# 6. DNS Footprinting {% embed url="" %} DNS Enumeration {% endembed %} ## 1. Gather DNS Information using nslookup Command Line Utility and Online Tool ### Command line in Windows ``` nslookup // Enter interactive mode ``` Now to search for any records, set the type ``` set type=a set type=cname //cname record are always from authoritative server ``` Now enter the website name to get the records ``` www.certifiedhacker.com ```

### Online nslookup {% embed url="" %}

### **Other tools** * dig * host ``` host cavementech.com cavementech.com has address 198.37.123.126 cavementech.com mail is handled by 0 cavementech.com.o ``` #### Zone Transfer with dig ``` ─[✗]─[user@parrot]─[~] └──╼ $dig axfr @nsztm1.digi.ninja zonetransfer.me ; <<>> DiG 9.18.11-2~bpo11+1-Debian <<>> axfr @nsztm1.digi.ninja zonetransfer.me ; (1 server found) ;; global options: +cmd zonetransfer.me. 7200 IN SOA nsztm1.digi.ninja. robin.digi.ninja. 2019100801 172800 900 1209600 3600 zonetransfer.me. 300 IN HINFO "Casio fx-700G" "Windows XP" zonetransfer.me. 301 IN TXT "google-site-verification=tyP28J7JAUHA9fw2sHXMgcCC0I6XBmmoVi04VlMewxA" zonetransfer.me. 7200 IN MX 0 ASPMX.L.GOOGLE.COM. zonetransfer.me. 7200 IN MX 10 ALT1.ASPMX.L.GOOGLE.COM. zonetransfer.me. 7200 IN MX 10 ALT2.ASPMX.L.GOOGLE.COM. zonetransfer.me. 7200 IN MX 20 ASPMX2.GOOGLEMAIL.COM. zonetransfer.me. 7200 IN MX 20 ASPMX3.GOOGLEMAIL.COM. zonetransfer.me. 7200 IN MX 20 ASPMX4.GOOGLEMAIL.COM. zonetransfer.me. 7200 IN MX 20 ASPMX5.GOOGLEMAIL.COM. zonetransfer.me. 7200 IN A 5.196.105.14 zonetransfer.me. 7200 IN NS nsztm1.digi.ninja. ``` ## 2. Reverse DNS {% embed url="" %} ``` $host 198.37.123.126 ;; communications error to 192.168.18.1#53: timed out 126.123.37.198.in-addr.arpa domain name pointer server902.vebhost.com. ``` ### DNSRECON Install dnsrecon (used for DNS Brute forcing) ``` sudo apt install dnsrecon ``` ``` ./dnsrecon.py -r ``` ## 3. Subdomains and DNS using security trails {% embed url="" %}

**Other tools** {% embed url="" %} {% embed url="" %}

## 4. DNS Cache on Windows ``` C:\Users\Ammar>ipconfig /displaydns Windows IP Configuration virus-alert-center.com ---------------------------------------- No records of type AAAA virus-alert-center.com ---------------------------------------- Record Name . . . . . : virus-alert-center.com Record Type . . . . . : 1 Time To Live . . . . : 0 Data Length . . . . . : 4 Section . . . . . . . : Answer A (Host) Record . . . : 127.0.0.1 ultracodec.com ---------------------------------------- No records of type AAAA ``` ### Best CEH Practical Preparation Course {% embed url="" %}