The first stage of penetration testing is usually passive information gathering and enumeration (active information gathering). This is where tools like dnsenum come in, the purpose of DNSenum is to gather as much information as possible about a domain.
The program currently performs the following operations:
- Get the host’s addresse (A record).
- Get the namservers (threaded).
- Get the MX record (threaded).
- Perform axfr queries on nameservers (threaded).
- Get extra names and subdomains via google scraping (google query = “allinurl: -www site:domain”).
- Brute force subdomains from file, can also perform recursion on subdomain that have NS records (all threaded).
- Calculate C class domain network ranges and perform whois queries on them (threaded).
- Perform reverse lookups on netranges ( C class or/and whois netranges) (threaded).
- Write to domain_ips.txt file ip-blocks.
The output file domain_ips.txt will contain non-contiguous IP blocks:
You can download DNSenum v1.2 here:
Or you can read more here.