Dns Enumeration with DNSenum in Kali Linux


Today I will show you how to enumerate DNS using  Dnsenum. These freely downloadable from Internet. Every Penetration testers know that By Enumerating DNS it is possible to get some important public (May be sometime Private information too) information such as Server name, Server IP address, Sub-domain etc. Anyway, Lets use some tools.

The purpose of Dnsenum is to gather as much information as possible about a domain. The program currently performs the following operations:

1) Get the host’s addresse (A record).

2) Get the namservers (threaded).

3) Get the MX record (threaded).

4) Perform axfr queries on nameservers and get BIND versions(threaded).

5) Get extra names and subdomains via google scraping (google query = “allinurl: -www site:domain”).

6) Brute force subdomains from file, can also perform recursion on subdomain that have NS records (all threaded).

7) Calculate C class domain network ranges and perform whois queries on them (threaded).

8) Perform reverse lookups on netranges ( C class or/and whois netranges) (threaded).

9) Write to domain_ips.txt file ip-blocks.

Simply open terminal and enter this simple command  “dnsenum”  then you will get all options to be use:

So simply we can use this command to enumerate :

#dnsenum    target.com.

Screenshot from 2014-05-19 11:03:48

dnsenum outputted some valuable information. But in last it said “brute force file not specified, bay.” This mean that it can take a wordlist for brute forcing the all sub-domain.

#dnsenum –enum -f dns.txt  -r   target.com

Screenshot from 2014-05-19 11:10:52

Screenshot from 2014-05-19 11:16:28

By DNS enumeration you can gather a lot of information about the target and it can prove to be very helpful in a penetration test.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Didier Stevens

(blog \'DidierStevens)


Red Teamer and Security Addict

Digital Hacker

Digital Hacker


IT Security Research and Services


About assembler and stuff

Astr0baby's not so random thoughts _____ rand() % 100;

ψυχῆς ἰατρεῖον "Hospital of the soul"

Penetration Testing Academy

Education and Advice for Rookies

%d bloggers like this: