[DNSRecon] Herramieta para la enumeración de DNS

DNSRecon es una herramienta desarrollada en Ruby por Carlo Perez (DarkOperator) para la enumeración de DNS. La herramienta permite enumerar por medio de rango de IP’s, y consultas directas y de resolución para la identificación de host y subdominios, zonas de transferencia, reverse lookup, etc.

Veamos algunos ejemplos:

Enumeración por medio de rango de IP’s:

root@bt:/pentest/enumeration/dnsrecon# ruby dnsrecon.rb -r 72.232.197.100 72.232.197.130
Reverse Lookup for IP Renge from 72.232.197.100 to 72.232.197.200
100.197.232.72.static.reverse.ltdomains.com,72.232.197.100
101.197.232.72.static.reverse.ltdomains.com,72.232.197.101
102.197.232.72.static.reverse.ltdomains.com,72.232.197.102
103.197.232.72.static.reverse.ltdomains.com,72.232.197.103
104.197.232.72.static.reverse.ltdomains.com,72.232.197.104
105.197.232.72.static.reverse.ltdomains.com,72.232.197.105
dbservidores2.com,72.232.197.106
ns1.dbservidores2.com,72.232.197.107
ns2.dbservidores2.com,72.232.197.108
dimdim.dedicatedplace.com,72.232.197.109
111.197.232.72.static.reverse.ltdomains.com,72.232.197.111
112.197.232.72.static.reverse.ltdomains.com,72.232.197.112
113.197.232.72.static.reverse.ltdomains.com,72.232.197.113
server.suganoissei.info,72.232.197.114
ns1.suganoissei.info,72.232.197.115
ns2.suganoissei.info,72.232.197.116
ns3.suganoissei.info,72.232.197.117
ns4.suganoissei.info,72.232.197.118
119.197.232.72.static.reverse.ltdomains.com,72.232.197.119
120.197.232.72.static.reverse.ltdomains.com,72.232.197.120
ocean.roteador.info,72.232.197.122
ocean.roteador.info,72.232.197.123
ocean.roteador.info,72.232.197.124
ocean.roteador.info,72.232.197.125
ocean.roteador.info,72.232.197.126
127.197.232.72.static.reverse.ltdomains.com,72.232.197.127
128.197.232.72.static.reverse.ltdomains.com,72.232.197.128
129.197.232.72.static.reverse.ltdomains.com,72.232.197.129
us1.goobix.com,72.232.197.130

Enumeración por Top Level Domain Expanssion

root@bt:/pentest/enumeration/dnsrecon# ruby dnsrecon.rb -tld informatica64
informatica64.com,80.81.106.148,A
informatica64.kr,222.231.8.226,A
informatica64.pw,70.87.29.179,A
informatica64.pw,70.87.29.150,A
informatica64.mp,75.101.130.205,A
informatica64.ph,203.119.6.249,A
informatica64.ws,64.70.19.33,A
informatica64.st,195.178.160.40,A
informatica64.tk,94.103.151.195,A
informatica64.tk,193.33.61.2,A
informatica64.tk,209.172.59.196,A
informatica64.tk,217.119.57.22,A
informatica64.vn,203.162.57.28,A

DNS Host y Fuerza Bruta a Dominios

root@bt:/pentest/enumeration/dnsrecon# ruby dnsrecon.rb -b medellin.gov.co hosts.txt
av.medellin.gov.co,200.13.232.107
beta.medellin.gov.co,200.13.232.182
correo.medellin.gov.co,200.13.232.182
live.medellin.gov.co,200.13.232.100
mail.medellin.gov.co,200.13.232.115
omega.medellin.gov.co,200.13.232.101
portal.medellin.gov.co,200.13.232.182

Consulta general de DNS por NS, SOA y Registros MX

root@bt:/pentest/enumeration/dnsrecon# ruby dnsrecon.rb -s telemedellin.tv
telemedellin.tv,67.43.6.235,A
dns1.nettica.com,64.94.136.11,SOA
dns1.nettica.com,64.94.136.11,NS
dns5.nettica.com,212.100.247.15,NS
dns4.nettica.com,69.41.170.223,NS
dns2.nettica.com,64.237.45.34,NS
dns3.nettica.com,64.94.136.13,NS
alt2.aspmx.l.google.com,74.125.113.27,MX,20
aspmx2.googlemail.com,209.85.135.27,MX,30
aspmx3.googlemail.com,72.14.213.27,MX,30
aspmx4.googlemail.com,209.85.229.27,MX,30
aspmx5.googlemail.com,74.125.157.27,MX,30
aspmx.l.google.com,74.125.67.27,MX,10
alt1.aspmx.l.google.com,209.85.211.91,MX,20

Zonas de transferencias

root@bt:/pentest/enumeration/dnsrecon# ruby dnsrecon.rb -axfr elcolombiano.com
Zone transfer failed for redglobal.net
Zone transfer failed for server2i.elcolombiano.com.co
Zone transfer failed for dns1.redelectrica.com

Fuente: http://www.sec-track.com/

Author & Editor

Ingeniero, me gusta la cyberseguridad, la programación y el blockchain.