DNS Extract Zones
Let's just say I'm curious what is in the records of someones DNS server.
First I need the IP address using the host command.
Why www.dost.gov.ph? Because they are the Department of Science and Technology.
Second step. Go to dnsstuff.com and look for DNS Report. Enter the domain www.dost.gov.ph and click DNS Report button.
Now you will get the report. What I want is the IP of the DNS Server this domain name is registered.
So I have the IP of the nameservers.
Next step, use the dig command to view the zone records.
Try the first IP:
This means that the server deny zone transfer.
Now the second IP prints the zone records of the domain.
What's the use of this? You have information!
"How to do it on Google"
Software: WS-DNS-BFX
What does it do?
This program was written to extract valid hosts of a domain that deny zone transfers.
The program supports:
- IPv4 => IP Address of 32 bits.
- IPv6 => IP Address of 128 bits.
- Multi Thread => Make several resolutions at “the same time”.
- EMA => Extract more than 1 IP in servers with HA, Network Load Balance, etc, (like: www.yahoo.com, www.microsoft.com).
To compile it, do:
gcc -o WS-DNS-BFX WS-DNS-BFX.c -lpthread -D_REENTRANT -D_THREAD_SAFE
To best performance do:
gcc -o WS-DNS-BFX WS-DNS-BFX.c -lpthread -D_REENTRANT -D_THREAD_SAFE -O3
If u don’t have a compiler (gcc), libs, etc, i added at the .tgz file this program compiled static, called “WS-DNS-BFX-Static”.
How do I use it?
It is easy to use this program. Supose that you want extract valid hosts from
“yahoo.com”, using dict-file.txt (Brute Force File) and open 4 threads,
to do it the command is:
root@Debian:/tmp/WS-DNS# ./WS-DNS-BFX yahoo.com dict-file.txt 4
Progress ..............................
You can download it here: DNS Brute Force eXtract
No comments:
Post a Comment