Information gathering is generally a first step of ethical hacking/penetration testing, you need to get the maximum information about the victim because information is a key of success. As discussed before about information gathering in detail with different tools and technique like maltego and for DNS information gathering we have discussed DNSmap.
Information is weapon so in this article i will explain you how to get a information from DNS.
For this purpose i will use DNSenum, it is available on backtrack5 if you are using some other distribution and version than you can install it because it need only a perl, this may be a active perl or strawberry perl, you can run dnsenum on windows too. You can get the following information by using DNSenum.
- Host address
- Name server
- MX record
- Sub domains
- Whois performance
- Reverse lookup for netblocks
- Use google to do the job done
DNSenum is a very important tool to perform a quick enumeration step on penetration testing.
By looking the options you can realize that the script has no many options and choices to use. It is very difficult to explain all options but i will try my best to explain most important options. Well the simple scan can start by just typing,
[email protected]:/pentest/enumeration/dns/dnsenum# ./dnsenum.pl website.com
[email protected]:/pentest/enumeration/dns/dnsenum# ./dnsenum.pl ehacking.net
For a powerful scan use,
[email protected]:/pentest/enumeration/dns/dnsenum# ./dnsenum.pl –enum google.com
For more power scan with sub domains
[email protected]:/pentest/enumeration/dns/dnsenum# ./dnsenum.pl –enum -f -r google.com
I hope you are enjoying by using DNSenum.