DNSRecon
DNSRecon
DNSRecon
RECONAISSANCE
Reconaissance
• DNSRecon provides the ability to perform:
• Check all NS Records for Zone Transfers
• Enumerate General DNS Records for a given Domain (MX, SOA, NS, A, AAAA, SPF and TXT)
• Perform common SRV Record Enumeration. Top Level Domain (TLD) Expansion
• Check for Wildcard Resolution
• Brute Force subdomain and host A and AAAA records given a domain and a wordlist
• Perform a PTR Record lookup for a given IP Range or CIDR
• Check a DNS Server Cached records for A, AAAA and CNAME Records provided a list of host records in a text
file to check
• Enumerate Common mDNS records in the Local Network Enumerate Hosts and Subdomains using Google
Command Execution
kali@kali:/$ dnsrecon
Command Execution
kali@kali:/$ dnsrecon
Cybercrime
HOST DISCOVERY
Performing Host Discovery
• Scan a Single IP
• c:\> nmap -sn 192.168.1.0
• Scan a Range of IP
Ping & Ping Sweep • c:\> nmap -sn 192.168.169.128-20
• Scan a Range of IP using wildcard
• c:\> nmap -sn 192.168.169.*
• Scan an entire subnet
• c:\> nmap -sn 192.168.169.128/24 Entire
Subnet
Performing Host Discovery
To obtain Whois information and name server of
a webiste:
• Run the command
– c:\SysinternalsSuite> whois.exe -v
Whois Information example.com
OR
• Visit the websites:
– http://whois.domaintools.com/
– https://lookup.icann.org/
Performing Host Discovery
Network Diagnostic tool that displays route path
and transit delay in packets
• Find a domain IP address
Traceroute • c:\> tracert 192.168.1.0
Cybercrime
PORT SCANNING
Performing Host Discovery
Perform port scanning using tools such as Nmap, Hping3, Netscan tools, Network
monitor. These tools help us to probe a server or host on the target network for open
ports.
Open ports are the gateway for attackers to enter in and to install malicious backdoor
applications.
• To find all open ports
Port Scanning • c:\> nmap nmap –open domain.com
• To find specific port
• c:\> nmap -p 80 192.168.169.128
• To find range of ports
• c:\> nmap -p 80-200 192.168.169.128
• To scan all ports
• c:\> nmap -p “*” 192.168.169.128
Online Tools
• http://www.yougetsignal.com/
• https://pentest-tools.com/information-gathering/find-subdomains-of-domain
Performing Host Discovery
Online Tools
http://www.yougetsignal.com/
Port Scanning
Cybercrime
BANNER GRABBING/OS FINGERPRINTING
Performing Host Discovery
Perform banner Grabbing/OS fingerprinting such as Telnet, IDServe,
NMAP determines the operating system of the target host and the
operating system.
Once you know the version and operating system of the target, we
need to find the vulnerabilities and exploit. Try to gain control over
Port Scanning the system.
• c:\> nmap -A 192.168.1.0
with high verbosity level
• c:\> nmap -v -A 192.168.1.0
Online Tools
• https://www.netcraft.com/
• https://w3dt.net/tools/httprecon
• https://www.shodan.io/
Cybercrime
IMPORTANT TOOLS USED FOR NETWORK PENTESTING
Important Tools used for Network Pentesting
Frameworks Scanning
Kali Linux, Backtrack5 R3, Security Onion
Nessus, GFI Languard, Retina,SAINT, Nexpose
Reconnaisance
Password Cracking
Smartwhois, MxToolbox, CentralOps, dnsstuff, nslookup,
DIG, netcraft Ncrack, Cain & Abel, LC5, Ophcrack, pwdump7,
Discovery fgdump, John The Ripper,Rainbow Crack
Angry IP scanner, Colasoft ping tool, nmap, Maltego, Sniffing
NetResident,LanSurveyor, OpManager
Wireshark, Ettercap, Capsa Network Analyzer,
Port Scanning
Bettercap
Nmap, Megaping, Hping3, Netscan tools pro, Advanced
port scannerService Fingerprinting Xprobe, nmap, zenmap MiTM Attacks
Enumeration Cain & Abel, Ettercap, Bettercap
Superscan, Netbios enumerator, Snmpcheck, onesixtyone,
Exploitation
Jxplorer, Hyena,DumpSec, WinFingerprint, Ps Tools,
NsAuditor, Enum4Linux, nslookup, Netscan Metasploit, Core Impact