dnsenum的目的是尽可能收集一个域的信息,它能够通过谷歌或者字典件猜测可能存在的域名,以及对一个网段进行反向查询。它可以查询网站的主机地址信息、域名服务器、mx record(函件交换记录),在域名服务器上执行axfr请求,通过google脚本得到扩展域名信息(google hacking),提取自域名并查询,计算C类地址并执行whois询,执行反向查询,把地址段写入文件。
从其中还是可以得到不少好玩的信息,例如:wooyun 是建立在sinaapp上的
root@kali:~/Desktop/crypt# dnsenum --enum www.wooyun.org dnsenum.pl VERSION:1.2.2 Warning: can't load Net::Whois::IP module, whois queries disabled. ----- www.wooyun.org ----- Host's addresses: __________________ wooyun.sinaapp.com 30 IN A 220.181.136.35 wooyun.sinaapp.com 30 IN A 220.181.136.36 Name Servers: ______________ Error: can't continue no NS record for www.wooyun.org
信息收集方面非常有用
root@kali:~/Desktop# dnsenum --enum 51cto.com
dnsenum.pl VERSION:1.2.2
Warning: can't load Net::Whois::IP module, whois queries disabled.
----- 51cto.com -----
Host's addresses:
__________________
51cto.com 600 IN A 118.144.78.52
51cto.com 600 IN A 118.144.78.54
Name Servers:
______________
ns1.dnsv2.com 87409 IN A 122.225.217.193
ns1.dnsv2.com 87409 IN A 183.60.59.230
ns1.dnsv2.com 87409 IN A 221.204.186.8
ns2.dnsv2.com 87409 IN A 119.167.195.7
ns2.dnsv2.com 87409 IN A 180.153.162.151
ns2.dnsv2.com 87409 IN A 112.90.143.34
Mail (MX) Servers:
___________________
root@kali:~/Desktop# dnsenum --enum cnblogs.com dnsenum.pl VERSION:1.2.2 Warning: can't load Net::Whois::IP module, whois queries disabled. ----- cnblogs.com ----- Host's addresses: __________________ cnblogs.com 584 IN A 42.121.252.58 Name Servers: ______________ ns4.dnsv3.com 64817 IN A 115.236.151.139 ns4.dnsv3.com 64817 IN A 180.153.162.152 ns4.dnsv3.com 64817 IN A 221.204.186.9 ns3.dnsv3.com 64817 IN A 183.60.59.231 ns3.dnsv3.com 64817 IN A 112.90.143.35 ns3.dnsv3.com 64817 IN A 119.167.195.10 Mail (MX) Servers: ___________________ alt2.aspmx.l.google.com 278 IN A 74.125.137.26 aspmx5.googlemail.com 278 IN A 173.194.75.26 aspmx2.googlemail.com 278 IN A 74.125.142.26 aspmx.l.google.com 278 IN A 74.125.129.26 alt1.aspmx.l.google.com 278 IN A 74.125.142.26 aspmx3.googlemail.com 278 IN A 74.125.137.26 aspmx4.googlemail.com 278 IN A 173.194.68.26 Trying Zone Transfers and getting Bind Versions: _________________________________________________ Trying Zone Transfer for cnblogs.com on ns4.dnsv3.com ... AXFR record query failed: query timed out Unable to obtain Server Version for ns4.dnsv3.com : query timed out Trying Zone Transfer for cnblogs.com on ns3.dnsv3.com ... AXFR record query failed: query timed out Unable to obtain Server Version for ns3.dnsv3.com : query timed out Wildcards detected, all subdomains will point to the same IP address, bye.
fierce -dns 查询
root@kali:~/Desktop# fierce -dns 51cto.com DNS Servers for 51cto.com: ns1.dnsv2.com ns2.dnsv2.com Trying zone transfer first... Testing ns1.dnsv2.com Request timed out or transfer not allowed. Testing ns2.dnsv2.com Request timed out or transfer not allowed.