tools ini berguna untuk mengumpulkan informasi yaitu sebagai berikut
1. Ip address host target
2. name server
3. informasi mx record
4. mendapatkan informasi nama lain atau subdomain dari google / Scraping google (query google = “allinurl: situs-www: domain”).
5. subdomain bruteforce ( file ditentukan ) sekaligus melakukan perform recursion subdomain yang memiliki ns record
6. Mengkalkulasi kelas C pada jaringan domain dan melakukan query whois
7. Perform reverse lookups on netranges ( pada kelas C ( local ) atau whois netrange)
2. name server
3. informasi mx record
4. mendapatkan informasi nama lain atau subdomain dari google / Scraping google (query google = “allinurl: situs-www: domain”).
5. subdomain bruteforce ( file ditentukan ) sekaligus melakukan perform recursion subdomain yang memiliki ns record
6. Mengkalkulasi kelas C pada jaringan domain dan melakukan query whois
7. Perform reverse lookups on netranges ( pada kelas C ( local ) atau whois netrange)
langsung di test aja …
zee-laptop@IBTeam:/pentest/enumeration/dnsenum$ sudo ./dnsenum.pl
[sudo] password for zee-laptop:
dnsenum.pl VERSION:1.2
Usage: dnsenum.pl [Options]
[Options]:
Note: the brute force -f switch must be specified to be able to continue
the process execution.
GENERAL OPTIONS:
--dnsserver
Use this DNS server for A, NS and MX queries.
--enum Shortcut option equivalent to --threads 5 -s 20 -w.
-h, --help Print this help message.
--noreverse Skip the reverse lookup operations.
--private Show and save private ips at the end of the file
domain_ips.txt.
--subfile Write all valid subdomains to this file.
-t, --timeout The tcp and udp timeout values in seconds
(default: 10s).
--threads The number of threads that will perform different
queries.
-v, --verbose Be verbose: show all the progress and all the error
messages.
GOOGLE SCRAPING OPTIONS:
-p, --pages The number of google search pages to process when
scraping names, the default is 20 pages,
the -s switch must be specified.
-s, --scrap The maximum number of subdomains that will be scraped
from google.
BRUTE FORCE OPTIONS:
-f, --file Read subdomains from this file to perform brute force.
-u, --update
Update the file specified with the -f switch with
vaild subdomains.
a (all) Update using all results.
g Update using only google scraping results.
r Update using only reverse lookup results.
z Update using only zonetransfer results.
-r, --recursion Recursion on subdomains, brute force all discovred
subdomains that have an NS record.
WHOIS NETRANGE OPTIONS:
-d, --delay The maximum value of seconds to wait between whois
queries, the value is defined randomly, default: 3s.
-w, --whois Perform the whois queries on c class network ranges.
**Warning**: this can generate very large netranges
and it will take lot of time to performe reverse
lookups.
REVERSE LOOKUP OPTIONS:
-e, --exclude
Exclude PTR records that match the regexp expression
from reverse lookup results, useful on invalid
hostnames.
zee-laptop@IBTeam:/pentest/enumeration/dnsenum$ ./dnsenum.pl kaskus.us
dnsenum.pl VERSION:1.2
—– kaskus.us —–
—————–
Host’s addresses:
—————–
kaskus.us. 2595 IN A 112.78.131.5
kaskus.us. 2595 IN A 112.78.131.2
Host’s addresses:
—————–
kaskus.us. 2595 IN A 112.78.131.5
kaskus.us. 2595 IN A 112.78.131.2
————-
Name servers:
————-
ns1.lumanau.web.id. 38400 IN A 76.73.7.6
ns2.lumanau.web.id. 38241 IN A 202.160.120.228
Name servers:
————-
ns1.lumanau.web.id. 38400 IN A 76.73.7.6
ns2.lumanau.web.id. 38241 IN A 202.160.120.228
———–
MX record:
———–
MX record:
———–
———————
Trying Zonetransfers:
———————
Trying Zonetransfers:
———————
trying zonetransfer for kaskus.us on ns1.lumanau.web.id …
trying zonetransfer for kaskus.us on ns2.lumanau.web.id …
brute force file not specified, bay.
Sumber : Zee Eichel
0 comments:
Posting Komentar