Adding some information about DNS Zone Transfer,
We all are working on Gathering DNS information – It may help us to have confidential information – isn’t it ?
Here is the one small command (tool) that everyone have an idea, named as Dig (Source link – http://en.wikipedia.org/wiki/Dig_%28command%29%29
With proper understanding of any tools and proper timing of use – You can save your various time and implement various things on VAPT topic.
(May be command of Dig is known for experts but this information is for beginners only)
Command 1: dig http://www.target.com (hopefully show you Target Real IP address)
Command 2: dig http://www.target.com MX
(Can you find real IP range of your Target Network ? even you can conclude about webserver’s own mail functionality ?)
Through dig you can get, Exchange Records (MX), nameservers(NS), address records (A), PTR records (PTR), ixfr serial number to transfer DNS Zone etc etc..
I hope you can try various dig command and understand the initial step of Testing.
(May be you are thinking that there are various automated tools provide auto report about DNS then why to use dig command or manual testing ?)
May be right question in your mind – but have you worked on manual testing before ? and how much accurate information you got ?. we can use automated tools to perform respective action but remember that tools are working on defined task/procedure, you have to configure it manually according to your requirement.
AXFR and IXFR:
DNS Brute Force:
Here is the perl script that help to work on DNS brute-Force
Command z: perl blindcrawl.pl -d http://www.target.com
Even Google(gxfr.py) help you lot to know the information about DNS
Fierce is the tool that help you to do DNS zone transfer –
follow the link,
Feel Free to reply back