What is dnsenum ?
The purpose of Dnsenum is to gather as much information as possible about a domain. The program currently performs the following operations:
- Get the host's addresse (A record).
- Get the namservers (threaded).
- Get the MX record (threaded).
- Perform axfr queries on nameservers and get BIND versions(threaded).
- Get extra names and subdomains via google scraping (google query = "allinurl: -www site:domain").
- Brute force subdomains from file, can also perform recursion on subdomain that have NS records (all threaded).
- Calculate C class domain network ranges and perform whois queries on them (threaded).
- Perform reverse lookups on netranges ( C class or/and whois netranges) (threaded).
- Write to domain_ips.txt file ip-blocks.
PreRequisite :-
1. Perl Should be installed in System.
![[Image: 4Nq3O.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vpeBRso1NZGTtkYZXhkZBGytK2JByt031FzWk-cBtEPnvqTnnMWkC-V8RE1OwhKKJN9opjRXOemlmOMGHg0iI=s0-d)
Usage :
Code:
root@worldofhacker~# perl dnsenum.pl [Options]
Code:
root@worldofhacker~# perl dnsenum.pl -v worldofhacker.comOutput will be something like this :-
PHP Code:
----- worldofhacker.com -----
Host's addresses:
__________________
worldofhacker.com 5 IN A 108.162.197.122
worldofhacker.com 5 IN A 108.162.197.22
Name Servers:
______________
seth.ns.cloudflare.com 5 IN A 173.245.59.142
jean.ns.cloudflare.com 5 IN A 173.245.58.121
Mail (MX) Servers:
___________________
aspmx.l.google.com 5 IN A 173.194.79.27
Trying Zone Transfers and getting Bind Versions:
_________________________________________________
Trying Zone Transfer for worldofhacker.com on seth.ns.cloudflare.com ...
AXFR record query failed: NOERROR
Unable to obtain Server Version for seth.ns.cloudflare.com : NOERROR
Trying Zone Transfer for worldofhacker.com on jean.ns.cloudflare.com ...
AXFR record query failed: NOERROR
Unable to obtain Server Version for jean.ns.cloudflare.com : NOERROR
----------------
Wildcards test:
----------------
Wildcards detected, all subdomains will point to the same IP address, bye. Various Help Options :-
PHP Code:
GENERAL OPTIONS:
--dnsserver <server>
Use this DNS server for A, NS and MX queries.
--enum Shortcut option equivalent to --threads 5 -s 20 -w.
-h, --help Print this help message.
--noreverse Skip the reverse lookup operations.
--private Show and save private ips at the end of the file domain_ips.txt.
--subfile <file> Write all valid subdomains to this file.
-t, --timeout <value> The tcp and udp timeout values in seconds (default: 10s).
--threads <value> The number of threads that will perform different queries.
-v, --verbose Be verbose: show all the progress and all the error messages.GOOGLE SCRAPING OPTIONS:
-p, --pages <value> The number of google search pages to process when scraping names,
the default is 20 pages, the -s switch must be specified.
-s, --scrap <value> The maximum number of subdomains that will be scraped from Google.BRUTE FORCE OPTIONS:
-f, --file <file> Read subdomains from this file to perform brute force.
-u, --update <a|g|r|z>
Update the file specified with the -f switch with valid subdomains.
a (all) Update using all results.
g Update using only google scraping results.
r Update using only reverse lookup results.
z Update using only zonetransfer results.
-r, --recursion Recursion on subdomains, brute force all discovred subdomains that have an NS record.WHOIS NETRANGE OPTIONS:
-d, --delay <value> The maximum value of seconds to wait between whois queries, the value is defined randomly, default: 3s.
-w, --whois Perform the whois queries on c class network ranges.
**Warning**: this can generate very large netranges and it will take lot of time to performe reverse lookups.REVERSE LOOKUP OPTIONS:
-e, --exclude <regexp>
Exclude PTR records that match the regexp expression from reverse lookup results, useful on invalid hostnames.OUTPUT OPTIONS:
-o --output <file> Output in XML format. Can be imported in MagicTree (www.gremwell.com) Download From Here :- http://code.google.com/p/dnsenum/downloads/list
