DNS is a naming system for computers that converts human readable domain names e.g. (infosecinstitute.com) into computer readable IP-addresses. However some security vulnerabilities exist due to misconfigured DNS nameservers that can lead to information disclosure about the domain. This forms an important step of the Information Gathering stage during a Penetration test or Vulnerability assessment.
On internet there are multiple DNS exploitation and Information gathering tools available to use in that we showing three tools from our experience.
DNSENUM
Multithreaded perl script to enumerate DNS information of a domain and to discover non-contiguous IP blocks.
Operations
- Get the host’s addresse (A record).
- Get the namservers (threaded).
- Get the MX record (threaded).
- Perform axfr queries on nameservers and get BIND VERSION (threaded).
- Get extra names and subdomains via google scraping (google query = “allinurl: -www site:domain”).
- Brute force subdomains from file, can also perform recursion on subdomain that have NS records (all threaded).
- Calculate C class domain network ranges and perform whois queries on them (threaded).
- Perform reverse lookups on netranges ( C class or/and whois netranges) (threaded).
- Write to domain_ips.txt file ip-blocks.
Source: https://github.com/fwaeytens/dnsenum
dnsenum Homepage | Kali dnsenum Repo
Author: Filip Waeytens, tix tixxDZ
License: GPLv2
FIERCE
First what Fierce is not. Fierce is not an IP scanner, it is not a DDoS tool, it is not designed to scan the whole Internet or perform any un-targeted attacks. It is meant specifically to locate likely targets both inside and outside a corporate network. Only those targets are listed (unless the -nopattern switch is used). No exploitation is performed (unless you do something intentionally malicious with the -connect switch). Fierce is a reconnaissance tool. Fierce is a PERL script that quickly scans domains (usually in just a few minutes, assuming no network lag) using several tactics.
Operations
-delay: delays the time between lookups
-dns: specify the domain you’re scanning
-dnsfile: provide list of DNS servers for reverse lookups
-dnsserver: use a specific DNS server for reverse lookups
-file: save results to a file
-fulloutput: used with “-connect” to return all results instead of just the HTTP headers
-nopattern: dumps all domains in the discovered IP ranges
-range: scan internal IP range; used with the “-dnsserver” switch
-search: let you search for additional hosts based on specific names the company might
GIT LINK : https://github.com/mschwager/fierce
PENTEST-TOOLS (Online Tool)
pentest-tools.com providing the pen-testing tools as a Service over the Internet. Here they providing multiple pen-test tools for genuine testing.
In That, we can test the DNS-Zone Transfer test.
"A zone transfer is where a primary DNS server sends a DNS zone to a secondary DNS server,Attacker can spoof the Master and do Zone Transfer to attacker machine."
Follow the below path in the website to access the particular tool.
After that enter the DNS server name which one you want check click enter and you will get the output like below.
