|Dnsrecon KYB Tutorial 4 : Information gathering tool on Backtrack Linux|
Below is the list of things that we can do using DNSRECON Tool:
- Top level domain expansion ( Zone Walking and Zone Transfer)
- Reverse Lookup against IP range
- Perform general DNS query for NS,SOA and MX records (Standard Record Enumeration)
- Cache snooping against Name Servers
- Google Scanning for Sub Domains and Host
Backtrack -> Information Gathering -> Network Analysis -> DNS Analysis -> dnsrecon
./dnsrecon.py -d <mywebsite.com> -a
./dnsrecon.py -d <mywebsite.com> -t axfr
2. Reverse Lookup against IP range:
./dnsrecon.py -r <startIP>-<endIP>
For Example :
./dnsrecon.py -r 192.168.5.100-192.168.5.200
Also reverse lookup can be performed against all ranges in SPF records with the command :
./dnsrecon.py -d <domain> -s
3. Domain Brute Force Enumeration:
For performing Domain Brute force technique, we have to give a name list and it will try to resolve the A,AAA and CNAME records against the domain by trying each entry one by one.
In order to perform domain brute force attack user needs to type below command:
./dnsrecon.py -d <domain> -D <namelist> -t brt
./dnsrecon.py -d hackingloops.com -D namelist.txt -t brt
4. Cache Snooping against name servers:
DNS cache snooping happens when the DNS server has a specific DNS record cached.This DNS record will often reveal plenty of information about the name servers and other DNS information.However DNS cache snooping does not happen quite often because servers normally do not cache DNS records.
The command that can be used to perform cache snooping is as follows:
./dnsrecon.py -t snoop -n server -D <dictionary file>
For example :
./dnsrecon.py -t snoop -n <server IP address> -D dictionary.txt
5. Standard Records Enumeration:
Standard Enumeration is generally used to gather information about NameServers,SOA and MX records. In order to perform standard enumeration you can use below command:
./dnsrecon.py -d <domain>
./dnsrecon.py -d hackingloops.com
There are lot of other options that DNSRECON tool provides. It is an extremely useful tool to gather plenty of information about DNS records.
Thats all for today. If you have any doubts feel free to ask. Don’t forget to join us at Facebook in order to recent updates.