03-27-2011, 08:33 PM
Information Gathering: DNS: Dnsenum – Enumerate information on a domain and discover non-contiguous ip blocks
tools ini berguna untuk mengumpulkan informasi yaitu sebagai berikut
1. Ip address host target
2. name server
3. informasi mx record
4. mendapatkan informasi nama lain atau subdomain dari google / Scraping google (query google = "allinurl: situs-www: domain").
5. subdomain bruteforce ( file ditentukan ) sekaligus melakukan perform recursion subdomain yang memiliki ns record
6. Mengkalkulasi kelas C pada jaringan domain dan melakukan query whois
7. Perform reverse lookups on netranges ( pada kelas C ( local ) atau whois netrange)
langsung di test aja ...
bagi teman-teman yang hendak menambahkan informasi thread ini.. silahkan mencoba berbagai options di atas.. dan pastekan di sini hasilnya .
tools ini berguna untuk mengumpulkan informasi yaitu sebagai berikut
1. Ip address host target
2. name server
3. informasi mx record
4. mendapatkan informasi nama lain atau subdomain dari google / Scraping google (query google = "allinurl: situs-www: domain").
5. subdomain bruteforce ( file ditentukan ) sekaligus melakukan perform recursion subdomain yang memiliki ns record
6. Mengkalkulasi kelas C pada jaringan domain dan melakukan query whois
7. Perform reverse lookups on netranges ( pada kelas C ( local ) atau whois netrange)
langsung di test aja ...
Code:
zee-laptop@IBTeam:/pentest/enumeration/dnsenum$ sudo ./dnsenum.pl
[sudo] password for zee-laptop:
dnsenum.pl VERSION:1.2
Usage: dnsenum.pl [Options] <domain>
[Options]:
Note: the brute force -f switch must be specified to be able to continue
the process execution.
GENERAL OPTIONS:
--dnsserver <server>
Use this DNS server for A, NS and MX queries.
--enum Shortcut option equivalent to --threads 5 -s 20 -w.
-h, --help Print this help message.
--noreverse Skip the reverse lookup operations.
--private Show and save private ips at the end of the file
domain_ips.txt.
--subfile <file> Write all valid subdomains to this file.
-t, --timeout <value> The tcp and udp timeout values in seconds
(default: 10s).
--threads <value> The number of threads that will perform different
queries.
-v, --verbose Be verbose: show all the progress and all the error
messages.
GOOGLE SCRAPING OPTIONS:
-p, --pages <value> The number of google search pages to process when
scraping names, the default is 20 pages,
the -s switch must be specified.
-s, --scrap <value> The maximum number of subdomains that will be scraped
from google.
BRUTE FORCE OPTIONS:
-f, --file <file> Read subdomains from this file to perform brute force.
-u, --update <a|g|r|z>
Update the file specified with the -f switch with
vaild subdomains.
a (all) Update using all results.
g Update using only google scraping results.
r Update using only reverse lookup results.
z Update using only zonetransfer results.
-r, --recursion Recursion on subdomains, brute force all discovred
subdomains that have an NS record.
WHOIS NETRANGE OPTIONS:
-d, --delay <value> The maximum value of seconds to wait between whois
queries, the value is defined randomly, default: 3s.
-w, --whois Perform the whois queries on c class network ranges.
**Warning**: this can generate very large netranges
and it will take lot of time to performe reverse
lookups.
REVERSE LOOKUP OPTIONS:
-e, --exclude <regexp>
Exclude PTR records that match the regexp expression
from reverse lookup results, useful on invalid
hostnames.
zee-laptop@IBTeam:/pentest/enumeration/dnsenum$ ./dnsenum.pl kaskus.us
dnsenum.pl VERSION:1.2
----- kaskus.us -----
-----------------
Host's addresses:
-----------------
kaskus.us. 2595 IN A 112.78.131.5
kaskus.us. 2595 IN A 112.78.131.2
-------------
Name servers:
-------------
ns1.lumanau.web.id. 38400 IN A 76.73.7.6
ns2.lumanau.web.id. 38241 IN A 202.160.120.228
-----------
MX record:
-----------
---------------------
Trying Zonetransfers:
---------------------
trying zonetransfer for kaskus.us on ns1.lumanau.web.id ...
trying zonetransfer for kaskus.us on ns2.lumanau.web.id ...
brute force file not specified, bay.bagi teman-teman yang hendak menambahkan informasi thread ini.. silahkan mencoba berbagai options di atas.. dan pastekan di sini hasilnya .
FOLLOW @DutaLinux
for more question and sharing about security and Opensource only
for more question and sharing about security and Opensource only
