How to DNS Enumeration with Kali Linux Tutorial

When it comes to web server’s penetration-testing, a DNS server is always on the top of the list because DNS server is the core gateway of an internal enterprise to the mighty internet. Information gathering, as we all know is an important part of Penetration, so gathering information about the DNS is just as important as the DNS server. Even if an attacker can enumerate a DNS server it can prove very lethal to the Organization whose information is stored on the server. In this tutorial we will be looking at several tools and their usage by which we can enumerate a DNS server in several ways. For this we will open CMD shell in BT and type cd /pentest/enumeration/dns1

Then type ls The list of DNS enumeration tools will appear and we will take a look at the use of all tools.2First we will use dnsenum tool.3It is very easy to use this tool, just type the command in the format perl dnsenum.pl4It will generate results as shown in below picture.5It provided us with the list of entire IPs used by the website including the mail servers.6Now the trick to extract information that we need for further phases of Pen-testing e.g if you want to test the mail server you can telnet it and exploit it by foot-printing (will be explained in upcoming tutorials). The next tool that we will use is dnswalk.7It is also a very good tool for enumerating and provides with filtered information of the target.You can access it by cd dns command in dns folder. Only the difference in the input is In Dnswalk the target ends with a “.”8We got the results here, as we have mentioned earlier dnswalk only provides basic information like SOA server and warnings. It is a partial enumeration testing tool.9Next tool we will be digging is called dnsrecon, You can find this in the dns folder, It is a tool written python scripting.10Now as you can see below that we have performed multiple operations with dnsrecon which will be explained further. You can retrieve SRV records of the target also query SOA etc.11For retrieving SRV records you have to type the command ./dnsrecon.py –t srv –d target name.12Now here is how the result of the srv records look like:13And here’s how we query the SOA, NS and MX of the servers using the command ./dnsrecon.py –t std –d And here how the result will look like:14By DNS enumeration you can gather a lot of information about the target and it can prove to be very helpful in a penetration test.