18 may 2010

[DNSRecon] Herramieta para la enumeración de DNS

DNSRecon es una herramienta desarrollada en Ruby por Carlo Perez (DarkOperator) para la enumeración de DNS. La herramienta permite enumerar por medio de rango de IP’s, y consultas directas y de resolución para la identificación de host y subdominios, zonas de transferencia, reverse lookup, etc.

Veamos algunos ejemplos:

Enumeración por medio de rango de IP’s:
root@bt:/pentest/enumeration/dnsrecon# ruby dnsrecon.rb -r 72.232.197.100 72.232.197.130
Reverse Lookup for IP Renge from 72.232.197.100 to 72.232.197.200
100.197.232.72.static.reverse.ltdomains.com,72.232.197.100
101.197.232.72.static.reverse.ltdomains.com,72.232.197.101
102.197.232.72.static.reverse.ltdomains.com,72.232.197.102
103.197.232.72.static.reverse.ltdomains.com,72.232.197.103
104.197.232.72.static.reverse.ltdomains.com,72.232.197.104
105.197.232.72.static.reverse.ltdomains.com,72.232.197.105
dbservidores2.com,72.232.197.106
ns1.dbservidores2.com,72.232.197.107
ns2.dbservidores2.com,72.232.197.108
dimdim.dedicatedplace.com,72.232.197.109
111.197.232.72.static.reverse.ltdomains.com,72.232.197.111
112.197.232.72.static.reverse.ltdomains.com,72.232.197.112
113.197.232.72.static.reverse.ltdomains.com,72.232.197.113
server.suganoissei.info,72.232.197.114
ns1.suganoissei.info,72.232.197.115
ns2.suganoissei.info,72.232.197.116
ns3.suganoissei.info,72.232.197.117
ns4.suganoissei.info,72.232.197.118
119.197.232.72.static.reverse.ltdomains.com,72.232.197.119
120.197.232.72.static.reverse.ltdomains.com,72.232.197.120
ocean.roteador.info,72.232.197.122
ocean.roteador.info,72.232.197.123
ocean.roteador.info,72.232.197.124
ocean.roteador.info,72.232.197.125
ocean.roteador.info,72.232.197.126
127.197.232.72.static.reverse.ltdomains.com,72.232.197.127
128.197.232.72.static.reverse.ltdomains.com,72.232.197.128
129.197.232.72.static.reverse.ltdomains.com,72.232.197.129
us1.goobix.com,72.232.197.130

Enumeración por Top Level Domain Expanssion
root@bt:/pentest/enumeration/dnsrecon# ruby dnsrecon.rb -tld informatica64
informatica64.com,80.81.106.148,A
informatica64.kr,222.231.8.226,A
informatica64.pw,70.87.29.179,A
informatica64.pw,70.87.29.150,A
informatica64.mp,75.101.130.205,A
informatica64.ph,203.119.6.249,A
informatica64.ws,64.70.19.33,A
informatica64.st,195.178.160.40,A
informatica64.tk,94.103.151.195,A
informatica64.tk,193.33.61.2,A
informatica64.tk,209.172.59.196,A
informatica64.tk,217.119.57.22,A
informatica64.vn,203.162.57.28,A

DNS Host y Fuerza Bruta a Dominios
root@bt:/pentest/enumeration/dnsrecon# ruby dnsrecon.rb -b medellin.gov.co hosts.txt
av.medellin.gov.co,200.13.232.107
beta.medellin.gov.co,200.13.232.182
correo.medellin.gov.co,200.13.232.182
live.medellin.gov.co,200.13.232.100
mail.medellin.gov.co,200.13.232.115
omega.medellin.gov.co,200.13.232.101
portal.medellin.gov.co,200.13.232.182

Consulta general de DNS por NS, SOA y Registros MX
root@bt:/pentest/enumeration/dnsrecon# ruby dnsrecon.rb -s telemedellin.tv
telemedellin.tv,67.43.6.235,A
dns1.nettica.com,64.94.136.11,SOA
dns1.nettica.com,64.94.136.11,NS
dns5.nettica.com,212.100.247.15,NS
dns4.nettica.com,69.41.170.223,NS
dns2.nettica.com,64.237.45.34,NS
dns3.nettica.com,64.94.136.13,NS
alt2.aspmx.l.google.com,74.125.113.27,MX,20
aspmx2.googlemail.com,209.85.135.27,MX,30
aspmx3.googlemail.com,72.14.213.27,MX,30
aspmx4.googlemail.com,209.85.229.27,MX,30
aspmx5.googlemail.com,74.125.157.27,MX,30
aspmx.l.google.com,74.125.67.27,MX,10
alt1.aspmx.l.google.com,209.85.211.91,MX,20

Zonas de transferencias
root@bt:/pentest/enumeration/dnsrecon# ruby dnsrecon.rb -axfr elcolombiano.com
Zone transfer failed for redglobal.net
Zone transfer failed for server2i.elcolombiano.com.co
Zone transfer failed for dns1.redelectrica.com

Fuente: http://www.sec-track.com/

Author & Editor

Ingeniero, me gusta la cyberseguridad, la programación y el blockchain.

0 Notaciones:

Publicar un comentario

Labels

0-day (12) 1337day (1) 8.8 (2) Adobe Acrobat (1) Android (2) Anonimato (1) Anonymous (9) BackDoor (2) BackTrack (15) badUSB (1) Base64 (1) Black Hat (7) BlackHat (1) Blackploit (30) Brute Force (3) Bug (106) Bypass Password (1) Bypass Redirect (1) C99 Shell (1) Carding (1) CheatSheet (15) Chilean Way (2) Conference (10) Cryptsetup (1) CSRF (1) DDoS (11) DEF CON (3) DEFCON (7) Dev (1) Diapositivas (1) Diseño Web (1) Distro Linux (27) Documental (2) DoS (2) Drupal (1) DuckDuckGo (1) E-zine (18) Ekoparty (1) Escaneo (4) España (1) Exploit (64) Ezine (1) Facebook (1) Fast-Info (44) FBI (1) Ficheros Binarios (1) Firefox (4) Flash (2) Forense (9) Fuerza Bruta (11) Fuga de Datos (1) GhostShell (1) GNU/Linux (4) Google (2) Guía (1) Hack T00LZ (135) Hack Tips (63) Hacked (6) Hacking (19) Hacking Hardware (5) HashCat (1) Herramientas (125) HighSecCON (1) Humor Geek (13) Infografía (1) Ingeniería Social (5) Inj3ct0r (1) Internet Explorer (3) Java (7) JavaScript (2) Kali (3) KitPloit (6) Leaks (22) Linux OS (79) LulzSec (1) Mac OS (10) Magazine (1) Malaware (3) Malaware Tools (12) Malware (1) Man in the Middle (15) Manuales (3) MD5 CRACK (4) Metasploit (57) MSSQL (1) MySQL (6) MySQL CRACK (1) Nmap (6) Nmap NSE (2) Noticias (200) NTLM CRACK (1) Ofuscar (5) OpenSolaris OS (1) OpenSSL (1) ORACLE (1) OWASP (3) Paper (10) PDF (7) PenTest (14) Perl (2) Phearking (13) Phishing (3) PHP (13) phpMyAdmin (1) PoC (1) Premios Bitacoras (1) Presentaciones (11) PRISM (1) Privacidad (2) Programación (12) Programas Linux (41) Programas Windows (41) Pwned (1) Python (5) Ransomware (1) Reconocimiento (5) Ruby (2) s (1) Scripts (7) Seguridad (150) Seguridad Web (139) Seguridad Wireless (19) Sensitive Data Exposure (2) SHA1 CRACK (1) Shellshock (1) Slides (1) Spoofing (1) Spyware (1) SQLi (19) SQLi Tools (7) SQLMap (2) SSH (1) Textos (74) Tips (57) Troyanos y Virus (11) Trucos (7) Trucos Win (7) Turiales (56) Tutoriales (18) Twitter (1) Ubuntu (2) Underc0de (1) UnderDOCS (1) Unlock (1) URL Redirection (1) UXSS (1) vBulletin (1) Video (48) Virtualización (2) Web T00LZ (16) Wifislax (1) Wikileaks (1) WikiRebels (1) Windows OS (65) Wireless Tools (13) XSS (16) Youtube (1)

 
biz.