打开终端工具,输入dnsenum,按回车键,即可看到dnsenum使用帮助,如下:
root@kali:~# dnsenum
Smartmatch is experimental at /usr/bin/dnsenum line 698.
Smartmatch is experimental at /usr/bin/dnsenum line 698.
dnsenum VERSION:1.2.4
Usage: dnsenum [Options] <domain>
[Options]:
Note: the brute force -f switch is obligatory.
GENERAL OPTIONS:
--dnsserver <server>
Use this DNS server for A, NS and MX queries.
--enum Shortcut option equivalent to --threads 5 -s 15 -w.
-h, --help Print this help message.
--noreverse Skip the reverse lookup operations.
--nocolor Disable ANSIColor output.
--private Show and save private ips at the end of the file domain_ips.txt.
--subfile <file> Write all valid subdomains to this file.
-t, --timeout <value> The tcp and udp timeout values in seconds (default: 10s).
--threads <value> The number of threads that will perform different queries.
-v, --verbose Be verbose: show all the progress and all the error messages.
GOOGLE SCRAPING OPTIONS:
-p, --pages <value> The number of google search pages to process when scraping names,
the default is 5 pages, the -s switch must be specified.
-s, --scrap <value> The maximum number of subdomains that will be scraped from Google (default 15).
BRUTE FORCE OPTIONS:
-f, --file <file> Read subdomains from this file to perform brute force.
-u, --update <a|g|r|z>
Update the file specified with the -f switch with valid subdomains.
a (all) Update using all results.
g Update using only google scraping results.
r Update using only reverse lookup results.
z Update using only zonetransfer results.
-r, --recursion Recursion on subdomains, brute force all discovred subdomains that have an NS record.
WHOIS NETRANGE OPTIONS:
-d, --delay <value> The maximum value of seconds to wait between whois queries, the value is defined randomly, default: 3s.
-w, --whois Perform the whois queries on c class network ranges.
**Warning**: this can generate very large netranges and it will take lot of time to performe reverse lookups.
REVERSE LOOKUP OPTIONS:
-e, --exclude <regexp>
Exclude PTR records that match the regexp expression from reverse lookup results, useful on invalid hostnames.
OUTPUT OPTIONS:
-o --output <file> Output in XML format. Can be imported in MagicTree (www.gremwell.com)
root@kali:~#
使用方法:dnsenum [选项] <域名>
例如:查询 google.com
root@kali:~# dnsenum --enum google.com
Smartmatch is experimental at /usr/bin/dnsenum line 698.
Smartmatch is experimental at /usr/bin/dnsenum line 698.
dnsenum VERSION:1.2.4
Warning: can't load Net::Whois::IP module, whois queries disabled.
Warning: can't load WWW::Mechanize module, Google scraping desabled.
----- google.com -----
Host's addresses:
__________________
google.com. 5 IN A 172.217.160.78
Name Servers:
______________
ns2.google.com. 5 IN A 216.239.34.10
ns1.google.com. 5 IN A 216.239.32.10
ns3.google.com. 5 IN A 216.239.36.10
ns4.google.com. 5 IN A 216.239.38.10
Mail (MX) Servers:
___________________
alt2.aspmx.l.google.com. 5 IN A 173.194.192.27
aspmx.l.google.com. 5 IN A 74.125.204.27
alt4.aspmx.l.google.com. 5 IN A 173.194.208.26
alt3.aspmx.l.google.com. 5 IN A 64.233.176.27
alt1.aspmx.l.google.com. 5 IN A 64.233.178.27
Trying Zone Transfers and getting Bind Versions:
_________________________________________________
Trying Zone Transfer for google.com on ns2.google.com ...
AXFR record query failed: corrupt packet
Trying Zone Transfer for google.com on ns3.google.com ...
AXFR record query failed: corrupt packet
Trying Zone Transfer for google.com on ns1.google.com ...
AXFR record query failed: corrupt packet
Trying Zone Transfer for google.com on ns4.google.com ...
AXFR record query failed: corrupt packet
brute force file not specified, bay.
root@kali:~#
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
