Kali Linux Day 3: Information Gathering tool: dnsenum

What is dnsenum?

dnsenum is a tool that helps you automate information gathering on a specific target using Domain Name System (DNS) queries (and some Google search results scraping).

What are the features of dnsenum?


Keeping everything simple and understandable, dnsenum can do the following:

  • Get information regarding a specific domain
    • It could be domain addresses / IP addresses
    • Subdomain information (including IP address)
    • Mail server information (including IP address)
  • Discover additional information via Google search
  • Perform bruteforce to find valid subdomains using a file
  • Perform whois and reverse whois lookup

In short, it is the go-to tool if you want to find additional information (such as IP addresses) on your target host by leveraging on the DNS infrastructure and some Google search automation.

For a more technical information, head to the Kali Linux package page over here.

How do I use dnsenum?

As usual, you need to put additional information after command switches (if you do not know what a switch is or how to use it, you can consult my previous post here and here).

dnsenum <insert domain here> <insert switch here> <insert additional information here>..

As for the testing, we will just go with the basics and skip the bruteforce optionWe will also be skipping whois queries since you can always use dmitry if you want to automated whois queries.

Our test target is google.com and we will use the following command:

dnsenum google.com -p 50 -s 50

which means:

  • dnsenum- the command we are running
  • google.com  – the target domain / host
  • -p 50  – a switch required for Google scraping. This means we are going to look at the first 50 pages of the Google search results for hints of any additiona subdomain.
  • -s 50 – a switch also required for Google scraping. This means we are going to limit the maximum subdomains found to 50 items.

Kali Linux tool: Information Gathering: dnsenum

We haven’t touched some of the switches since the command above is the bare bones command that you can use to get information using the tool.

And the testing results?

I was able to find some of Google’s:

  • Host address
  • Names servers
  • Mail servers
dnsenum results for host, name servers and mail servers
dnsenum results for Host, Name, and Mail servers

However, Google scraping was somewhat limited.

dnsenum Google scraping results
dnsenum Google scraping results

Is it illegal?

I personally think not. DNS is a public infrastructure and everyone uses it. You even use it when you are just typing google.com in you browser. DNS is now a trivial thing for user experience that the whole DNS query thing runs in the background.

dnsenum just helps you see the actual output that is taken away from our eyes when using our computers. You can even redo the everything that the tool automates by doing manual DNS query. Therefore, in my opinion, using this tool is not illegal. However, it is safe for you to check your respective laws and regulations just to be sure of it.

If you wanna know more about DNS, head to the reference page of this blog. There is link pointing to a well written article from Microsoft regarding DNS technology.


DNS enumeration is an old technique that is still indispensable in this day of age. It can help you get additional information on a target and help you to possibly map out a network. As a regular person, this might not seem much but as an IT security professional, every bit of information you can squeeze out on your target machine is very important specially if you are planning on hardening your defenses.

Thus, on such occasions that you need to query information about your domain on your DNS, you can use dnsenum.


Care to comment?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Powered by WordPress.com.

Up ↑

%d bloggers like this: