08-11-2012, 04:26 PM
Hi all, in this small tutorial I will show you how to use dnsrecon
Dnsrecon is written in ruby. It enables to gather DNS oriented information on a given target
the tool supports following types
This tool comes with a version of r2
How to install this
First of all, install Ruby and Rubygems
Install Ruby dependencies:
After that you can download from here dnsrecon
https://github.com/darkoperator/dnsrecon
Now I will show you several methods
Standard (-t std)
Zone transfer (-t axfr)
Reverse Record Enumeration (-t rvs)
This parameter enables to get the reverse DNS from an IP range. You must combine it with the -i parameter to specify the IP range.
Brute force (-t brt)
This parameter enables to brute force DNS from a given target to check the existence of DNS.
We use our dictionary dict
Dnsrecon is written in ruby. It enables to gather DNS oriented information on a given target
the tool supports following types
Code:
Brute force hostnames and subdomains of a given target domain using a wordlist.
Code:
Standard Record Enumeration for a given domain (A, NS, SOA and MX).
Code:
Top Leven Domain Expansion for a given domain.
Code:
Zone Transfer against all NS records of a given domain
Code:
Reverse Lookup against a given IP Range given a start and end IP.
Code:
SRV Record enumeration, enumerating
This tool comes with a version of r2
How to install this
First of all, install Ruby and Rubygems
Code:
sudo apt-get install ruby rubygems
Install Ruby dependencies:
Code:
sudo gem install pNet-DNS
sudo gem install ip
After that you can download from here dnsrecon
https://github.com/darkoperator/dnsrecon
Now I will show you several methods
Standard (-t std)
Code:
sudo ./dnsrecon.rb -t std -d google.com
google.com,66.249.92.104,A
ns1.google.com,216.239.32.10,SOA
ns2.google.com,216.239.34.10,NS
ns3.google.com,216.239.36.10,NS
ns4.google.com,216.239.38.10,NS
ns1.google.com,216.239.32.10,NS
google.com.s9b1.psmtp.com,74.125.148.13,MX,300
google.com.s9a1.psmtp.com,74.125.148.10,MX,100
google.com.s9a2.psmtp.com,74.125.148.11,MX,200
google.com.s9b2.psmtp.com,74.125.148.14,MX,400
Zone transfer (-t axfr)
Code:
./dnsrecon.rb -t axfr -d ??????club.net
Zone Transfer Succesfull on Nameserver 88.191.???.??
??????club.net. 14400 IN SOA ns0.online.net. hostmaster.proxad.net. (
1276843806 ; Serial
3600 ; Refresh
1800 ; Retry
1209600 ; Expire
14400 ) ; Minimum TTL
??????club.net. 14400 IN A 88.190.???.???
??????club.net. 14400 IN MX 20 mx-cache.online.net
??????club.net. 14400 IN MX 10 mx.online.net
??????club.net. 14400 IN NS ns0.online.net.
??????club.net. 14400 IN NS ns1.online.net.
*.??????club.net. 14400 IN A 88.190.???.???
??????clubnet.??????club.net. 14400 IN CNAME pf7-mysql.online.net.
sql.??????club.net. 14400 IN CNAME pf7-mysql.online.net.
Reverse Record Enumeration (-t rvs)
This parameter enables to get the reverse DNS from an IP range. You must combine it with the -i parameter to specify the IP range.
Code:
./dnsrecon.rb -t rvs -i 66.249.92.100,66.249.92.150
Reverse Lookup for IP Renge from 66.249.92.100 to 66.249.92.150
par03s01-in-f100.1e100.net,66.249.92.100
par03s01-in-f104.1e100.net,66.249.92.104
par03s01-in-f112.1e100.net,66.249.92.112
par03s01-in-f115.1e100.net,66.249.92.115
par03s01-in-f116.1e100.net,66.249.92.116
par03s01-in-f118.1e100.net,66.249.92.118
par03s01-in-f120.1e100.net,66.249.92.120
par03s01-in-f123.1e100.net,66.249.92.123
par03s01-in-f128.1e100.net,66.249.92.128
par03s01-in-f132.1e100.net,66.249.92.132
par03s01-in-f137.1e100.net,66.249.92.137
par03s01-in-f141.1e100.net,66.249.92.141
par03s01-in-f142.1e100.net,66.249.92.142
par03s01-in-f143.1e100.net,66.249.92.143
par03s01-in-f146.1e100.net,66.249.92.146
par03s01-in-f148.1e100.net,66.249.92.148
Brute force (-t brt)
This parameter enables to brute force DNS from a given target to check the existence of DNS.
Code:
cat dict
aaa
bbb
hello
serbia
forum
gmail
google
gtalk
mail
We use our dictionary dict
Code:
./dnsrecon.rb -t brt -w dict -d google.com
earth.google.com,66.249.92.100
gmail.google.com,66.249.92.100
mail.google.com,66.249.92.83