What is dnsenum?
dnsenum is a tool that helps you automate information gathering on a specific target using Domain Name System (DNS) queries (and some Google search results scraping).
What are the features of dnsenum?
Keeping everything simple and understandable, dnsenum can do the following:
- Get information regarding a specific domain
- It could be domain addresses / IP addresses
- Subdomain information (including IP address)
- Mail server information (including IP address)
- Discover additional information via Google search
- Perform bruteforce to find valid subdomains using a file
- Perform whois and reverse whois lookup
In short, it is the go-to tool if you want to find additional information (such as IP addresses) on your target host by leveraging on the DNS infrastructure and some Google search automation.
For a more technical information, head to the Kali Linux package page over here.
How do I use dnsenum?
dnsenum <insert domain here> <insert switch here> <insert additional information here>..
As for the testing, we will just go with the basics and skip the bruteforce option. We will also be skipping whois queries since you can always use dmitry if you want to automated whois queries.
Our test target is google.com and we will use the following command:
dnsenum google.com -p 50 -s 50
- dnsenum- the command we are running
- google.com – the target domain / host
- -p 50 – a switch required for Google scraping. This means we are going to look at the first 50 pages of the Google search results for hints of any additiona subdomain.
- -s 50 – a switch also required for Google scraping. This means we are going to limit the maximum subdomains found to 50 items.
We haven’t touched some of the switches since the command above is the bare bones command that you can use to get information using the tool.
And the testing results?
I was able to find some of Google’s:
- Host address
- Names servers
- Mail servers
However, Google scraping was somewhat limited.
Is it illegal?
I personally think not. DNS is a public infrastructure and everyone uses it. You even use it when you are just typing google.com in you browser. DNS is now a trivial thing for user experience that the whole DNS query thing runs in the background.
dnsenum just helps you see the actual output that is taken away from our eyes when using our computers. You can even redo the everything that the tool automates by doing manual DNS query. Therefore, in my opinion, using this tool is not illegal. However, it is safe for you to check your respective laws and regulations just to be sure of it.
If you wanna know more about DNS, head to the reference page of this blog. There is link pointing to a well written article from Microsoft regarding DNS technology.
DNS enumeration is an old technique that is still indispensable in this day of age. It can help you get additional information on a target and help you to possibly map out a network. As a regular person, this might not seem much but as an IT security professional, every bit of information you can squeeze out on your target machine is very important specially if you are planning on hardening your defenses.
Thus, on such occasions that you need to query information about your domain on your DNS, you can use dnsenum.