Back again with more DNS enumeration tools. This one has been around for quite some time and is used by penetration testers across the globe. DNSEnum is a tool used to brute force subdomains on a DNS server. It is a multithreaded perl script that collects A records and queries Google or a wordlist to discover subdomains. Many tools can be used to do this like a short bash script but DNSEnum comes equipped with many other modules that can assist in its main purpose, to get as much info as possible from a domain.
DNSEnum operates by using the following operations:
- Get the host’s addresses (A record).
- Get the namservers (threaded).
- Get the MX record (threaded).
- Perform axfr queries on nameservers and get BIND versions(threaded).
- Get extra names and subdomains via google scraping (google query = “allinurl: -www site:domain”).
- Brute force subdomains from file, can also perform recursion on subdomain that have NS records (all threaded).
- Calculate C class domain network ranges and perform whois queries on them (threaded).
- Perform reverse lookups on netranges (C class or/and whois netranges) (threaded).
- Write to domain_ips.txt file ip-blocks.
For further details and installation instructions check out the project on Github here
Conclusion
For a walkthrough on how to use this tool in an active environment check out this room on HackTheBox . As often as i have used this tool I have to give this one a 5/5 rating. Nothing I can think of to make this tool better especially since you can just add extra perl modules just by running the command in the downloaded DNSEnum folder. Great work guys!
Want to learn more about ethical hacking?
We have a networking hacking course that is of a similar level to OSCP, get an exclusive discount here
Help support LHN by buying a T-shirt or a mug?
Check out our selection here
Do you know of another GitHub related hacking tool?
Get in touch with us via the contact form if you would like us to look at any other GitHub ethical hacking tools.