Enumerasi Catatan DNS dengan DNSRecon

Minggu, 16 Desember 2018

Enumerasi Catatan DNS dengan DNSRecon - DNSRecon adalah tool yang ditulis dengan bahasa pemrograman Python oleh @darkoperator. Tool ini biasa digunakan untuk melakukan recon DNS pada saat kita melakukan information gathering.

Tool ini bisa digunakan untuk melakukan hal berikut:
  • Check all NS Records for Zone Transfers.
  • Enumerate General DNS Records for a given Domain (MX, SOA, NS, A, AAAA, SPF and TXT).
  • Perform common SRV Record Enumeration.
  • Top Level Domain (TLD) Expansion.
  • Check for Wildcard Resolution.
  • Brute Force subdomain and host A and AAAA records given a domain and a wordlist.
  • Perform a PTR Record lookup for a given IP Range or CIDR.
  • Check a DNS Server Cached records for A, AAAA and CNAME Records provided a list of host records in a text file to check.
  • Enumerate Common mDNS records in the Local Network
  • Enumerate Hosts and Subdomains using Google

Jika kalian pengguna Kali Linux, tool ini sudah tersedia di sistem sejak Kali Linux diinstall (pre-installed). Namun jika kalian pengguna distro lain, kalian bisa menggunakan tool ini setelah mendownload dari GitHub. Tentu saja kalian harus menginstall python terlebih dahulu.

Tool ini bisa digunakan untuk melakukan enumerasi menggunakan brute force maupun dengan memanfaatkan hasil yang tercatat di mesin pencarian Google.


Berikut adalah perintah yang bisa kalian gunakan:

haruno@yukinoshita:~$ dnsrecon -h
usage: dnsrecon.py [-h] [-d DOMAIN] [-n NS_SERVER] [-r RANGE] [-D DICTIONARY]
                   [-f] [-t TYPE] [-a] [-s] [-g] [-b] [-k] [-w] [-z]
                   [--threads THREADS] [--lifetime LIFETIME] [--db DB]
                   [-x XML] [-c CSV] [-j JSON] [--iw] [-v]

optional arguments:
  -h, --help            show this help message and exit
  -d DOMAIN, --domain DOMAIN
                        Target domain.
  -n NS_SERVER, --name_server NS_SERVER
                        Domain server to use. If none is given, the SOA of the
                        target will be used.
  -r RANGE, --range RANGE
                        IP range for reverse lookup brute force in formats
                        (first-last) or in (range/bitmask).
  -D DICTIONARY, --dictionary DICTIONARY
                        Dictionary file of subdomain and hostnames to use for
                        brute force. Filter out of brute force domain lookup,
                        records that resolve to the wildcard defined IP
                        address when saving records.
  -f                    Filter out of brute force domain lookup, records that
                        resolve to the wildcard defined IP address when saving
                        records.
  -t TYPE, --type TYPE  Type of enumeration to perform.
  -a                    Perform AXFR with standard enumeration.
  -s                    Perform a reverse lookup of IPv4 ranges in the SPF
                        record with standard enumeration.
  -g                    Perform Google enumeration with standard enumeration.
  -b                    Perform Bing enumeration with standard enumeration.
  -k                    Perform crt.sh enumeration with standard enumeration.
  -w                    Perform deep whois record analysis and reverse lookup
                        of IP ranges found through Whois when doing a standard
                        enumeration.
  -z                    Performs a DNSSEC zone walk with standard enumeration.
  --threads THREADS     Number of threads to use in reverse lookups, forward
                        lookups, brute force and SRV record enumeration.
  --lifetime LIFETIME   Time to wait for a server to response to a query.
  --db DB               SQLite 3 file to save found records.
  -x XML, --xml XML     XML file to save found records.
  -c CSV, --csv CSV     Comma separated value file.
  -j JSON, --json JSON  JSON file.
  --iw                  Continue brute forcing a domain even if a wildcard
                        records are discovered.
  -v                    Enable verbose


Tool ini merupakan salahsatu favorit saya untuk melakukan recon dns. Nah, bagi yang tertarik, bisa langsung download di GitHub:

Sekian artikel kali ini dan semoga bermanfaat.

Artikel Terkait Kali Linux ,Security ,Utilities