dnsenum可用于信息收集->DNS分析
如果待查域名没有ip地址,需要先查询域名对应的ip地址,将域名对应的ip在unix主机上用到dig命令查出来,将含a或cname记录的ip地址记录到一个临时文本文件中,然后将域名与ip地址用sql查询联系到一起,再根据ip地址查询归属地域。2)建立反向查询区域:反向查询区域存放反向域名解析必需的记录信息linux命令大全,提供给一些需要进行反向域名解析的应用。悠游域名批量查询工具是一款域名批量查询工具,可根据规则生成查询,可查询域名的注册信息、备案信息、权重信息,还可以查询过期域名。
dnsenum是一个perl脚本,脚本文件获取:?name=dnsenum.pl&can=2&q=
脚本源码地址:
下载后是一个叫dnsenum.pl的perl脚本。当然kali里是自带的,你可以直接用。
官方帮助
dnsenum VERSION:1.2.4
Usage: dnsenum [Options] <domain>
[Options]:
Note: the brute force -f switch is obligatory.
GENERAL OPTIONS:
--dnsserver <server>
Use this DNS server for A, NS and MX queries.
--enum Shortcut option equivalent to --threads 5 -s 15 -w.
-h, --help Print this help message.
--noreverse Skip the reverse lookup operations.
--nocolor Disable ANSIColor output.
--private Show and save private ips at the end of the file domain_ips.txt.
--subfile <file> Write all valid subdomains to this file.
-t, --timeout <value> The tcp and udp timeout values in seconds (default: 10s).
--threads <value> The number of threads that will perform different queries.
-v, --verbose Be verbose: show all the progress and all the error messages.
GOOGLE SCRAPING OPTIONS:
-p, --pages <value> The number of google search pages to process when scraping names,
the default is 5 pages, the -s switch must be specified.
-s, --scrap <value> The maximum number of subdomains that will be scraped from Google (default 15).
BRUTE FORCE OPTIONS:
-f, --file <file> Read subdomains from this file to perform brute force.
-u, --update <a|g|r|z>
Update the file specified with the -f switch with valid subdomains.
a (all) Update using all results.
g Update using only google scraping results.
r Update using only reverse lookup results.
z Update using only zonetransfer results.
-r, --recursion Recursion on subdomains, brute force all discovred subdomains that have an NS record.
WHOIS NETRANGE OPTIONS:
-d, --delay <value> The maximum value of seconds to wait between whois queries, the value is defined randomly, default: 3s.
-w, --whois Perform the whois queries on c class network ranges.
**Warning**: this can generate very large netranges and it will take lot of time to performe reverse lookups.
REVERSE LOOKUP OPTIONS:
-e, --exclude <regexp>
Exclude PTR records that match the regexp expression from reverse lookup results, useful on invalid hostnames.
OUTPUT OPTIONS:
-o --output <file> Output in XML format. Can be imported in MagicTree (www.gremwell.com)
上一个教程:Linux服务器宝塔命令大全
下一个教程:linux常用命令(4)——用户、权限