Info BackTrack

Linux & Security Tutorial

Information Gathering Menggunakan Dnsenum


Dnsenum adalah script perl yang bertujuan untuk mengumpulkan informasi sebanyak mungkin tentang suatu domain.

Script ini  dibuat oleh salah satu pengembang Backtrack  yang bernama Filip (barbsie) Waeytens.

Dnsenum berkemampuan untuk:

1) Mendapatkan host addresse (record).
2) Mendapatkan namservers (ulir).
3) Mendapatkan MX record (ulir).
4) Melakukan query AXFR pada nameserver (ulir).
5) Mendapatkan nama tambahan dan subdomain melalui Scraping google (google query = “allinurl: www-site: domain”).
6) brute-force subdomain dari file, juga dapat melakukan rekursi di subdomain yang memiliki catatan NS (semua ulir).
7) Menghitung rentang kelas C domain jaringan dan melakukan query whois pada web target (ulir).
8) Melakukan pencarian mundur pada netranges (kelas C atau / dan whois netranges) (ulir).
9) Dan membuat file domain_ips.txt yang berisi berkas ip yang diblok.

Step by step penggunaannya :

lindo@laptop:/pentest/enumeration/dns/dnsenum# ./dnsenum.pl rcti.tv
dnsenum.pl VERSION:1.2

-----   rcti.tv   -----

-----------------
Host's addresses:
-----------------
 rcti.tv.       13423   IN      A       202.147.200.138

-------------
Name servers:
-------------
  ns2.rumahosting.com.  14400   IN      A       124.195.3.11
  ns1.rumahosting.com.  14400   IN      A       173.231.38.138

-----------
MX record:
-----------
  smtp2.rcti.tv.        14400   IN      A       202.147.204.148
  smtp3.rcti.tv.        14400   IN      A       202.147.204.149
  webmail.rcti.tv.      13345   IN      A       202.147.204.147
  smtp1.rcti.tv.        14400   IN      A       114.6.15.53

---------------------
Trying Zonetransfers:
---------------------

 Trying zonetransfer for rcti.tv on ns2.rumahosting.com ...

 Trying zonetransfer for rcti.tv on ns1.rumahosting.com ...

brute force file not specified, bay.

lindo@laptop:/pentest/enumeration/dns/dnsenum# ./dnsenum.pl --enum -f dns.txt --update a -r rcti.tv
dnsenum.pl VERSION:1.2
Warning: can't load Net::Whois::IP module, whois queries disabled.

-----   rcti.tv   -----

-----------------
Host's addresses:
-----------------
 rcti.tv.       12210   IN      A       202.147.200.138

-------------
Name servers:
-------------
  ns1.rumahosting.com.  13187   IN      A       173.231.38.138
  ns2.rumahosting.com.  13187   IN      A       124.195.3.11

-----------
MX record:
-----------
  smtp2.rcti.tv.        13185   IN      A       202.147.204.148
  smtp3.rcti.tv.        13185   IN      A       202.147.204.149
  webmail.rcti.tv.      12130   IN      A       202.147.204.147
  smtp1.rcti.tv.        13185   IN      A       114.6.15.53

---------------------
Trying Zonetransfers:
---------------------

 Trying zonetransfer for rcti.tv on ns2.rumahosting.com ...

 Trying zonetransfer for rcti.tv on ns1.rumahosting.com ...

--------------------------------------------
Scraping rcti.tv subdomains from Google:
--------------------------------------------

 ----   Google search page: 1   ----

 ----   Google search page: 2   ----

 ----   Google search page: 3   ----

 ----   Google search page: 4   ----

 ----   Google search page: 5   ----

 ----   Google search page: 6   ----
Use of uninitialized value in subroutine entry at ./dnsenum.pl line 894.

 Google results: 0
  perhaps Google is blocking our queries.
 Check manually.

------------------------------
Brute forcing with dns.txt:
------------------------------
  ftp.rcti.tv.  13492   IN      A       203.153.106.35
  mail.rcti.tv. 13487   IN      CNAME   webmail.rcti.tv.
  webmail.rcti.tv.      12017   IN      A       202.147.204.147
  www.rcti.tv.  12264   IN      CNAME   rcti.tv.
  rcti.tv.      12035   IN      A       202.147.200.138

–done

Refrensi Artikel

Artikel Terkait:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: