[Infernal92]

Hi all, in this small tutorial I will show you how to use dnsrecon

Dnsrecon is written in ruby. It enables to gather DNS oriented information on a given target

the tool supports following types

Code:

Brute force hostnames and subdomains of a given target domain using a wordlist.

Code:

Standard Record Enumeration for a given domain (A, NS, SOA and MX).

Code:

Top Leven Domain Expansion for a given domain.

Code:

Zone Transfer against all NS records of a given domain

Code:

Reverse Lookup against a given IP Range given a start and end IP.

Code:

SRV Record enumeration, enumerating

This tool comes with a version of r2

How to install this

First of all, install Ruby and Rubygems

Code:

sudo apt-get install ruby rubygems

Install Ruby dependencies:

Code:

sudo gem install pNet-DNS
sudo gem install ip

After that you can download from here dnsrecon

https://github.com/darkoperator/dnsrecon


Now I will show you several methods

Standard (-t std)

Code:

sudo ./dnsrecon.rb -t std -d google.com
google.com,66.249.92.104,A
ns1.google.com,216.239.32.10,SOA
ns2.google.com,216.239.34.10,NS
ns3.google.com,216.239.36.10,NS
ns4.google.com,216.239.38.10,NS
ns1.google.com,216.239.32.10,NS
google.com.s9b1.psmtp.com,74.125.148.13,MX,300
google.com.s9a1.psmtp.com,74.125.148.10,MX,100
google.com.s9a2.psmtp.com,74.125.148.11,MX,200
google.com.s9b2.psmtp.com,74.125.148.14,MX,400

Zone transfer (-t axfr)

Code:

./dnsrecon.rb -t axfr -d ??????club.net
Zone Transfer Succesfull on Nameserver 88.191.???.??

??????club.net. 14400   IN      SOA     ns0.online.net. hostmaster.proxad.net. (
                                        1276843806      ; Serial
                                        3600    ; Refresh
                                        1800    ; Retry
                                        1209600 ; Expire
                                        14400 ) ; Minimum TTL
??????club.net. 14400   IN      A       88.190.???.???
??????club.net. 14400   IN      MX      20 mx-cache.online.net
??????club.net. 14400   IN      MX      10 mx.online.net
??????club.net. 14400   IN      NS      ns0.online.net.
??????club.net. 14400   IN      NS      ns1.online.net.
*.??????club.net.       14400   IN      A       88.190.???.???
??????clubnet.??????club.net.   14400   IN      CNAME   pf7-mysql.online.net.
sql.??????club.net.     14400   IN      CNAME   pf7-mysql.online.net.

Reverse Record Enumeration (-t rvs)
This parameter enables to get the reverse DNS from an IP range. You must combine it with the -i parameter to specify the IP range.

Code:

./dnsrecon.rb -t rvs -i 66.249.92.100,66.249.92.150
Reverse Lookup for IP Renge from 66.249.92.100 to 66.249.92.150
par03s01-in-f100.1e100.net,66.249.92.100
par03s01-in-f104.1e100.net,66.249.92.104
par03s01-in-f112.1e100.net,66.249.92.112
par03s01-in-f115.1e100.net,66.249.92.115
par03s01-in-f116.1e100.net,66.249.92.116
par03s01-in-f118.1e100.net,66.249.92.118
par03s01-in-f120.1e100.net,66.249.92.120
par03s01-in-f123.1e100.net,66.249.92.123
par03s01-in-f128.1e100.net,66.249.92.128
par03s01-in-f132.1e100.net,66.249.92.132
par03s01-in-f137.1e100.net,66.249.92.137
par03s01-in-f141.1e100.net,66.249.92.141
par03s01-in-f142.1e100.net,66.249.92.142
par03s01-in-f143.1e100.net,66.249.92.143
par03s01-in-f146.1e100.net,66.249.92.146
par03s01-in-f148.1e100.net,66.249.92.148

Brute force (-t brt)

This parameter enables to brute force DNS from a given target to check the existence of DNS.

Code:

cat dict
aaa
bbb
hello
serbia
forum
gmail
google
gtalk
mail

We use our dictionary dict

Code:

./dnsrecon.rb -t brt -w dict -d google.com
earth.google.com,66.249.92.100
gmail.google.com,66.249.92.100
mail.google.com,66.249.92.83

[zee eichel]

its nice to see u here brother.. dnsrecon its working like a charm .. we must move your thread in international section so the others member can reply you in english ..

[alkaaf]

oh i got it, so dnsrecon can be used to find another subdomain too?

[Al - Ayyubi]

thnk's for your share bro
let's my try