DNSenum is a powerful tool used for enumerating DNS information about a domain. It is often used by security professionals and system administrators to gather valuable information about a domain’s DNS configuration and potential vulnerabilities.
Installing DNSenum
To use DNSenum on Linux, you first need to install it. Fortunately, DNSenum is readily available in many Linux distributions’ package repositories, making the installation process straightforward.
For example, if you are using Ubuntu or Debian, you can install DNSenum by running the following command:
sudo apt-get install dnsenum
Once the installation is complete, you can start using DNSenum.
Use DNSenum on Linux
DNSenum has several command-line options that allow you to customize its behavior and the type of information it retrieves. Here are some common examples:
Basic DNS Enumeration:Â
| PARAMETER | USGE |
|---|---|
| --dnsserver | Use this DNS server for A, NS and MX queries. |
| --enum | Shortcut option equivalent to --threads 5 -s 15 -w. |
| -h, --help | Print this help message. |
| --noreverse | Skip the reverse lookup operations. |
| --nocolor | Disable ANSIColor output. |
| --private | Show and save private ips at the end of the file domain_ips.txt. |
| --subfile | Write all valid subdomains to this file. |
| -t, --timeout | The tcp and udp timeout values in seconds (default: 10s). |
| --threads | The number of threads that will perform different queries. |
| -v, --verbose | Be verbose: show all the progress and all the error messages. |
To perform a basic DNS enumeration, use the following command:
dnsenum example.com
This command will retrieve information such as the domain’s nameservers, MX records, and other DNS records.
Brute Force Subdomains:Â
| PARAMETER | USAGE |
|---|---|
| -f, --file | Read subdomains from this file to perform brute force. (Takes priority over default dns.txt) |
| -u, --update | Update the file specified with the -f switch with valid subdomains |
| a (all) | Update using all results. |
| g | Update using only google scraping results. |
| r | Update using only reverse lookup results. |
| z | Update using only zonetransfer results. |
| -r, --recursion | Recursion on subdomains, brute force all discovered subdomains that have an NS record. |
DNSenum can also be used to perform brute force subdomain enumeration. This can be useful for discovering hidden or forgotten subdomains. To perform subdomain brute forcing, use the following command:
dnsenum --enum example.com
This command will attempt to enumerate all possible subdomains of the specified domain.
Perform Zone Transfer:
| PARAMETER | USAGE |
|---|---|
| -d, --delay | The maximum value of seconds to wait between whois queries, the value is defined randomly, default: 3s. |
| -w, --whois | Perform the whois queries on c class network ranges. **Warning**: this can generate very large netranges and it will take lot of time to perform reverse lookups. |
| PARAMETER | USAGE |
|---|---|
| -e, --exclude | Exclude PTR records that match the regexp expression from reverse lookup results, useful on invalid hostnames. |
| -o --output | Output in XML format. Can be imported in MagicTree (www.cybertechhack.com) |
DNSenum can also be used to check if a domain allows zone transfers. Zone transfers can sometimes lead to the discovery of sensitive information. To perform a zone transfer, use the following command:
dnsenum --zonetransfer example.com
This command will check if the domain allows zone transfers and retrieve the DNS zone information if it is allowed.
DNSenum is a powerful tool for DNS enumeration on Linux. By using DNSenum, you can gather valuable information about a domain’s DNS configuration and potential vulnerabilities. Whether you are a security professional or a system administrator, DNSenum can be a valuable addition to your toolkit.