Again once more with extra DNS enumeration instruments. This one has been round for fairly a while and is utilized by penetration testers throughout the globe. DNSEnum is a device used to brute pressure subdomains on a DNS server. It’s a multithreaded perl script that collects A data and queries Google or a wordlist to find subdomains. Many instruments can be utilized to do that like a brief bash script however DNSEnum comes outfitted with many different modules that may help in its foremost objective, to get as a lot information as doable from a site.
DNSEnum operates through the use of the next operations:
- Get the host’s addresses (A report).
- Get the namservers (threaded).
- Get the MX report (threaded).
- Carry out axfr queries on nameservers and get BIND variations(threaded).
- Get additional names and subdomains through google scraping (google question = “allinurl: -www web site:area”).
- Brute pressure subdomains from file, may also carry out recursion on subdomain which have NS data (all threaded).
- Calculate C class area community ranges and carry out whois queries on them (threaded).
- Carry out reverse lookups on netranges (C class or/and whois netranges) (threaded).
- Write to domain_ips.txt file ip-blocks.
For additional particulars and set up directions take a look at the mission on Github right here
Conclusion
For a walkthrough on the best way to use this device in an energetic atmosphere take a look at this room on HackTheBox . As typically as i’ve used this device I’ve to provide this one a 5/5 ranking. Nothing I can consider to make this device higher particularly since you may simply add additional perl modules simply by operating the command within the downloaded DNSEnum folder. Nice work guys!
Need to study extra about moral hacking?
We’ve got a networking hacking course that’s of an identical degree to OSCP, get an unique low cost right here
Assist assist LHN by shopping for a T-shirt or a mug?
Take a look at our choice right here
Have you learnt of one other GitHub associated hacking device?
Get in contact with us through the contact kind if you want us to have a look at another GitHub moral hacking instruments.