DNS Enumeration Script - DNSRecon


DNSRECON is a best Penetestration tool on Kali Linux for performing DNS Information gathering, we can gather almost each and every DNS information about our target using DNSRECON tool. We can perform different types of DNS enumerations using DNSRECON tool like standard enumeration, brute force enumeration, top level domain enumeration, Cache Snooping, DNS Zone walking etc.

There are a variety of tools available which will gather DNS info effectively however in this article we are going to focus on the DNSRecon that is a tool that was developed by carlos Perez and it is designed to perform DNS reconnaissance. This tool is included on backtrack and it is written in python.


This script provides the ability to perform :-

  • Check all NS Records for Zone Transfers.
  • Enumerate General DNS Records for a given Domain (MX, SOA, NS, A, AAAA, SPF and TXT).
  • Perform common SRV Record Enumeration.
  • Top Level Domain (TLD) growth.
  • Check for Wildcard Resolution.
  • Brute Force subdomain and host A and AAAA records given a site and a wordlist.
  • Perform a PTR Record search for a given IP vary or CIDR.
  • Check a DNS Server Cached records for A, AAAA and CNAME Records provided a listing of host.
  • Records in a text file to check.
  • Enumerate Common DNS records within the local Network.
  • Enumerate Hosts and Subdomains using Google.

Types of enumeration that performs include the following:

  • Zone Transfer
  • Reverse Lookup
  • Domain and Host Brute-Force
  • Standard Record Enumeration (wildcard,SOA,MX,A,TXT etc.)
  • Cache Snooping
  • Zone Walking

Zone Transfer

DNS zone transfer may be used to expose topology. Specifically when a user is attempting to perform a zone transfer, he sends a DNS query to list all DNS info like name servers, host names, mx and CNAME records, zone serial number, Time to measure records etc. depending on the size and the type of a network, this may present significant security problem.

The shear amount of information that can be obtained through DNS zone transfer is staggering. DNS zone transfers are now-days usually turned of by default and i would be surprised if you are find one. still, DNSRecon provides the ability to perform Zone Transfers with the commands :-

./dnsrecon.py -d www.example.com -a or

./dnsrecon.py -d www.example.com -t axfr


Reverse Lookup

DNSRecon can perform a reverse lookup for PTR (Pointer) records against IPv4 and IPv6 address ranges. To run reverse lookup enumeration use:

./dnsrecon.py -r 198.168.0.1 - 198.168.0.255(Start i.p - End i.p)


Also reverse lookup can be performed against all ranges in SPF records with the command.

/dnsrecon.py -d www.example.com -s.


Domain Brute-Force

For activity this method all we have to is to convey a name list and it will try to resolve the A,AAA and CNAME records against the domain by making an attempt every entry one by one. so as to run the domain name Brute-Force we need to type :-

./dnsrecon.py -d www.example.com -D namelist -t brt

As we can see we obtained A and CNAME records of the domain cnn.com and their IP addresses.


Standard Record Enumeration

In order to perform standard DNS enumeration with the DNSRecon we have to use the following syntax:

./dnsrecon.py -d www.example.com


Cache Snooping

DNS cache snooping is occurred once the DNS server has a specific DNS record cached. This DNS record can usually reveal many information. However DNS cache snooping is not happening very often. The command that can be used in order to perform cache snooping is that the following:

./dnsrecon.py -t snoop -n Sever -D dict


Zone Walking

This technique may unveils internal records if zone is not configured properly. The information that can be obtained can help us to map network hosts by enumerating the contents of a zone:

./dnsrecon.py -d host -t zonewalk


Lets start DNS Enumeration Script - DNSRecon

Step 1 : just type DnsRecon on the kali linux terminal.


DNS Enumeration Script - DNSRecon


Step 2 : Then Enter you Target Website that you want to do Subdomains Enumaration.

Here I have used "techtrick.in" for demo purpose.

dnsrecon -t std -d www.techtrick.in

DNS Enumeration Script - DNSRecon


I hope you enjoyed this article.


Sharing is caring

google
linkedin

About Author

Akash is a co-founder and an aspiring entrepreneur who keeps a close eye on open source, tech giants, and security. Get in touch with him by sending an email (akashchugh1994@gmail.com).


You may also like :-




Leave a Comment

Your email address will not be published. Required fields are marked *




Reader Comments [1]

Football Betting

I've been browsing on-line greater than three hours nowadays, yet I
never discovered any attention-grabbing article like yours.
It's pretty price enough for me. In my view,
if all website owners and bloggers made good content as you probably did,
the net will be much more useful than ever before.

14-Jul-2019

Reply

Popular Posts

Get Latest Stuff Through Email


Stay Connected

Who Should Read TechTrick?

All the tricks and tips that TechTrick provides only for educational purpose. If you choose to use the information in TechTrick to break into computer systems maliciously and without authorization, you are on your own. Neither I (TechTrick Admin) nor anyone else associated with TechTrick shall be liable. We are not responsibe for any issues that caused due to informations provided here. So, Try yourself and see the results. You are not losing anything by trying... We are humans, Mistakes are quite natural. Here on TechTrick also have many mistakes..