dns enumeration
Quick note on DNS enumeration since I might not remember this tool in the morning..
Fierce will use the hosts.txt file that lives in the directory below to lookup any possible DNS A records
Indeed we will :)
Fierce will use the hosts.txt file that lives in the directory below to lookup any possible DNS A records
root@bt:/pentest/enumeration/dns/fierce# ./fierce.pl -dns domain.com -threads 5 -wide
DNS Servers for domain.com:
xns1.domain.com
xns2.domain.com
Trying zone transfer first...
Testing xns1.domain.com
Request timed out or transfer not allowed.
Testing xns2.domain.com
Request timed out or transfer not allowed.
Unsuccessful in zone transfer (it was worth a shot)
Okay, trying the good old fashioned way... brute force
Checking for wildcard DNS...
Nope. Good.
Now performing 1895 test(s)...
result snip
Subnets found (may want to probe here using nmap or unicornscan):
127.0.0.0-255 : 1 hostnames found.
194.xxx.xxx.0-255 : 8 hostnames found.
194.xxx.xxx.0-255 : 9 hostnames found.
194.xxx.xxx.0-255 : 19 hostnames found.
194.xxx.xxx.0-255 : 2 hostnames found.
212.xxx.xxx.0-255 : 3 hostnames found.
Done with Fierce scan: http://ha.ckers.org/fierce/
Found 42 entries.
Have a nice day.
Indeed we will :)