsenum
and enter the following command:
root@Kali:~# dnsenum – - enum example.com
It Will Show you Host address , Name Servers address , Mail (MX) Server and Zone Trabsfer Information.
If you want to More Powerful scan with Sub-domain, then use the following syntax.
root@Kali:~# dnsenum – - enum -f -r example.com
There are some additional options we can run using DNSenum:
- threads [number] allows you to set how many processes will run at once
-r allows you to enable recursive lookups
-d allows you to set the time delay in seconds between WHOIS requests
-o allows us to specify the output location
-w allows us to enable the WHOIS queries
Hope you enjoyed reading this tutorial! and remember this tut is only for educational purpose dont try to use again any restricted server do it only if u awn the domain or u have rights to do so.... happy hacking hope u learn something if u have any question related to this then do comment i will reply you :)