Title: DNS port 53 open- Enumeration Guide used in Penetration TestingAuthor: ajayverma
Fingerprint server/ service
> host
>> host [-aCdlnrTwv ] [-c class ] [-N ndots ] [-R number ] [-t type ] [-W wait ] name [server ] -v verbose format -t (query type) Allows a user to specify a record type i.e. A, NS, or PTR. -a Same as –t ANY. -l Zone transfer (if allowed). -f Save to a specified filename.
> nslookup
>> nslookup [ -option ... ] [ host-to-find | - [ server ]]
> dig
>> dig [ @server ] [-b address ] [-c class ] [-f filename ] [-k filename ] [-p port# ] [-t type ] [-x addr ] [-y name:key ] [-4 ] [-6 ] [name ] [type ] [class ] [queryopt... ]
> whois-h Use the named host to resolve the query -a Use ARIN to resolve the query -r Use RIPE to resolve the query -p Use APNIC to resolve the query -Q Perform a quick lookup

DNS Enumeration
> Bile Suite
>> perl BiLE.pl [website] [project_name]
>> perl BiLE-weigh.pl [website] [input file]
>> perl vet-IPrange.pl [input file] [true domain file] [output file] <range>
>> perl vet-mx.pl [input file] [true domain file] [output file]
>> perl exp-tld.pl [input file] [output file]
>> perl jarf-dnsbrute [domain_name] (brutelevel) [file_with_names]
>> perl qtrace.pl [ip_address_file] [output_file]
>> perl jarf-rev [subnetblock] [nameserver]
> txdns
>> txdns -rt -t domain_name
>> txdns -x 50 -bb domain_name
>> txdns --verbose -fm wordlist.dic --server ip_address -rr SOA domain_name -h c: \hostlist.txt

Examine Configuration Files
> host.conf
> resolv.conf
> named.conf


Submitted On: 2019-05-29 16:35:05