dnsenum是一款域名信息收集工具。
使用Git下载:
git clone https://github.com/fwaeytens/dnsenum.git
其他系统具体的安装方法在install.txt里面,因为我是在搬瓦工的VPS上安装的,所以这里只介绍在CentOS上安装的方法。
安装cpanminus,用来下载必须组件:
yum install cpan
确保cpanminus安装完之后,进行下面的操作。
安装依赖库,顺序无所谓,但是要保证都安装:
cpanm String::Random
cpanm Net::IP
cpanm Net::DNS
cpanm Net::Netmask
cpanm XML::Writer
安装完成后进入dnsenum的目录,并修改文件权限:
cd dnsenum
chmod 755 dnsenum.pl
然后执行如下命令:
./dnsenum.pl
出现以下信息就说明已经安装完成了。
dnsenum.pl VERSION:1.2.4
Usage: dnsenum.pl [Options] <domain>
[Options]:
Note: the brute force -f switch is obligatory.
GENERAL OPTIONS:
--dnsserver <server>
Use this DNS server for A, NS and MX queries.
--enum Shortcut option equivalent to --threads 5 -s 15 -w.
-h, --help Print this help message.
--noreverse Skip the reverse lookup operations.
--nocolor Disable ANSIColor output.
--private Show and save private ips at the end of the file domain_ips.txt.
--subfile <file> Write all valid subdomains to this file.
-t, --timeout <value> The tcp and udp timeout values in seconds (default: 10s).
--threads <value> The number of threads that will perform different queries.
-v, --verbose Be verbose: show all the progress and all the error messages.
GOOGLE SCRAPING OPTIONS:
-p, --pages <value> The number of google search pages to process when scraping names,
the default is 5 pages, the -s switch must be specified.
-s, --scrap <value> The maximum number of subdomains that will be scraped from Google (default 15).
BRUTE FORCE OPTIONS:
-f, --file <file> Read subdomains from this file to perform brute force.
-u, --update <a|g|r|z>
Update the file specified with the -f switch with valid subdomains.
a (all) Update using all results.
g Update using only google scraping results.
r Update using only reverse lookup results.
z Update using only zonetransfer results.
-r, --recursion Recursion on subdomains, brute force all discovred subdomains that have an NS record.
WHOIS NETRANGE OPTIONS:
-d, --delay <value> The maximum value of seconds to wait between whois queries, the value is defined randomly, default: 3s.
-w, --whois Perform the whois queries on c class network ranges.
**Warning**: this can generate very large netranges and it will take lot of time to performe reverse lookups.
REVERSE LOOKUP OPTIONS:
-e, --exclude <regexp>
Exclude PTR records that match the regexp expression from reverse lookup results, useful on invalid hostnames.
OUTPUT OPTIONS:
-o --output <file> Output in XML format. Can be imported in MagicTree (www.gremwell.com)
因为dnsenum自带了一个dns.txt的爆破字典,我们可以直接拿来用,像这样:
./dnsenum.pl --noreverse --threads 20 -f dns.txt 域名
然后等待完成就可以了。