简介
dnsenum的目的是尽可能收集一个域的信息,它能够通过谷歌或者字典文件猜测可能存在的域名,以及对一个网段进行反向查询。它可以查询网站的主机地址信息、域名服务器、mx record(函件交换记录),在域名服务器上执行axfr请求,通过谷歌脚本得到扩展域名信息(google hacking),提取自域名并查询,计算C类地址并执行whois查询,执行反向查询,把地址段写入文件。--摘自百度百科。
详解
使用dnsenum -h
查看使用文档。
┌──(root㉿kali)-[~]
└─# dnsenum -h
dnsenum VERSION:1.2.6
Usage: dnsenum [Options] <domain>
[Options]:
Note: If no -f tag supplied will default to /usr/share/dnsenum/dns.txt or
the dns.txt file in the same directory as dnsenum.pl
GENERAL OPTIONS:
--dnsserver <server>
Use this DNS server for A, NS and MX queries.
--enum Shortcut option equivalent to --threads 5 -s 15 -w.
-h, --help Print this help message.
--noreverse Skip the reverse lookup operations.
--nocolor Disable ANSIColor output.
--private Show and save private ips at the end of the file domain_ips.txt.
--subfile <file> Write all valid subdomains to this file.
-t, --timeout <value> The tcp and udp timeout values in seconds (default: 10s).
--threads <value> The number of threads that will perform different queries.
-v, --verbose Be verbose: show all the progress and all the error messages.
GOOGLE SCRAPING OPTIONS:
-p, --pages <value> The number of google search pages to process when scraping names,
the default is 5 pages, the -s switch must be specified.
-s, --scrap <value> The maximum number of subdomains that will be scraped from Google (default 15).
BRUTE FORCE OPTIONS:
-f, --file <file> Read subdomains from this file to perform brute force. (Takes priority over default dns.txt)
-u, --update <a|g|r|z>
Update the file specified with the -f switch with valid subdomains.
a (all) Update using all results.
g Update using only google scraping results.
r Update using only reverse lookup results.
z Update using only zonetransfer results.
-r, --recursion Recursion on subdomains, brute force all discovered subdomains that have an NS record.
WHOIS NETRANGE OPTIONS:
-d, --delay <value> The maximum value of seconds to wait between whois queries, the value is defined randomly, default: 3s.
-w, --whois Perform the whois queries on c class network ranges.
**Warning**: this can generate very large netranges and it will take lot of time to perform reverse lookups.
REVERSE LOOKUP OPTIONS:
-e, --exclude <regexp>
Exclude PTR records that match the regexp expression from reverse lookup results, useful on invalid hostnames.
OUTPUT OPTIONS:
-o --output <file> Output in XML format. Can be imported in MagicTree (www.gremwell.com)
Bash
参数讲解
--dnssever | 指定 此DNS服务器用于A、NS和MX查询。 |
---|---|
--enum | 快捷方式选项相当于--threads 5 -s 15 -w。默认选项(当无参数时) |
-h、--help | 打印帮助消息。 |
--noreverse | 跳过反向查找操作(IP反查域名)。 |
--nocolor | 禁用ANSIColor输出。 |
--private | 在文件domain_ips.txt的末尾显示并保存私有ip。 |
--subfile<file> | 将所有有效子域写入此文件。 |
-t、--timeout | 以秒为单位的tcp和udp超时值(默认值:10s) |
--threads<value> | 指定线程数量,可以多线程查询 |
-v、--verbose | 显示所有进度和所有错误消息 |
-p、--pages | 抓取名称时要处理的谷歌搜索页面的数量,默认值为5页,必须指定-s开关。 |
-s、--scrape | 将从谷歌中删除的最大子域数(默认为15)。 |
-f、--file<file> | 从该文件读取子域以执行暴力。(优先于默认的/usr/share/dnsenum/dns.txt) |
-u、--update | 使用有效的子域更新使用-f开关指定的文件。有a、g、r、z四个值可以选择,下四行为四个值的解义 |
a(all) | 使用所有结果更新 |
g | 仅使用谷歌抓取结果进行更新。 |
r | 仅使用反向查找结果更新 |
z | 仅使用zonetransfer结果更新 |
-r,--recursion | 在子域上递归,强制所有发现的具有NS记录的子域。 |
-d、--delay<value> | whois查询之间等待的最大秒数,该值是随机定义的,默认值为3s。 |
-w、--whois | 对c类网络范围执行whois查询 |
-e,--exclude | 从反向查找结果中排除与正则表达式匹配的PTR记录,这对无效主机名很有用 |
-o,--output | XML格式的输出。 |
实例
代码语言:javascript复制┌──(root㉿kali)-[~]
└─# dnsenum -enum baidu.com #使用快捷方式扫描
dnsenum VERSION:1.2.6
----- baidu.com -----
Host's addresses:
__________________
baidu.com. 5 IN A 39.156.66.10
baidu.com. 5 IN A 110.242.68.66
Name Servers:
______________
ns4.baidu.com. 5 IN A 111.45.3.226
ns4.baidu.com. 5 IN A 14.215.178.80
dns.baidu.com. 5 IN A 110.242.68.134
ns3.baidu.com. 5 IN A 112.80.248.64
ns3.baidu.com. 5 IN A 36.152.45.193
ns2.baidu.com. 5 IN A 220.181.33.31
ns7.baidu.com. 5 IN A 180.76.76.92
Mail (MX) Servers:
___________________
mx.maillb.baidu.com. 5 IN A 111.202.115.85
mx.n.shifen.com. 5 IN A 111.202.115.85
mx.n.shifen.com. 5 IN A 111.206.215.185
mx1.baidu.com. 5 IN A 220.181.3.85
mx1.baidu.com. 5 IN A 111.202.115.85
jpmx.baidu.com. 5 IN A 119.63.196.201
usmx01.baidu.com. 5 IN A 12.0.243.41
mx50.baidu.com. 5 IN A 12.0.243.41
Trying Zone Transfers and getting Bind Versions:
_________________________________________________
Trying Zone Transfer for baidu.com on dns.baidu.com ...
AXFR record query failed: REFUSED
Trying Zone Transfer for baidu.com on ns2.baidu.com ...
AXFR record query failed: REFUSED
Trying Zone Transfer for baidu.com on ns7.baidu.com ...
AXFR record query failed: REFUSED
Trying Zone Transfer for baidu.com on ns3.baidu.com ...
AXFR record query failed: REFUSED
Trying Zone Transfer for baidu.com on ns4.baidu.com ...
AXFR record query failed: REFUSED
Scraping baidu.com subdomains from Google: #报错,因为无法连接到google
___________________________________________
Error GETing http://www.google.com/ncr: Can't connect to www.google.com:80 (Network is unreachable) at /usr/bin/dnsenum line 971.
┌──(root㉿kali)-[~/Desktop]
└─# dnsenum -enum baidu.com -o baidu.xml #将扫描结果保存到baidu.xml文件中
dnsenum VERSION:1.2.6
省略部分输出信息。
┌──(root㉿kali)-[~/Desktop]
└─# cat baidu.xml #输出baidu.xml内容
<?xml version="1.0" encoding="UTF-8"?>
<magictree class="MtBranchObject"><testdata class="MtBranchObject"><host>110.242.68.66<hostname>baidu.com</hostname></host><fqdn>baidu.com.</fqdn><host>39.156.66.10<hostname>baidu.com</hostname></host><fqdn>baidu.com.</fqdn><host>14.215.178.80<hostname>ns4.baidu.com</hostname></host><fqdn>ns4.baidu.com.</fqdn><host>111.45.3.226<hostname>ns4.baidu.com</hostname></host><fqdn>ns4.baidu.com.</fqdn><host>220.181.33.31<hostname>ns2.baidu.com</hostname></host><fqdn>ns2.baidu.com.</fqdn><host>180.76.76.92<hostname>ns7.baidu.com</hostname></host><fqdn>ns7.baidu.com.</fqdn><host>110.242.68.134<hostname>dns.baidu.com</hostname></host><fqdn>dns.baidu.com.</fqdn><host>112.80.248.64<hostname>ns3.baidu.com</hostname></host><fqdn>ns3.baidu.com.</fqdn><host>36.152.45.193<hostname>ns3.baidu.com</hostname></host><fqdn>ns3.baidu.com.</fqdn><host>12.0.243.41<hostname>mx50.baidu.com</hostname></host><fqdn>mx50.baidu.com.</fqdn><host>220.181.3.85<hostname>mx1.baidu.com</hostname></host><fqdn>mx1.baidu.com.</fqdn><host>111.202.115.85<hostname>mx1.baidu.com</hostname></host><fqdn>mx1.baidu.com.</fqdn><host>111.206.215.185<hostname>mx.n.shifen.com</hostname></host><fqdn>mx.n.shifen.com.</fqdn><host>111.202.115.85<hostname>mx.n.shifen.com</hostname></host><fqdn>mx.n.shifen.com.</fqdn><host>111.202.115.85<hostname>mx.maillb.baidu.com</hostname></host><fqdn>mx.maillb.baidu.com.</fqdn><host>12.0.243.41<hostname>usmx01.baidu.com</hostname></host><fqdn>usmx01.baidu.com.</fqdn><host>119.63.196.201<hostname>jpmx.baidu.com</hostname></host><fqdn>jpmx.baidu.com.</fqdn>
┌──(root㉿kali)-[~/Desktop]
└─# dnsenum -noreverse -threads 5 -t 5 baidu.com
dnsenum VERSION:1.2.6
----- baidu.com -----
Host's addresses:
__________________
baidu.com. 5 IN A 39.156.66.10
baidu.com. 5 IN A 110.242.68.66
Name Servers:
______________
dns.baidu.com. 5 IN A 110.242.68.134
ns7.baidu.com. 5 IN A 180.76.76.92
ns4.baidu.com. 5 IN A 14.215.178.80
ns4.baidu.com. 5 IN A 111.45.3.226
ns2.baidu.com. 5 IN A 220.181.33.31
ns3.baidu.com. 5 IN A 112.80.248.64
ns3.baidu.com. 5 IN A 36.152.45.193
Mail (MX) Servers:
___________________
mx1.baidu.com. 5 IN A 220.181.3.85
mx1.baidu.com. 5 IN A 111.202.115.85
usmx01.baidu.com. 5 IN A 12.0.243.41
mx.maillb.baidu.com. 5 IN A 111.202.115.85
jpmx.baidu.com. 5 IN A 119.63.196.201
mx50.baidu.com. 5 IN A 12.0.243.41
mx.n.shifen.com. 5 IN A 111.206.215.185
mx.n.shifen.com. 5 IN A 111.202.115.85
Trying Zone Transfers and getting Bind Versions:
_________________________________________________
Trying Zone Transfer for baidu.com on dns.baidu.com ...
AXFR record query failed: REFUSED
Trying Zone Transfer for baidu.com on ns7.baidu.com ...
AXFR record query failed: REFUSED
Trying Zone Transfer for baidu.com on ns2.baidu.com ...
AXFR record query failed: REFUSED
Trying Zone Transfer for baidu.com on ns3.baidu.com ...
AXFR record query failed: REFUSED
Trying Zone Transfer for baidu.com on ns4.baidu.com ...
AXFR record query failed: REFUSED
Brute forcing with /usr/share/dnsenum/dns.txt:
_______________________________________________
11.baidu.com. 5 IN CNAME jpaasmatrix.e.shifen.com.
jpaasmatrix.e.shifen.com. 5 IN CNAME domain-offline.baidu.com.
domain-offline.baidu.com. 5 IN A 182.61.62.50
a.baidu.com. 5 IN CNAME asp.e.shifen.com.
asp.e.shifen.com. 5 IN A 112.34.113.160
abc.baidu.com. 5 IN CNAME www.a.shifen.com.
www.a.shifen.com. 5 IN A 110.242.68.3
www.a.shifen.com. 5 IN A 110.242.68.4
act.baidu.com. 5 IN CNAME eopa.n.shifen.com.
eopa.n.shifen.com. 5 IN A 110.242.69.193
eopa.n.shifen.com. 5 IN A 110.242.69.186
air.baidu.com. 5 IN CNAME szjjh-bvc-am1.szjjh01.baidu.com.
ap.baidu.com. 5 IN CNAME apbr.n.shifen.com.
apbr.n.shifen.com. 5 IN A 117.185.16.78
arthur.baidu.com. 5 IN CNAME arthur.n.shifen.com.
arthur.n.shifen.com. 5 IN A 111.206.208.237
arthur.n.shifen.com. 5 IN A 111.206.208.23
arp.baidu.com. 5 IN A 14.215.178.220
arp.baidu.com. 5 IN A 124.237.176.78
bce.baidu.com. 5 IN A 220.181.33.100
bce.baidu.com. 5 IN A 111.206.209.100
bce.baidu.com. 5 IN A 39.156.66.242
bcss.baidu.com. 5 IN A 153.37.235.60
bcss.baidu.com. 5 IN A 183.232.232.58
bcss.baidu.com. 5 IN A 180.101.49.157
br.baidu.com. 5 IN CNAME search-br.wshifen.com.
search-br.wshifen.com. 5 IN A 110.242.68.66
bugs.baidu.com. 5 IN CNAME fankui.icafe.baidu.com.
c.baidu.com. 5 IN CNAME c.atxbot.cn.
cap.baidu.com. 5 IN A 110.242.69.140
cap.baidu.com. 5 IN A 180.97.104.99
client.baidu.com. 5 IN A 10.242.112.16
cooperation.baidu.com. 5 IN CNAME vrx.n.shifen.com.
vrx.n.shifen.com. 5 IN A 110.242.69.120
d.baidu.com. 5 IN CNAME ps_other.a.shifen.com.
ps_other.a.shifen.com. 5 IN A 110.242.68.66
di.baidu.com. 5 IN CNAME di.n.shifen.com.
di.n.shifen.com. 5 IN A 110.242.69.69
dns.baidu.com. 5 IN A 110.242.68.134
dns1.baidu.com. 5 IN CNAME dns.baidu.com.
dns.baidu.com. 5 IN A 110.242.68.134
e.baidu.com. 5 IN CNAME e.baidu.com.a.bdydns.com.
e.baidu.com.a.bdydns.com. 5 IN CNAME opencdn.jomodns.com.
opencdn.jomodns.com. 5 IN A 116.114.96.35
opencdn.jomodns.com. 5 IN A 39.91.182.35
es.baidu.com. 5 IN CNAME vr.baidu.com.
vr.baidu.com. 5 IN CNAME vrclassroom.n.shifen.com.
vrclassroom.n.shifen.com. 5 IN A 110.242.69.123
esp.baidu.com. 5 IN A 111.206.209.70
esp.baidu.com. 5 IN A 220.181.33.218
ext.baidu.com. 5 IN CNAME mbd.n.shifen.com.
mbd.n.shifen.com. 5 IN A 111.206.209.138
mbd.n.shifen.com. 5 IN A 111.206.209.14
f.baidu.com. 5 IN CNAME brand-bfe.e.shifen.com.
brand-bfe.e.shifen.com. 5 IN A 112.80.255.125
file.baidu.com. 5 IN CNAME bapp.n.shifen.com.
bapp.n.shifen.com. 5 IN A 180.149.131.33
finance.baidu.com. 5 IN CNAME news.n.shifen.com.
news.n.shifen.com. 5 IN A 157.255.77.214
news.n.shifen.com. 5 IN A 153.3.236.50
news.n.shifen.com. 5 IN A 157.255.77.215
g.baidu.com. 5 IN A 39.156.68.8
health.baidu.com. 5 IN CNAME health.n.shifen.com.
health.n.shifen.com. 5 IN A 110.242.70.245
ids.baidu.com. 5 IN A 220.181.111.170
ism.baidu.com. 5 IN CNAME cdss01.n.shifen.com.
cdss01.n.shifen.com. 5 IN A 110.242.68.125
just.baidu.com. 5 IN CNAME orp1.n.shifen.com.
orp1.n.shifen.com. 5 IN A 180.97.33.34
linux.baidu.com. 5 IN A 10.99.31.43
live.baidu.com. 5 IN CNAME post.n.shifen.com.
post.n.shifen.com. 5 IN A 111.206.209.45
post.n.shifen.com. 5 IN A 111.206.209.44
post.n.shifen.com. 5 IN A 111.206.209.41
logo.baidu.com. 5 IN CNAME baidulogo.bceapp.com.
baidulogo.bceapp.com. 5 IN A 180.76.168.75
mail.baidu.com. 5 IN CNAME mail.maillb.baidu.com.
mail.maillb.baidu.com. 5 IN A 111.202.115.87
map.baidu.com. 5 IN CNAME map.n.shifen.com.
map.n.shifen.com. 5 IN A 112.80.248.48
map.n.shifen.com. 5 IN A 153.3.236.101
member.baidu.com. 5 IN CNAME iyouxi.game.n.shifen.com.
iyouxi.game.n.shifen.com. 5 IN A 112.80.255.173
meta.baidu.com. 5 IN CNAME vr.baidu.com.
vr.baidu.com. 5 IN CNAME vrclassroom.n.shifen.com.
vrclassroom.n.shifen.com. 5 IN A 110.242.69.123
mobile.baidu.com. 5 IN CNAME appc.n.shifen.com.
appc.n.shifen.com. 5 IN A 112.80.255.227
appc.n.shifen.com. 5 IN A 110.242.69.12
mx.baidu.com. 5 IN A 61.135.163.61
mx1.baidu.com. 5 IN A 220.181.3.85
mx1.baidu.com. 5 IN A 111.202.115.85
mx11.baidu.com. 5 IN A 111.202.115.74
mx2.baidu.com. 5 IN A 61.135.163.62
mx12.baidu.com. 5 IN A 220.181.3.75
mx3.baidu.com. 5 IN A 61.135.162.61
nc.baidu.com. 5 IN A 112.34.111.20
nc.baidu.com. 5 IN A 180.97.104.48
net.baidu.com. 5 IN A 10.242.123.17
news.baidu.com. 5 IN CNAME news.n.shifen.com.
news.n.shifen.com. 5 IN A 157.255.77.214
news.n.shifen.com. 5 IN A 157.255.77.215
news.n.shifen.com. 5 IN A 153.3.236.50
ns1.baidu.com. 5 IN A 110.242.68.134
ns2.baidu.com. 5 IN A 220.181.33.31
ns3.baidu.com. 5 IN A 36.152.45.193
ns3.baidu.com. 5 IN A 112.80.248.64
ntp.baidu.com. 5 IN A 10.48.49.44
owa.baidu.com. 5 IN CNAME email.n.shifen.com.
email.n.shifen.com. 5 IN A 111.202.115.84
pan.baidu.com. 5 IN CNAME yiyun.n.shifen.com.
yiyun.n.shifen.com. 5 IN A 110.242.69.125
yiyun.n.shifen.com. 5 IN A 110.242.69.43
po.baidu.com. 5 IN CNAME mbdown.n.shifen.com.
mbdown.n.shifen.com. 5 IN A 110.242.68.155
mbdown.n.shifen.com. 5 IN A 111.206.209.136
portal.baidu.com. 5 IN A 172.22.1.82
privacy.baidu.com. 5 IN A 180.97.33.112
root.baidu.com. 5 IN CNAME bapp.n.shifen.com.
bapp.n.shifen.com. 5 IN A 180.149.131.33
router.baidu.com. 5 IN CNAME router.n.shifen.com.
router.n.shifen.com. 5 IN A 10.65.211.124
shop.baidu.com. 5 IN A 223.109.81.77
shop.baidu.com. 5 IN A 180.101.50.140
shop.baidu.com. 5 IN A 110.242.69.168
shop.baidu.com. 5 IN A 124.237.177.76
shop.baidu.com. 5 IN A 112.34.116.64
shop.baidu.com. 5 IN A 112.80.248.35
sql.baidu.com. 5 IN CNAME sql.e.shifen.com.
test.baidu.com. 5 IN CNAME crowdtestatmp.n.shifen.com.
crowdtestatmp.n.shifen.com. 5 IN A 110.242.69.167
trends.baidu.com. 5 IN CNAME trends.n.shifen.com.
trends.n.shifen.com. 5 IN A 180.97.104.12
tu.baidu.com. 5 IN CNAME image.n.shifen.com.
image.n.shifen.com. 5 IN A 110.242.69.132
vpn.baidu.com. 5 IN CNAME vpn.n.shifen.com.
vpn.n.shifen.com. 5 IN A 111.206.214.66
vpn.n.shifen.com. 5 IN A 111.206.215.162
vpn.n.shifen.com. 5 IN A 111.206.214.68
vpn.n.shifen.com. 5 IN A 61.135.165.183
vpn.n.shifen.com. 5 IN A 61.135.165.184
vpn.n.shifen.com. 5 IN A 111.206.214.67
vsp.baidu.com. 5 IN CNAME mct.y.nuomi.n.shifen.com.
mct.y.nuomi.n.shifen.com. 5 IN A 111.206.210.77
w.baidu.com. 5 IN CNAME ps_other.a.shifen.com.
ps_other.a.shifen.com. 5 IN A 110.242.68.66
vps.baidu.com. 5 IN CNAME vps.n.shifen.com.
vps.n.shifen.com. 5 IN A 110.242.68.74
web.baidu.com. 5 IN A 10.48.30.87
webmail.baidu.com. 5 IN CNAME mail.a.shifen.com.
ww.baidu.com. 5 IN CNAME ps_other.a.shifen.com.
ps_other.a.shifen.com. 5 IN A 110.242.68.66
www.baidu.com. 5 IN A 110.242.68.3
www.baidu.com. 5 IN A 110.242.68.4
www2.baidu.com. 5 IN CNAME www2.e.shifen.com.
www2.e.shifen.com. 5 IN A 153.3.236.108
wwww.baidu.com. 5 IN CNAME ps_other.a.shifen.com.
ps_other.a.shifen.com. 5 IN A 110.242.68.66
baidu.com class C netranges:
_____________________________
12.0.243.0/24
14.215.178.0/24
36.152.45.0/24
39.156.66.0/24
39.156.68.0/24
61.135.162.0/24
61.135.163.0/24
110.242.68.0/24
110.242.69.0/24
111.45.3.0/24
111.202.115.0/24
111.206.209.0/24
112.34.111.0/24
112.34.116.0/24
112.80.248.0/24
119.63.196.0/24
124.237.176.0/24
124.237.177.0/24
153.37.235.0/24
180.76.76.0/24
180.97.33.0/24
180.97.104.0/24
180.101.49.0/24
180.101.50.0/24
182.61.62.0/24
183.232.232.0/24
220.181.3.0/24
220.181.33.0/24
220.181.111.0/24
223.109.81.0/24
baidu.com ip blocks:
_____________________
12.0.243.41/32
14.215.178.80/32
14.215.178.220/32
36.152.45.193/32
39.156.66.10/32
39.156.66.242/32
39.156.68.8/32
61.135.162.61/32
61.135.163.61/32
61.135.163.62/32
110.242.68.3/32
110.242.68.4/32
110.242.68.66/32
110.242.68.134/32
110.242.69.140/32
110.242.69.168/32
111.45.3.226/32
111.202.115.74/32
111.202.115.85/32
111.202.115.87/32
111.206.209.70/32
111.206.209.100/32
112.34.111.20/32
112.34.116.64/32
112.80.248.35/32
112.80.248.64/32
119.63.196.201/32
124.237.176.78/32
124.237.177.76/32
153.37.235.60/32
180.76.76.92/32
180.97.33.112/32
180.97.104.48/32
180.97.104.99/32
180.101.49.157/32
180.101.50.140/32
182.61.62.50/32
183.232.232.58/32
220.181.3.75/32
220.181.3.85/32
220.181.33.31/32
220.181.33.100/32
220.181.33.218/32
220.181.111.170/32
223.109.81.77/32
done.
Bash
结语
好好学习,天天向上!!!