Skip to content

Latest commit

 

History

History
67 lines (59 loc) · 2.22 KB

README.md

File metadata and controls

67 lines (59 loc) · 2.22 KB

DNSenum

DNSenum is a Bash script for DNS Enumeration. Try to resolve all subdomains of a given domain name.

Usage

+
+ Usage: ./dnsenum.sh -d <domain> [-f <file] [-n <dns server>] [-c]
+
+ -d <domain>       Domain name to test
+ -f <file>         Subdomain list file to use for test
+ -n <dns server>   DNS Server to use for query
+ -c                Check for HTTP Server banner
+ -v                Check Domain on VirusTotal
+ -s                Set Shodan API Key in order to query it
+ -r <result>       Show only result that match <result>
+

Example

# ./dnsenum.sh -d iol.it -c

+
+ Dns Enumeration for domain iol.it
+
                 www | CNAME      | www.italiaonline.it.           | CloudFront
                mail | CNAME      | mail.libero.it.                |           
                 ftp | CNAME      | merope.iol.it.                 |           
             webmail | CNAME      | webmail.libero.it.             | Apache
                smtp | A          | 212.48.24.42                   |           
                 pop | CNAME      | popimap.iol.it.                |           
        autodiscover | A          | 212.48.24.27                   |           
          autoconfig | CNAME      | autoconfig.libero.it.          | Apache/2.2.15 (CentOS)
                pop3 | CNAME      | popimap.iol.it.                |           
                imap | CNAME      | popimap.iol.it.                |           
                www1 | CNAME      | nacho2000.iol.it.              |           
Trying www.blog ...

Example using -v that check the domain on VirusTotal

# ./dnsenum.sh -d waf.red -v

+
+ Dns Enumeration for domain waf.red
+ Check URL on VirusTotal
+

+
+ Querying VirusTotal...
+ Result from VirusTotal:
+
                blog | CNAME      | node1.waf.red.                 |           
+
+ End Results from VirusTotal.
+

+
+ Start enumeration from file...
+
             waf.red | A          | 188.166.133.184                |           
                 www | A          | 188.166.133.184                |           
                blog | CNAME      | node1.waf.red.                 |
trying www2...

Example video