7. DNS Footprinting

nslookup // Enter interactive mode

set type=a
set type=cname  //cname record are always from authoritative server

www.certifiedhacker.com

host cavementech.com
cavementech.com has address 198.37.123.126
cavementech.com mail is handled by 0 cavementech.com.o

─[✗]─[user@parrot]─[~]
└──╼ $dig axfr @nsztm1.digi.ninja zonetransfer.me

; <<>> DiG 9.18.11-2~bpo11+1-Debian <<>> axfr @nsztm1.digi.ninja zonetransfer.me
; (1 server found)
;; global options: +cmd
zonetransfer.me.	7200	IN	SOA	nsztm1.digi.ninja. robin.digi.ninja. 2019100801 172800 900 1209600 3600
zonetransfer.me.	300	IN	HINFO	"Casio fx-700G" "Windows XP"
zonetransfer.me.	301	IN	TXT	"google-site-verification=tyP28J7JAUHA9fw2sHXMgcCC0I6XBmmoVi04VlMewxA"
zonetransfer.me.	7200	IN	MX	0 ASPMX.L.GOOGLE.COM.
zonetransfer.me.	7200	IN	MX	10 ALT1.ASPMX.L.GOOGLE.COM.
zonetransfer.me.	7200	IN	MX	10 ALT2.ASPMX.L.GOOGLE.COM.
zonetransfer.me.	7200	IN	MX	20 ASPMX2.GOOGLEMAIL.COM.
zonetransfer.me.	7200	IN	MX	20 ASPMX3.GOOGLEMAIL.COM.
zonetransfer.me.	7200	IN	MX	20 ASPMX4.GOOGLEMAIL.COM.
zonetransfer.me.	7200	IN	MX	20 ASPMX5.GOOGLEMAIL.COM.
zonetransfer.me.	7200	IN	A	5.196.105.14
zonetransfer.me.	7200	IN	NS	nsztm1.digi.ninja.

$host 198.37.123.126
;; communications error to 192.168.18.1#53: timed out
126.123.37.198.in-addr.arpa domain name pointer server902.vebhost.com.

sudo apt install dnsrecon

./dnsrecon.py -r <startIP-endIP>

C:\Users\Ammar>ipconfig /displaydns

Windows IP Configuration

    virus-alert-center.com
    ----------------------------------------
    No records of type AAAA


    virus-alert-center.com
    ----------------------------------------
    Record Name . . . . . : virus-alert-center.com
    Record Type . . . . . : 1
    Time To Live  . . . . : 0
    Data Length . . . . . : 4
    Section . . . . . . . : Answer
    A (Host) Record . . . : 127.0.0.1


    ultracodec.com
    ----------------------------------------
    No records of type AAAA