Hey Folks, today in this article we are going to mention all the in-built DNS enumeration tools of kali linux which can take place in your bug bounty hunting tool list. All the tools that we will tell you in this article, some of them are pre-installed and we have to install the rest ourselves, but they are associated with repositories, so we can easily install them using “apt-get” command. can.
So let’s be it 🙂 !!
Dig – DNS Enumeration Tool
Dig is a network administration command-line tool for querying the
DNS nameservers. It can identify IP address records, record the query route as it obtains answers from an authoritative nameserver, diagnose other DNS problems. It comes pre-installed in Kali Linux system so that it is easy to operate.
So let’s take some examples now and know whether it really provides accurate results or not? We take any target and put its url here and within a few seconds it successfully dumps all the records as well as the correct IP address of that web address.
Usage 🙂 !! dig < target URL >
Grab Exact Output
There are several filters available in this tool, with some of the most useful commands being “short” and “noall”. Both command are very useful for only obtains reverse lookup.
dig testphp.vulnweb.com +short
dig testphp.vulnweb.com +noall +answer
It’s used for shortcut of reverse lookup and obtains annotated results.
dig -x 18.104.22.168
Nslookup is a network administration command-line tool for querying the Domain Name System to obtain the mapping between domain name and IP address, or other DNS records. As you can see when we enter the web address it automatically shows us the IP address of the web address.
Also we can get only specific records of any domain with below commands.
nslookup -type=ns testphp.vulnweb.com
nslookup -type=a testphp.vulnweb.com
nslookup -type=mx testphp.vulnweb.com
Dnsrecon and Dnstracer
Both the tools are useful to get DNS records of any domain and even both are very easy to operate. But the bad thing is that we have to install these tools by “apt-get” command as it is not pre-installed so let’s configure it first using below command.
apt install dnsrecon dnstracer
DNS reconnaissance is part of the information gathering phase of hacking or penetration testing because sometimes attackers can easily use such tools to grab subdomains of organizations and host their own phishing pages. So we can check all our DNS records at once through this tool to protect us from hackers.
dnsrecon -d secnhack.in
Dnstracer determines where a given Domain Name Server (DNS) gets its information from for a given hostname, and follows the chain of DNS servers back to the authoritative answer. We can trace dns records vwith the help of this tool.
Dnsdomainname will print the domain part of the FQDN (Fully Qualified Domain Name). This is also known as the YP/NIS domain name of the system. It comes pre-installed so you don’t have to configure it externally.
A keen learner and passionate IT student. He has done Web designing, CCNA, RedHat, Ethical hacking, Network & web penetration testing. Currently, he is completing his graduation and learning about Red teaming, CTF challenges & Blue teaming.