J0EII

4n07hER H4x0rin9 N07e2

f41lur3

05Cb

\/\/\/3b

|ib

|[email protected]|< G0|>

[1]AWS

[20]Adv. Pen-Testing

[6]Algorithm

[1]Apache

[1]Backup

[53]Basic Pen-Testing

[12]Bug Bounty

[1]CI/CD

[3]CTF

[5]CentOS

[1]Crontab

[1]DBeaver

[1]Database

[3]Debian

[1]Design Pattern

[1]Django

[4]Docker

[8]E-Business

[1]ESXI

[2]ElementaryOS

[1]Failure

[4]Fedora

[1]File Browser

[4]Fuzzing

[1]Git

[2]Gitlab

[2]Gitolite

[3]HTML5

[3]Hashcat

[1]Hashes

[1]Hexdump

[16]JS

[3]Java

[1]John

[3]KaliOS

[15]Laravel

[8]LeetCode

[28]Linux

[1]Logrotate

[7]Mac

[1]Metasploit

[2]MongoDB

[4]Networking

[4]Nginx

[2]NodeJS

[11]One-liner

[11]PHP

[7]Pentest Android

[6]Python

[1]React

[4]React Native

[3]Ruby

[4]SQL

[32]Server

[3]Squid

[1]TMUX

[7]Thoughts

[15]Ubuntu

[3]VIM

[2]VirtualBox

[4]WSL2

[34]Web

[8]Windows

[10]WordPress

[1]choco

[1]wkhtmltopdf

October 30, 2019

4.1 : Active information gathering techniques - host & dnsrecon (Part I)

Active information gathering

Look for hidden information

Example:

DNS Enum
Sub-domain Enum
DNS Zone
Port Scanning
OS Fingerprinting
Banner Grabbing

host

host is better version of dig

Basic dns query

host domain # forward lookup cname,mx..
host ip     # reverse lookup

host -t $TYPE domain # specify type: mx,cname,ns...

Attempt zone transfer to dump network map

 host -l $DOMAIN $NSSERVER

Basic auto dns-zone transfer attempt dump script

#/bin/sh
for server in $(host -t ns $1 |cut -d" " -f4);do
host -l $1 $server |grep "has address"
done

dnsrecon

dnsrecon is a full dns dump, plus auto zone transfer tool.

Basic auto zone transfer

dnsrecon -d domain.com -t axfr