iT邦幫忙

第 11 屆 iT 邦幫忙鐵人賽

DAY 26
0

dnsrecon


dnsrecon 是 Kali linux和 Parrot Security OS 內建的工具,可以使用這個工具來查找DNS紀錄可以查詢到站點的域名及IP。

https://github.com/darkoperator/dnsrecon


  • 操作環境 Parrot OS
  • 執行指令
dnsrecon 

https://ithelp.ithome.com.tw/upload/images/20191017/20060971rkD0SvfwZV.png

  • Options:
Options:
   -h, --help                   Show this help message and exit.
   -d, --domain      <domain>   Target domain.
   -r, --range       <range>    IP range for reverse lookup brute force in formats (first-last) or in (range/bitmask).
   -n, --name_server <name>     Domain server to use. If none is given, the SOA of the target will be used.
                                Multiple servers can be specified using a comma separated list.
   -D, --dictionary  <file>     Dictionary file of subdomain and hostnames to use for brute force.
   -f                           Filter out of brute force domain lookup, records that resolve to the wildcard defined
                                IP address when saving records.
   -t, --type        <types>    Type of enumeration to perform (comma separated):
                                std       SOA, NS, A, AAAA, MX and SRV.
                                rvl       Reverse lookup of a given CIDR or IP range.
                                brt       Brute force domains and hosts using a given dictionary.
                                srv       SRV records.
                                axfr      Test all NS servers for a zone transfer.
                                goo       Perform Google search for subdomains and hosts.
                                bing      Perform Google search for subdomains and hosts.
                                crt       Perform crt.sh search for subdomains and hosts.
                                snoop     Perform cache snooping against all NS servers for a given domain, testing
                                          all with file containing the domains, file given with -D option.
                                tld       Remove the TLD of given domain and test against all TLDs registered in IANA.
                                zonewalk  Perform a DNSSEC zone walk using NSEC records.
   -a                           Perform AXFR with standard enumeration.
   -s                           Perform a reverse lookup of IPv4 ranges in the SPF record with standard enumeration.
   -g                           Perform Google enumeration with standard enumeration.
   -b                           Perform Bing enumeration with standard enumeration.
   -k                           Perform crt.sh enumeration with standard enumeration.
   -w                           Perform deep whois record analysis and reverse lookup of IP ranges found through
                                Whois when doing a standard enumeration.
   -z                           Performs a DNSSEC zone walk with standard enumeration.
   --threads         <number>   Number of threads to use in reverse lookups, forward lookups, brute force and SRV
                                record enumeration.
   --tcp                        Force using TCP protocol when making DNS queries.
   --lifetime        <number>   Time to wait for a server to response to a query.
   --db              <file>     SQLite 3 file to save found records.
   --xml             <file>     XML file to save found records.
   --iw                         Continue brute forcing a domain even if a wildcard records are discovered.
   --disable_check_recursion    Disables check for recursion on name servers.
   --disable_check_bindversion  Disables check for BIND version on name servers.
   -c, --csv         <file>     Comma separated value file.
   -j, --json        <file>     JSON file.
   -v                           Show attempts in the brute force modes.

  • 操作
dnsrecon -d domain

https://ithelp.ithome.com.tw/upload/images/20191017/20060971LgMbffKh7K.png


上一篇
[Day 25]-WAES
下一篇
[Day 27]-Ispy
系列文
利用開源資源執行安全檢測30

尚未有邦友留言

立即登入留言