6. DNS Footprinting

You need to perform DNS footprinting to gather information about DNS servers, DNS records, and types of servers used by the target organization. DNS zone data etc

1. Gather DNS Information using nslookup Command Line Utility and Online Tool

Command line in Windows

nslookup // Enter interactive mode

Now to search for any records, set the type

set type=a
set type=cname  //cname record are always from authoritative server

Now enter the website name to get the records

www.certifiedhacker.com

Online nslookup

http://www.kloth.net/services/nslookup.phpwww.kloth.net

Other tools

dig
host

host cavementech.com
cavementech.com has address 198.37.123.126
cavementech.com mail is handled by 0 cavementech.com.o

Zone Transfer with dig

─[✗]─[user@parrot]─[~]
└──╼ $dig axfr @nsztm1.digi.ninja zonetransfer.me

; <<>> DiG 9.18.11-2~bpo11+1-Debian <<>> axfr @nsztm1.digi.ninja zonetransfer.me
; (1 server found)
;; global options: +cmd
zonetransfer.me.	7200	IN	SOA	nsztm1.digi.ninja. robin.digi.ninja. 2019100801 172800 900 1209600 3600
zonetransfer.me.	300	IN	HINFO	"Casio fx-700G" "Windows XP"
zonetransfer.me.	301	IN	TXT	"google-site-verification=tyP28J7JAUHA9fw2sHXMgcCC0I6XBmmoVi04VlMewxA"
zonetransfer.me.	7200	IN	MX	0 ASPMX.L.GOOGLE.COM.
zonetransfer.me.	7200	IN	MX	10 ALT1.ASPMX.L.GOOGLE.COM.
zonetransfer.me.	7200	IN	MX	10 ALT2.ASPMX.L.GOOGLE.COM.
zonetransfer.me.	7200	IN	MX	20 ASPMX2.GOOGLEMAIL.COM.
zonetransfer.me.	7200	IN	MX	20 ASPMX3.GOOGLEMAIL.COM.
zonetransfer.me.	7200	IN	MX	20 ASPMX4.GOOGLEMAIL.COM.
zonetransfer.me.	7200	IN	MX	20 ASPMX5.GOOGLEMAIL.COM.
zonetransfer.me.	7200	IN	A	5.196.105.14
zonetransfer.me.	7200	IN	NS	nsztm1.digi.ninja.

2. Reverse DNS

Network Tools by YouGetSignal.comwww.yougetsignal.com

$host 198.37.123.126
;; communications error to 192.168.18.1#53: timed out
126.123.37.198.in-addr.arpa domain name pointer server902.vebhost.com.

DNSRECON

Install dnsrecon (used for DNS Brute forcing)

sudo apt install dnsrecon

./dnsrecon.py -r <startIP-endIP>

3. Subdomains and DNS using security trails

SecurityTrails | SecurityTrails: Data Security, Threat Hunting, and Attack Surface Management Solutions for Security Teamssecuritytrails

Other tools

DNS Checker - DNS Check Propagation ToolDNS Checker

DNSDumpster - Find & lookup dns records for recon & researchDNSDumpster.com

4. DNS Cache on Windows


C:\Users\Ammar>ipconfig /displaydns

Windows IP Configuration

    virus-alert-center.com
    ----------------------------------------
    No records of type AAAA


    virus-alert-center.com
    ----------------------------------------
    Record Name . . . . . : virus-alert-center.com
    Record Type . . . . . : 1
    Time To Live  . . . . : 0
    Data Length . . . . . : 4
    Section . . . . . . . : Answer
    A (Host) Record . . . : 127.0.0.1


    ultracodec.com
    ----------------------------------------
    No records of type AAAA

Exam Prep & Training for CEH Practical (Unofficial Course)Udemy

Previous5. WHOIS Footprinting Next7. Network footprinting

Last updated 9 months ago

Was this helpful?