avatarS12 Pentest

Summary

The undefined website provides a tutorial on using dnsenum, a perl script tool in Kali Linux for enumerating DNS information to gather network and vulnerability data on a domain.

Abstract

The undefined website article, titled "DNSEnum," introduces readers to the concept of information gathering in the context of website security assessments and penetration testing. It specifically focuses on the use of dnsenum, a tool within Kali Linux that enables users to extract comprehensive DNS information from a target domain. The article outlines the installation process, demonstrates how to execute the tool to retrieve various details such as IP addresses, subdomains, and server information, and explains the significance of zone transfers and Bind versions in identifying potential vulnerabilities. The author emphasizes dnsenum's capability to perform brute-forcing attacks to uncover additional hostnames and nameservers, as well as its utility in mapping out the network structure by identifying netranges. The conclusion underscores the tool's effectiveness in information gathering for web penetration testing and encourages readers to support the author's content through membership or by sharing the project.

Opinions

  • The author considers dnsenum to be a powerful and useful tool for gathering vulnerability information on websites.
  • Dnsenum is recommended as a good starting point for those interested in information gathering for web penetration testing.
  • The article suggests that the information obtained through dnsenum, such as host addresses, subdomains, and network details, is critical for understanding the security posture of a website.
  • The author values community support, requesting readers to contribute through membership or by sharing the content to help sustain and grow the project.
  • A positive opinion is conveyed regarding the tool's ability to perform tasks like reverse lookups and brute-forcing to reveal extensive network information.

DNSEnum

Introduction

The information gathering is useful to get ports and vulnerabilities into a website and Kali Linux has tools that you can use them. Today, I will show you a tool called dnsenum where you can test a website and get information from them

DNSENUM

Firstly, we’ll see what’s dsnenum, which is a perl script to enumerate DNS information of a domain and to discover non-contiguous IP blocks.

You can install it using the next command:

sudo apt install dnsenum

Now, we will open our terminal as root and insert the command dnsneum followed by an IP address or DNS.

Dnsenum will get information about the DNS, which you can see a list of IP Addresses and subdomains which are related to the website.

Firstly, it will show you host´s addresses, main servers and Main Servers.

Also, you can see Zone Transfers and Bind versions to see more subdomains and servers where you can find vulns. In the next image we use other domain only to show you how looks the result.

Dnsenum default also use brute forcing to get more host addresses, subdomains and nameservers.

Include dnsenum can get the netranges of servers where the IP´s are listed. You can use this information to see how works the network into the server that you are testing.

Lastly, dnsenum will perform reverse lookup IP addresses and IP blocks where it will show you like this.

Conclusion

Dnsenum is a very useful and powerful tool for information gathering, you can get vulns into a website where it will show you Host addresses and subdomains related to the host as well as network information about netranges. If you wanted to start in information gathering for web pentesting, dnsenum is a good option for you.

If you enjoy my content and would like to help me take this project to the next level, you can become a member by donating a monthly subscription. Your support will help me continue to create high-quality content. Thank you for your generosity!

If donating is not possible for you at this time, no problem at all! Your support in sharing my project and spreading the word is greatly appreciated. I will continue to create and share my work regardless, and I am grateful for your encouragement and interest.

If you want to support me you can check my main Medium Profile and see all the articles! Follow and support it!. This are the link:

This is the YouTube channel of my malware development team, we need your subscription and your support

Thanks to read this :)

S12.

Hacking
Penetration Testing
Cybersecurity
Software Development
Tryhackme
Recommended from ReadMedium