Polinis
Keyword King
2
MONTHS
2 2 MONTHS OF SERVICE
LEVEL 1
400 XP
Hey Folks, today in this article we are going to mention all the in-built DNS enumeration tools of kali linux which can take place in your bug bounty hunting tool list. All the tools that we will tell you in this article, some of them are pre-installed and we have to install the rest ourselves, but they are associated with repositories, so we can easily install them using “apt-get” command. can.
So let’s be it
!!Dig – DNS Enumeration Tool
Dig is a network administration command-line tool for querying the
DNS nameservers. It can identify IP address records, record the query route as it obtains answers from an authoritative nameserver, diagnose other DNS problems. It comes pre-installed in Kali Linux system so that it is easy to operate.
dig -h1dig-h
So let’s take some examples now and know whether it really provides accurate results or not? We take any target and put its url here and within a few seconds it successfully dumps all the records as well as the correct IP address of that web address.
Usage
!! dig < target URL >dig testphp.vulnweb.com1dig testphp.vulnweb.com
Grab Exact Output
There are several filters available in this tool, with some of the most useful commands being “short” and “noall”. Both command are very useful for only obtains reverse lookup.
dig testphp.vulnweb.com +short
dig testphp.vulnweb.com +noall +answer12dig testphp.vulnweb.com+shortdig testphp.vulnweb.com+noall+answer
Dot Notation
It’s used for shortcut of reverse lookup and obtains annotated results.
dig -x 18.192.172.301dig-x18.192.172.30
Nslookup Tool
Nslookup is a network administration command-line tool for querying the Domain Name System to obtain the mapping between domain name and IP address, or other DNS records. As you can see when we enter the web address it automatically shows us the IP address of the web address.
nslookup testphp.vulnweb.com1nslookup testphp.vulnweb.com
Dump Records
Also we can get only specific records of any domain with below commands.
nslookup -type=ns testphp.vulnweb.com
nslookup -type=a testphp.vulnweb.com
nslookup -type=mx testphp.vulnweb.com123nslookup-type=ns testphp.vulnweb.comnslookup-type=atestphp.vulnweb.comnslookup-type=mx testphp.vulnweb.com
Dnsrecon and Dnstracer
Both the tools are useful to get DNS records of any domain and even both are very easy to operate. But the bad thing is that we have to install these tools by “apt-get” command as it is not pre-installed so let’s configure it first using below command.
apt install dnsrecon dnstracer1apt install dnsrecon dnstracer
Dnsrecon
DNS reconnaissance is part of the information gathering phase of hacking or penetration testing because sometimes attackers can easily use such tools to grab subdomains of organizations and host their own phishing pages. So we can check all our DNS records at once through this tool to protect us from hackers.
dnsrecon -d secnhack.in1dnsrecon-dsecnhack.in
Dnstracer
Dnstracer determines where a given Domain Name Server (DNS) gets its information from for a given hostname, and follows the chain of DNS servers back to the authoritative answer. We can trace dns records vwith the help of this tool.
dnstracer secnhack.in1dnstracer secnhack.in
Dnsdomainname
Dnsdomainname will print the domain part of the FQDN (Fully Qualified Domain Name). This is also known as the YP/NIS domain name of the system. It comes pre-installed so you don’t have to configure it externally.
dnsdomainname -h1dnsdomainname-h
