dnsenum

Posted ありふれた

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了dnsenum相关的知识,希望对你有一定的参考价值。

介绍

dns域名信息收集工具

帮助文件

root@kali:~# dnsenum --help
dnsenum VERSION:1.2.6
Usage: dnsenum [Options] <domain>
[Options]:
Note: If no -f tag supplied will default to /usr/share/dnsenum/dns.txt or
the dns.txt file in the same directory as dnsenum.pl
#如果不加-f参数默认使用/usr/share/dnsenum/dns.txt或者dnsenum.pl在同一目录的dns.txt文件
GENERAL OPTIONS: #一般选项
  --dnsserver   <server> #为A、NS、MX查询使用指定的dns server
               #A记录:address,指主机名地址对应记录
               #NS记录:nameserver,解析域名所用的dns服务器记录
               #MX记录:mail exchanger,邮件交换记录,指向邮件服务器,用于电子邮件系统发邮件时根据收件人地址后缀定位邮件服务器
                
                        Use this DNS server for A, NS and MX queries.
  --enum                Shortcut option equivalent to --threads 5 -s 15 -w.
               #快速扫描,相当于--threads 5 -s 15 -w
  -h, --help            Print this help message.
  --noreverse           Skip the reverse lookup operations. #跳过反向查找步骤
  --nocolor             Disable ANSIColor output. #禁用ANSColor输出
  --private             Show and save private ips at the end of the file domain_ips.txt.
                #显示和保存私有ips(入侵防御系统?)信息到domain_ips.txt的末尾
  --subfile <file>      Write all valid subdomains to this file. #保存所有有效的子域到指定文件
  -t, --timeout <value> The tcp and udp timeout values in seconds (default: 10s).#指定TCP/UDP超时时间(s),默认10s
  --threads <value>     The number of threads that will perform different queries.#指定执行不通查询的线程数
  -v, --verbose         Be verbose: show all the progress and all the error messages. #显示所有过程和错误信息
GOOGLE SCRAPING OPTIONS: #谷歌搜索选项
  -p, --pages <value>   The number of google search pages to process when scraping names,
                        the default is 5 pages, the -s switch must be specified.
                #指定在抓取谷歌搜索关键字页面的页数,默认5,必须指定-s参数
  -s, --scrap <value>   The maximum number of subdomains that will be scraped from Google (default 15).
               #指定在谷歌中收集的子域的最大数目,默认15
BRUTE FORCE OPTIONS: #暴力破解选项
  -f, --file <file>     Read subdomains from this file to perform brute force. (Takes priority over default dns.txt)
              #从指定文件中读取子域进行猜测
  -u, --update  <a|g|r|z>
                        Update the file specified with the -f switch with valid subdomains.
                #使用有效的子域更新-f指定的文件
        a (all)         Update using all results.#使用所有结果更新
        g               Update using only google scraping results.只使用google搜索到的结果更新
        r               Update using only reverse lookup results.#只使用反向查找的结果更新
        z               Update using only zonetransfer results. #只使用DNS区域传输的结果更新
  -r, --recursion       Recursion on subdomains, brute force all discovered subdomains that have an NS record.
                #递归穷举所有子域,暴力猜测所有具有NS记录的子域
WHOIS NETRANGE OPTIONS: #whois网络范围选项
  -d, --delay <value>   The maximum value of seconds to wait between whois queries, the value is defined randomly, default: 3s.
                #whois查询等待的最大时间(s),该值是随机定义的,默认为3(?) 
 -w, --whois           Perform the whois queries on c class network ranges.
                         **Warning**: this can generate very large netranges and it will take lot of time to perform reverse lookups.
                #在c类网络范围内执行whois查询,警告:这样的查询范围非常大,会消耗大量的时间执行反向查询
REVERSE LOOKUP OPTIONS:  #反向查询选项
  -e, --exclude <regexp>
                        Exclude PTR records that match the regexp expression from reverse lookup results, useful on invalid hostnames.
                #在反向查询结果中排除符合正则表达式的PTR记录(指针记录,电子邮件系统的邮件交换记录的一种,用于反向解析)
                #用于排除无效的主机名
OUTPUT OPTIONS: #输出选项
  -o --output <file>    Output in XML format. Can be imported in MagicTree (www.gremwell.com)
                #输出XML格式,能够导入MagicTree工具

 测试

google相关选项需要配置代理以访问google,这里简单测试下qq.com

root@kali:~# dnsenum qq.com
dnsenum VERSION:1.2.6

----- qq.com -----


Host\'s addresses: #主机地址
__________________

qq.com. 5 IN A 183.3.226.35
qq.com. 5 IN A 61.129.7.47
qq.com. 5 IN A 123.151.137.18


Name Servers: #域名服务器
______________

ns3.qq.com. 5 IN A 112.60.1.69
ns3.qq.com. 5 IN A 183.192.201.116
ns4.qq.com. 5 IN A 58.144.154.100
ns4.qq.com. 5 IN A 125.39.46.125
ns4.qq.com. 5 IN A 203.205.221.79
ns2.qq.com. 5 IN A 203.205.177.41
ns2.qq.com. 5 IN A 121.51.160.100
ns2.qq.com. 5 IN A 123.151.66.78
ns1.qq.com. 5 IN A 157.255.246.101
ns1.qq.com. 5 IN A 183.3.226.207
ns1.qq.com. 5 IN A 101.89.19.165


Mail (MX) Servers:  #邮件服务器
___________________

mx2.qq.com. 5 IN A 113.96.208.206
mx3.qq.com. 5 IN A 58.251.110.111
mx1.qq.com. 5 IN A 113.96.208.206


Trying Zone Transfers and getting Bind Versions: 

#尝试在在区域传输中获取BIND(Berkeley Internet Name Domain)版本信息
_________________________________________________


Trying Zone Transfer for qq.com on ns3.qq.com ...
AXFR record query failed: REFUSED

Trying Zone Transfer for qq.com on ns4.qq.com ...
AXFR record query failed: REFUSED

Trying Zone Transfer for qq.com on ns2.qq.com ...
AXFR record query failed: REFUSED

Trying Zone Transfer for qq.com on ns1.qq.com ...
AXFR record query failed: REFUSED


Brute forcing with /usr/share/dnsenum/dns.txt: #从dns.txt文件中读取子域名进行猜测可能存在的子域名
_______________________________________________

11.qq.com. 5 IN CNAME 0.0.0.1.
25.qq.com. 5 IN A 0.0.0.1
33.qq.com. 5 IN A 0.0.0.1
...

...

 

 

参考

https://blog.csdn.net/qq_17204441/article/details/89324101 #应用nslookup命令查看A记录、MX记录、CNAME记录和NS记录

https://www.cnblogs.com/jfzhu/p/3996323.html#正向查找与反向查找

https://blog.csdn.net/daxueba/article/details/53994178 #DNS区域传送

https://baike.baidu.com/item/PTR%E8%AE%B0%E5%BD%95/8243039?fr=aladdin #PTR记录

https://blog.csdn.net/jeanphorn/article/details/44886247 #MagicTree工具

https://blog.csdn.net/Jiajiajiang_/article/details/97142930 #dnsenum命令详解

以上是关于dnsenum的主要内容,如果未能解决你的问题,请参考以下文章

信息收集之DNS信息收集 -- dnsenum

Kali DNS枚举工具之dnsenum

渗透测试流程

微信小程序代码片段

VSCode自定义代码片段——CSS选择器

谷歌浏览器调试jsp 引入代码片段,如何调试代码片段中的js