Information Gathering With dnsrecon-Backtrack 5 Rx

dnsrecon is a tool for enumeration, coded in python.Features of dnsrecon:-

1. You can brute force Sub Domains by inbuilt wordlist or by your own wordlist.


2. You can enumerate general record types, like  SOA, NS, A, AAAA, MX and SRV.


3. You can Reverse Look Up a given CIDR IP range.


4. You can test all NS Servers in a domain for misconfigured zone transfers.


5. You can also search Sub domains through Google query.


6. You can enumerate Top Level Domains.

In this tutorial we will only discuss:-

1. std:- To enumerate general records types.


2. srv:- To Enumerate records.


3. axfr:- Test all NS Servers in a domain for misconfigured zone               transfer.


4. goo:- Search Sub Domains from Google.


5. tld:- Enumerate Top Level Domains.

So Lets begin:-

• Open dnsrecon through  Backtrack >> Information Gathering >> Network Analysis >> Dns Analysis >> dnsrecon and can also open through Terminal cd /pentest/enumeration/dns/dnsrecon

• For std, type ./dnsrecon.py -t std -d


• For srv, type ./dnsrecon.py -t srv -d


• For axfr, type ./dnsrecon.py -t axfr -d


• For goo, type ./dnsrecon.py -t goo -d


• For tld, type ./dnsrecon.py -t tld -d

 

Points to be noted:-

• -d is used for denoting domain.


• -t is used to specify, which type of enumerations you want to use.

This is only for Educational Purpose.