loller_
Event Stream Manager
LEVEL 1
400 XP
Hey Folks, we are excited to write this masterpiece article on DNS enumeration tool which can help you to find some subdomain takeover vulnerability in different website as well as bounty. Dnsenum is a tool for DNS enumeration, which is the process of locating all DNS servers and DNS entries for an organization. This kind of tools used to gather critical information about the organization such as usernames, computer names, IP addresses etc. We have given a short overview about this tool and now it is time to find details of any target website through this tool.
Let’s start
!!Usage
We do not need to download and configure this tool externally which is a positive point factor against this tool. If you have accidentally forgotten the commands of this tool, you can take the help of “-h” command.
dnsenum -h1dnsenum-h
Live DNS Enumeration
Its not too hard to get hold of this tool we just need to give target URL using “-w” parameter and just
!!.dnsenum -w goooogle.com1dnsenum-wgoooogle.com
Results
The results are out in front of you and you can see that it has identified the real IP address of the domain and also its DNS records.
Name servers
A nameserver usually helps to identify location of a domain name on the internet.
DNS Records
It attempt to dump DNS records of the domain by performing brute forcing. Usually DNS records are very helpful for takeover subdomains as we cannot grab subdomains of organization without looking at CNAME records, A records etc.
Bulk Enumeration
However it is also possible to dump DNS records of any domains by giving own wordlist paths.
dnsenum -f subdomains.txt chpoint.com1dnsenum-fsubdomains.txt chpoint.com
Save Results
We can save the entire results by adding “-o” parameter in command.
dnsenum -f subdomains.txt chargepoint.com -o report.txt1dnsenum-fsubdomains.txt chargepoint.com-oreport.txt
