forked from tjnull/TJ-JPT
-
Notifications
You must be signed in to change notification settings - Fork 7
DNS Enumeration Tools
TheGetch edited this page Jan 5, 2021
·
1 revision
DNS Enumeration Tools
$ ls -lh /usr/share/nmap/scripts/ | grep dns
-rw-r--r-- 1 root root 1499 Oct 12 09:29 broadcast-dns-service-discovery.nse
-rw-r--r-- 1 root root 5329 Oct 12 09:29 dns-blacklist.nse
-rw-r--r-- 1 root root 10100 Oct 12 09:29 dns-brute.nse
-rw-r--r-- 1 root root 6639 Oct 12 09:29 dns-cache-snoop.nse
-rw-r--r-- 1 root root 15152 Oct 12 09:29 dns-check-zone.nse
-rw-r--r-- 1 root root 14826 Oct 12 09:29 dns-client-subnet-scan.nse
-rw-r--r-- 1 root root 10168 Oct 12 09:29 dns-fuzz.nse
-rw-r--r-- 1 root root 3803 Oct 12 09:29 dns-ip6-arpa-scan.nse
-rw-r--r-- 1 root root 12702 Oct 12 09:29 dns-nsec3-enum.nse
-rw-r--r-- 1 root root 10580 Oct 12 09:29 dns-nsec-enum.nse
-rw-r--r-- 1 root root 3441 Oct 12 09:29 dns-nsid.nse
-rw-r--r-- 1 root root 4364 Oct 12 09:29 dns-random-srcport.nse
-rw-r--r-- 1 root root 4363 Oct 12 09:29 dns-random-txid.nse
-rw-r--r-- 1 root root 1456 Oct 12 09:29 dns-recursion.nse
-rw-r--r-- 1 root root 2195 Oct 12 09:29 dns-service-discovery.nse
-rw-r--r-- 1 root root 5679 Oct 12 09:29 dns-srv-enum.nse
-rw-r--r-- 1 root root 5765 Oct 12 09:29 dns-update.nse
-rw-r--r-- 1 root root 2123 Oct 12 09:29 dns-zeustracker.nse
-rw-r--r-- 1 root root 26574 Oct 12 09:29 dns-zone-transfer.nse
-rw-r--r-- 1 root root 3910 Oct 12 09:29 fcrdns.nse
$ nmap x.x.x.x -v -p 53 --script=exampleScript1.nse,exampleScript2.nse
$ nslookup
> server <target_IP>
Default server: <target_IP>
Address: <target_IP>#53
> 127.0.0.1
** might give back internal hostname
> <target_IP>
** might give back internal hostname
_Sidebar
1. Recon
- Ping Sweep: Windows Method
- Ping Sweep: Bash Method
- NetDiscover (ARP Scanning
- Nbtscan
- Ping Sweep: Python Method
- Ping Sweep: PowerShell Method
- Ping Sweep: Nmap method
- HTTP General Notes
- Cross-Site Scripting (XSS)
- SQL Injection (SQLi)
- Deserialization
- Directory Fuzzing
- IDOR Testing
- Intigriti Bug Bounty Tips
- Out of band exploitation
- Server-Side Template Injection (SSTI) Help
- Subdomain Enumeration
- WebFOCUS
- XXE Cheatsheet
- C2 Frameworks
- BloodHound
- Powershell Empire Quick Start Cheatsheet
- Pivoting/Tunneling
- Impacket
- Rubeus
- Mimikatz
- Identifying Hash Types
-
Dumping Hashes
-
- Cracking Hashes Offline
-
- Cracking Hashes Online
-
- Metasploit Meterpreter Migrate Process
- VMWare Port Forwarding
- Veil Simple Usage
- SSH: Generate OpenSSL RSA Key Pair from the Command Line
- Skipfish
- sed & awk: set root password in etc/shadow
- Search for ssh key quickly
- Python Proxy to Burp
- Python Convert .py to .exe
- PuttySCP Commands
- Powershell tidbits
- Password List - Generate quick list
- OS Enumeration - Ping
- Kerberos: Get KDC name and DNS name
- Impacket Scripts Error
- Gcc Compile Windows Executable in Linux
- Find Command: Filter out permission denied errors
- Excel Injection
- Digitally Sign Files (PowerShell Example)
- CSRF Tokens as Cookie Note
- Clear bash
- Burp Intruder Match/Replace
- Apache headers Test
- Windows Trial VMs
- Subdomain Brute Force
- Spawning TTY Shell
- Reserve Shell Cheat Sheet
- Pass-the-Hash
- Common Meterpreter Commands
- gcc & wine
- File Transfers
- Enable RDP - Windows
- DNS Reverse Lookup Brute Force
- Adding Users