5 Minutes Short Tutorial - DNS Enumeration
Domain Name System (DNS) is a protocol that helps resolve URLs into IP addresses. DNS servers are the machines that resolve easily remember URLs into IP addresses.
What is DNS enumeration?
DNS enumeration is a method of identifying information on all DNS components in a target.
Why is DNS Enumeration Important?
DNS enumeration help in identifying usernames, DNS record names, DNS domain names, and IP addresses of a target. This will enable hackers to increase the attack surface of the target.
Tools Used
Different tools are required for DNS enumeration. Some tools are web-based and some are web-based. Below is the list of tools for the enumeration of DNS information of the target system.
(1) Google
Familiar but very effective tool to identify subdomains. This is the most legal way that you can use to find more assets of the target.
The first Google dork that may be used is inurl:google.com
Click Here to check more search tips on Google
(2) nslookup
nslookup is a command line utility it can be used to identify DNS infrastructure.
nslookup
set type=any
ls -d <domain-name>
(3) Nmap
Nmap is a port scanner used to identify open ports. Click Here for Nmap Cheatsheet
nmap -sC -sV -p53 192.168.x.0/24
(4) dig
dig is a command line tool for querying DNS servers.
dig axfr <url> @<ip>
Click Here for more example for Top 12 Examples of Linux dig Command
(5) Fierce
Reconnaissance tool that quickly scans the target domain for DNS-related vulnerabilities.
fierce -dns <url>
(6) AltDNS
Useful in identifying subdomains through alteration and permutation.
git clone https://github.com/infosec-au/altdns.git
cd altdns
pip install -r requirements.txt
(7) DNSenum
DNSenum is Perl script identifying the DNS information of the target.
dnsenum --
noreverse example.com
(8) DNSrecon
Reconnaissance tool that can be used to perform automatic recon of the target.
$ dnsrecon -d nikosdano.com
Refer article Top 5 Commands to Test DNS Zone Transfer to identify all details related to zone transfer methods.
Conclusion
DNS enumeration is a must while performing an assessment of the IT system. It is not tough and can be performed by using both command and web interface tools.
Subscribe us to receive more such articles updates in your email.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.