神刀安全网

DNSRecon – DNS Enumeration Script

DNSRecon is a Python based DNS enumeration script designed to help you audit your DNS security and configuration as part of information gathering stage of a pen-test. DNS reconnaissance is an important step when mapping out domain resources, sub-domains, e-mail servers and so on and can often lead to you finding an old DNS entry pointing to an unmaintained, insecure server.

DNSRecon – DNS Enumeration Script

It’s also considered passive information gathering, as it’s a way to gather a map of company/target resources without alerting IDS/IPS systems by doing active probes/scans.

Features

DNSRecon provides the ability to perform:

  • Check all NS Records for Zone Transfers
  • Enumerate General DNS Records for a given Domain (MX, SOA, NS, A, AAAA, SPF and TXT)
  • Perform common SRV Record Enumeration. Top Level Domain (TLD) Expansion
  • Check for Wildcard Resolution
  • Brute Force subdomain and host A and AAAA records given a domain and a wordlist
  • Perform a PTR Record lookup for a given IP Range or CIDR
  • Check a DNS Server Cached records for A, AAAA and CNAME Records provided a list of host records in a text file to check
  • Enumerate Common mDNS records in the Local Network Enumerate Hosts and Subdomains using Google

Usage

root@box:~# dnsrecon -h Usage: dnsrecon.py   Options: -h, --helpShowthis helpmessageand exit -d, --domainDomainto Targetfor enumeration. -r, --rangeIPRangefor reverselook-upbruteforcein formats (first-last) or in (range/bitmask). -n, --name_serverDomainserverto use, if noneis giventheSOAofthe targetwillbeused -D, --dictionaryDictionaryfileofsub-domainand hostnamesto use for bruteforce. -f FilteroutofBruteForceDomainlookuprecordsthatresolveto thewildcarddefinedIPAddresswhensavingrecords. -t, --typeSpecifythetypeofenumerationto perform: stdTo Enumerategeneralrecordtypes, enumerates. SOA, NS, A, AAAA, MXand SRVif AXRFonthe NSServersfail.   rvlTo ReverseLookUp a givenCIDRIPrange.   brtTo BruteforceDomainsand Hostsusing a given dictionary.   srvTo EnumeratecommonSRVRecordsfor a given   domain.   axfrTestallNSServersin a domainfor misconfigured zonetransfers.   gooPerformGooglesearchfor sub-domainsand hosts.   snoopTo Perform a CacheSnoopingagainstallNS serversfor a givendomain, testingallwith filecontainingthedomains, filegivenwith -D option.   tldWillremovetheTLDofgivendomainand testagainst allTLD's registeredin IANA   zonewalkWillperform a DNSSECZoneWalkusingNSECRecords.   -a PerformAXFRwiththestandardenumeration. -s PerformReverseLook-upofipv4rangesin theSPFRecordofthe targeteddomainwiththestandardenumeration. -g PerformGoogleenumerationwiththestandardenumeration. -w Do deepwhoisrecordanalysisand reverselook-upofIP rangesfoundthruwhoiswhendoingstandardquery. -z Performs a DNSSECZoneWalkwiththestandardenumeration. --threadsNumberofthreadsto use in RangeReverseLook-up, Forward Look-upBruteforceand SRVRecordEnumeration --lifetimeTimeto waitfor a serverto responseto a query. --dbSQLite 3 fileto savefoundrecords. --xmlXMLFileto savefoundrecords. --iwContinuabruteforcing a domainevenif a wildcardrecordresolutionis discovered. -c, --csvCommaseparatedvaluefile. -v Showattemptsin thebruteforcemodes. 

You can download DNSRecon here:

dnsrecon-v0.8.9.zip

Or read more here .

转载本站任何文章请注明:转载至神刀安全网,谢谢神刀安全网 » DNSRecon – DNS Enumeration Script

分享到:更多 ()

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址
分享按钮