DNS Enumeration Script - DNSRecon

DNSRECON is a best Penetestration tool on Kali Linux for performing DNS Information gathering, we can gather almost each and every DNS information about our target using DNSRECON tool. We can perform different types of DNS enumerations using DNSRECON tool like standard enumeration, brute force enumeration, top level domain enumeration, Cache Snooping, DNS Zone walking etc.

There are a variety of tools available which will gather DNS info effectively however in this article we are going to focus on the DNSRecon that is a tool that was developed by carlos Perez and it is designed to perform DNS reconnaissance. This tool is included on backtrack and it is written in python.

This script provides the ability to perform :-

• Check all NS Records for Zone Transfers.
• Enumerate General DNS Records for a given Domain (MX, SOA, NS, A, AAAA, SPF and TXT).
• Perform common SRV Record Enumeration.
• Top Level Domain (TLD) growth.
• Check for Wildcard Resolution.
• Brute Force subdomain and host A and AAAA records given a site and a wordlist.
• Perform a PTR Record search for a given IP vary or CIDR.
• Check a DNS Server Cached records for A, AAAA and CNAME Records provided a listing of host.
• Records in a text file to check.
• Enumerate Common DNS records within the local Network.
• Enumerate Hosts and Subdomains using Google.

Types of enumeration that performs include the following:

• Zone Transfer
• Reverse Lookup
• Domain and Host Brute-Force
• Standard Record Enumeration (wildcard,SOA,MX,A,TXT etc.)
• Cache Snooping
• Zone Walking

Zone Transfer

DNS zone transfer may be used to expose topology. Specifically when a user is attempting to perform a zone transfer, he sends a DNS query to list all DNS info like name servers, host names, mx and CNAME records, zone serial number, Time to measure records etc. depending on the size and the type of a network, this may present significant security problem.

The shear amount of information that can be obtained through DNS zone transfer is staggering. DNS zone transfers are now-days usually turned of by default and i would be surprised if you are find one. still, DNSRecon provides the ability to perform Zone Transfers with the commands :-

./dnsrecon.py -d www.example.com -a or

./dnsrecon.py -d www.example.com -t axfr

Reverse Lookup

DNSRecon can perform a reverse lookup for PTR (Pointer) records against IPv4 and IPv6 address ranges. To run reverse lookup enumeration use:

./dnsrecon.py -r 198.168.0.1 - 198.168.0.255(Start i.p - End i.p)

Also reverse lookup can be performed against all ranges in SPF records with the command.

/dnsrecon.py -d www.example.com -s.

Domain Brute-Force

For activity this method all we have to is to convey a name list and it will try to resolve the A,AAA and CNAME records against the domain by making an attempt every entry one by one. so as to run the domain name Brute-Force we need to type :-

./dnsrecon.py -d www.example.com -D namelist -t brt

As we can see we obtained A and CNAME records of the domain cnn.com and their IP addresses.

Standard Record Enumeration

In order to perform standard DNS enumeration with the DNSRecon we have to use the following syntax:

./dnsrecon.py -d www.example.com

Cache Snooping

DNS cache snooping is occurred once the DNS server has a specific DNS record cached. This DNS record can usually reveal many information. However DNS cache snooping is not happening very often. The command that can be used in order to perform cache snooping is that the following:

./dnsrecon.py -t snoop -n Sever -D dict

Zone Walking

This technique may unveils internal records if zone is not configured properly. The information that can be obtained can help us to map network hosts by enumerating the contents of a zone:

./dnsrecon.py -d host -t zonewalk

Lets start DNS Enumeration Script - DNSRecon

Step 1 : just type DnsRecon on the kali linux terminal.

Step 2 : Then Enter you Target Website that you want to do Subdomains Enumaration.

Here I have used "techtrick.in" for demo purpose.

dnsrecon -t std -d www.techtrick.in

I hope you enjoyed this article.