Skip to main content

DNS exploitation and Information gathering Tools




DNS is a naming system for computers that converts human readable domain names e.g. (infosecinstitute.com) into computer readable IP-addresses. However some security vulnerabilities exist due to misconfigured DNS nameservers that can lead to information disclosure about the domain. This forms an important step of the Information Gathering stage during a Penetration test or Vulnerability assessment.

On internet there are multiple DNS exploitation and Information gathering tools available to use in that we showing three tools from our experience.


DNSENUM 

Multithreaded perl script to enumerate DNS information of a domain and to discover non-contiguous IP blocks.

Operations
  • Get the host’s addresse (A record).
  • Get the namservers (threaded).
  • Get the MX record (threaded).
  • Perform axfr queries on nameservers and get BIND VERSION (threaded).
  • Get extra names and subdomains via google scraping (google query = “allinurl: -www site:domain”).
  • Brute force subdomains from file, can also perform recursion on subdomain that have NS records (all threaded).
  • Calculate C class domain network ranges and perform whois queries on them (threaded).
  • Perform reverse lookups on netranges ( C class or/and whois netranges) (threaded).
  • Write to domain_ips.txt file ip-blocks.




Source: https://github.com/fwaeytens/dnsenum
              dnsenum Homepage | Kali dnsenum Repo

Author: Filip Waeytens, tix tixxDZ

License: GPLv2

FIERCE

     First what Fierce is not. Fierce is not an IP scanner, it is not a DDoS tool, it is not designed to scan the whole Internet or perform any un-targeted attacks. It is meant specifically to locate likely targets both inside and outside a corporate network. Only those targets are listed (unless the -nopattern switch is used). No exploitation is performed (unless you do something intentionally malicious with the -connect switch). Fierce is a reconnaissance tool. Fierce is a PERL script that quickly scans domains (usually in just a few minutes, assuming no network lag) using several tactics.


Operations

-connect: make http connections to public web servers, and return the headers
-delay: delays the time between lookups
-dns: specify the domain you’re scanning
-dnsfile: provide list of DNS servers for reverse lookups
-dnsserver: use a specific DNS server for reverse lookups
-file: save results to a file
-fulloutput: used with “-connect” to return all results instead of just the HTTP headers
-nopattern: dumps all domains in the discovered IP ranges
-range: scan internal IP range; used with the “-dnsserver” switch
-search: let you search for additional hosts based on specific names the company might


GIT LINKhttps://github.com/mschwager/fierce


PENTEST-TOOLS (Online Tool)

pentest-tools.com  providing the pen-testing tools as a Service over the Internet. Here they providing multiple pen-test tools for genuine testing.

In That, we can test the DNS-Zone Transfer test.

"A zone transfer is where a primary DNS server sends a DNS zone to a secondary DNS server,Attacker can spoof the Master and do Zone Transfer to attacker machine."

Follow the below path in the website to access the particular tool.


After that enter the DNS server name which one you want check click enter and you will get the output like below.





Labels:

Comments

Post a Comment

Popular posts from this blog

My Life as Information security engineer Chapter 1: Tools

  Hi folks, here I am going to share the tools list that I am using in my daily life cycle. NMAP  Nmap (“Network Mapper”) is a free and open-source (license) utility for network discovery and security auditing. Basically, I will use it to discover the open ports and closed ports where I did Port Mapping in firewalls. We can use this in the local network as well as in the WAN network. Also with help of the NSE script, we do multiple things like vulnerability check, exploitation, etc., Ref: http://www.piratesshield.com/2017/11/nmap-network-mapper-securtiy-scanner.html CURL and WGET curl   is a tool to transfer data from or to a server, using one of the supported protocols (HTTP, HTTPS, FTP, FTPS, SCP, SFTP, TFTP, DICT, TELNET, LDAP or FILE). Normally using this tool to analyze the website headers when my web security device blocking some dynamic content websites and to create the Application signature in IPS. Wget   using to download files directly instead of opening and surfing the brow
Post a Comment
Read more

AquaSec Container Security Solution ( DevSecOps ) - A quickView

  What is AquaSec?      The Aqua Platform is the leading Cloud Native Application Protection Platform (CNAPP) and provides prevention, detection, and response automation across the entire application lifecycle to secure the supply chain, secure cloud infrastructure, and secure running workloads wherever they are deployed.    Solutions : Cloud Native Security Platform CSPM Cloud Security Container Security Kubernetes Security Serverless Security Cloud VM Security Dynamic Threat Analysis (DTA) Container Vulnerability Scanning Aquasec offers a 14days trial to learn the container security / Automated DevSecOps. Use this link to get free trail  Sign In | Aqua (aquasec.com)   How to start with AquaSec? Once login into the portal click the nine dots in the left-side top > Aqua Hub  Then click the "Integrations" The Integration page has a lot of options to connect your container Platform Choosing your platform provides the required key to integrate. (follow the OEM documents ) The
Post a Comment
Read more

What is IP Obfuscation ? How it's working ? how to use Cuteit tool ?

  What is IP  Obfuscation?     Which is a method to hide or convert a doted format IP address  (e.g. 192.168.192.2)   into an Integer or Hexadecimal value or Octal form by using some mathematical formula. It’s a kind of method to spoof the human eyes and web security services. dot format to Decimal Conversion   piratesshield.com 👉  [172.67.129.3] to translate (172 x256 3 )+(67×256 2 )+(129×256 1 )+(3×256 0 ) =  2890105091 Now you can use  https://2890105091  to access piratesshield.com This is one of the ways to do IP  Obfuscation.  The tool  ‘ Cuteit ‘ is  A simple python tool to help you to social engineer, bypass whitelisting firewalls, potentially break regex rules for command-line logging looking for IP addresses and obfuscate cleartext strings to C2 locations within the payload. HOW TO USE CUTEIT ? Download & Install Cuteit from the below link git :   git clone https://github.com/D4Vinci/Cuteit.git Direct link: https://github.com/D4Vinci/Cuteit/archive/master.zip usage: Cu
Post a Comment
Read more