DNSENUM Video Tutorial on Kali Linux : In this DNSENUM Video tutorial we will learn how to use DNSENUM tool for DNS Information Gathering in Penetration testing of web applications. DNSENUM is basically an DNS Enumeration tool or Script which performs several functions including gathering the host’s A records, MX records, attempting zone transfers, and brute forcing sub domains. The purpose of DNSENUM is to gather as much information as possible about a domain.
You can easily navigate to DNSENUM tool in Kali Linux as below :
Go to Applications –> Information Gathering –> DNS Analysis –> DNSENUM
You can also open DNSENUM tool by typing “DNSENUM” in terminal on Kali Linux.
Once you Open DNSENUM tool on Kali Linux, you will see basic syntax and multiple options that you can use with DSNENUM script. I will share brief information about some important options which are useful for basic Penetration testing.
Important Options in DNSENUM Tool :
–dnsserver <server ip> : By default, if you don’t use this option, and just type in “dnsenum anywebsite.com”, the queries will use your default DNS resolving server, which in most cases is located at your ISP. Using this switch allows you to specify another DNS resolving server. For example, we can use Public Google DNS 220.127.116.11 or OpenDNS server or any other public DNS Server.
–enum : This is a shortcut option, which actually contains 3 different options. They are “–threads”, which is set to 5, “-s”, which is the maximum number of subdomains that will be scraped from Google, and “-w”, which tells it to perform a whois query on Class C network ranges.
**Note – The Google scraping feature can be hit or miss. Google considers automated scraping to be a violation of their TOS, and blocks access if you try too many requests.
–noreverse : This will bypass the reverse lookup operation. If you’re performing reverse lookups on a Class C netrange, the amount of lookups could be huge, and take quite a long time. I normally don’t use reverse lookups with dnsenum for this reason.
–subfile <file> : You can use this option to create a file which will contain any new sub domains that were discovered. If you don’t use this option, the results just get output to the screen.
-f : You’ll need to use this switch to specify the location of the pre-defined wordlist containing the subdomains you’re searching for. DNSENUM tool has a list you can use located under /usr/share/dnsenum/dns.txt.
There are lot of other options available in DNSENUM tool which you can use by reading their description from tool itself.
Below is basic command which you use with DNSENUM tool for information gathering on Kali Linux :
dnsenum –dnsserver 18.104.22.168 –enum -f /usr/share/dnsenum/dns.txt –subfile ~/Desktop/Hackingloops/new.txt anywebsitename.com
With DNSENUM tool we can also perform zone transfers if allowed.
dnsenum –dnsserver 22.214.171.124 –noreverse -f /usr/share/dnsenum/dns.txt –subfile ~/Desktop/Hackingloops/zonetransfer.txt anywebsitename.com
In case of any queries, feel free to contact us and don’t forget to say thanks if you like our tutorials. Keep Learning !! Keep Connected!!