kali工具箱

DNSRecon包装说明

DNSRecon提供执行的能力：

检查所有的NS记录区域传送
列举一般DNS记录给定域（MX，SOA，NS，A，AAAA，SPF和TXT）
执行常见的SRV记录枚举。顶级域名（TLD）扩展
检查通配符解析
蛮力子域名和主机A和AAAA记录中的一个域和单词表
对于给定的IP范围或CIDR执行PTR记录查询
检查缓存记录A，AAAA和CNAME记录在一个文本文件中提供的主机记录列表的DNS服务器来检查
枚举在使用谷歌的本地网络枚举主机和子共同的mDNS记录

资料来源：DNSRecon自述
DNSRecon首页 | 卡利DNSRecon回购

作者：卡洛斯·佩雷斯
许可：GPL第二版

包含在dnsrecon包工具

dnsrecon - 一个强大的DNS枚举脚本

[email protected]:~# dnsrecon -h

Version: 0.8.7

Usage: dnsrecon.py



Options:

-h, --help Show this help message and exit

-d, --domain Domain to Target for enumeration.

-r, --range IP Range for reverse look-up brute force in formats (first-last)

or in (range/bitmask).

-n, --name_server Domain server to use, if none is given the SOA of the

target will be used

-D, --dictionary Dictionary file of sub-domain and hostnames to use for

brute force.

-f Filter out of Brute Force Domain lookup records that resolve to

the wildcard defined IP Address when saving records.

-t, --type Specify the type of enumeration to perform:

std To Enumerate general record types, enumerates.

SOA, NS, A, AAAA, MX and SRV if AXRF on the

NS Servers fail.



rvl To Reverse Look Up a given CIDR IP range.



brt To Brute force Domains and Hosts using a given

dictionary.



srv To Enumerate common SRV Records for a given



domain.



axfr Test all NS Servers in a domain for misconfigured

zone transfers.



goo Perform Google search for sub-domains and hosts.



snoop To Perform a Cache Snooping against all NS

servers for a given domain, testing all with

file containing the domains, file given with -D

option.



tld Will remove the TLD of given domain and test against

all TLD's registered in IANA



zonewalk Will perform a DNSSEC Zone Walk using NSEC Records.



-a Perform AXFR with the standard enumeration.

-s Perform Reverse Look-up of ipv4 ranges in the SPF Record of the

targeted domain with the standard enumeration.

-g Perform Google enumeration with the standard enumeration.

-w Do deep whois record analysis and reverse look-up of IP

ranges found thru whois when doing standard query.

-z Performs a DNSSEC Zone Walk with the standard enumeration.

--threads Number of threads to use in Range Reverse Look-up, Forward

Look-up Brute force and SRV Record Enumeration

--lifetime Time to wait for a server to response to a query.

--db SQLite 3 file to save found records.

--xml XML File to save found records.

--iw Continua bruteforcing a domain even if a wildcard record resolution is discovered.

-c, --csv Comma separated value file.

-v Show attempts in the bruteforce modes.

dnsrecon用法示例

扫描域（-d example.com），使用字典来暴力破解的主机名（-D /usr/share/wordlists/dnsmap.txt），做一个标准的扫描（-t STD），输出保存到一个文件（-xml dnsrecon.xml）：

[email protected]:~# dnsrecon -d example.com -D /usr/share/wordlists/dnsmap.txt -t std --xml dnsrecon.xml

[*] Performing General Enumeration of Domain:

[*] DNSSEC is configured for example.com

[*] DNSKEYs: