Learn how to gather DNS information on a target using dnsenum.
Dnsenum is a tool used for the locating of all DNS servers and DNS entries for a target. DNS enumeration is an important tool to have as it allows us to gather critical information about the organisation, such as usernames, computer names, IP addresses, etc.
You can use Kali Linux in a VM for this lab.
Dnsenum comes pre-installed on Kali Linux, so we will begin by looking at the help screen for this tool by using this command:
Our first target will be google.com. To perform a comprehensive DNS enumeration on this site, use the following command:
dnsenum -enum google.com
This will perform a comprehensive information gathering scan on the domain google.com. It will provide us with information such as the different host IP addresses, name servers, mail servers, sub domains, and will even attempt some domain takeovers.
It will also perform automatic brute forcing of some of the most common subdomains, such as admin.google.com, and provide you with this information. This is very useful information as it gives you a better idea of the attack surface of a target.
We can also perform a brute force search for all subdomains associated with a site by using a custom file. This allows us to search for any subdomains we deem to be valuable. This can be done using the following sample command:
dnsenum -f list.txt -r google.com