标签:process version 相关 电子邮件 页面 目录 google搜索 exclude save
dns域名信息收集工具
root@kali:~# dnsenum --help dnsenum VERSION:1.2.6 Usage: dnsenum [Options] <domain> [Options]: Note: If no -f tag supplied will default to /usr/share/dnsenum/dns.txt or the dns.txt file in the same directory as dnsenum.pl
#如果不加-f参数默认使用/usr/share/dnsenum/dns.txt或者dnsenum.pl在同一目录的dns.txt文件 GENERAL OPTIONS: #一般选项 --dnsserver <server> #为A、NS、MX查询使用指定的dns server
#A记录:address,指主机名地址对应记录
#NS记录:nameserver,解析域名所用的dns服务器记录
#MX记录:mail exchanger,邮件交换记录,指向邮件服务器,用于电子邮件系统发邮件时根据收件人地址后缀定位邮件服务器
Use this DNS server for A, NS and MX queries. --enum Shortcut option equivalent to --threads 5 -s 15 -w.
#快速扫描,相当于--threads 5 -s 15 -w -h, --help Print this help message. --noreverse Skip the reverse lookup operations. #跳过反向查找步骤 --nocolor Disable ANSIColor output. #禁用ANSColor输出 --private Show and save private ips at the end of the file domain_ips.txt.
#显示和保存私有ips(入侵防御系统?)信息到domain_ips.txt的末尾 --subfile <file> Write all valid subdomains to this file. #保存所有有效的子域到指定文件 -t, --timeout <value> The tcp and udp timeout values in seconds (default: 10s).#指定TCP/UDP超时时间(s),默认10s --threads <value> The number of threads that will perform different queries.#指定执行不通查询的线程数 -v, --verbose Be verbose: show all the progress and all the error messages. #显示所有过程和错误信息 GOOGLE SCRAPING OPTIONS: #谷歌搜索选项 -p, --pages <value> The number of google search pages to process when scraping names, the default is 5 pages, the -s switch must be specified.
#指定在抓取谷歌搜索关键字页面的页数,默认5,必须指定-s参数 -s, --scrap <value> The maximum number of subdomains that will be scraped from Google (default 15).
#指定在谷歌中收集的子域的最大数目,默认15 BRUTE FORCE OPTIONS: #暴力破解选项 -f, --file <file> Read subdomains from this file to perform brute force. (Takes priority over default dns.txt)
#从指定文件中读取子域进行猜测 -u, --update <a|g|r|z> Update the file specified with the -f switch with valid subdomains.
#使用有效的子域更新-f指定的文件 a (all) Update using all results.#使用所有结果更新 g Update using only google scraping results.只使用google搜索到的结果更新 r Update using only reverse lookup results.#只使用反向查找的结果更新 z Update using only zonetransfer results. #只使用DNS区域传输的结果更新 -r, --recursion Recursion on subdomains, brute force all discovered subdomains that have an NS record. #递归穷举所有子域,暴力猜测所有具有NS记录的子域
WHOIS NETRANGE OPTIONS: #whois网络范围选项 -d, --delay <value> The maximum value of seconds to wait between whois queries, the value is defined randomly, default: 3s. #whois查询等待的最大时间(s),该值是随机定义的,默认为3(?)
-w, --whois Perform the whois queries on c class network ranges. **Warning**: this can generate very large netranges and it will take lot of time to perform reverse lookups. #在c类网络范围内执行whois查询,警告:这样的查询范围非常大,会消耗大量的时间执行反向查询
REVERSE LOOKUP OPTIONS: #反向查询选项 -e, --exclude <regexp> Exclude PTR records that match the regexp expression from reverse lookup results, useful on invalid hostnames. #在反向查询结果中排除符合正则表达式的PTR记录(指针记录,电子邮件系统的邮件交换记录的一种,用于反向解析)
#用于排除无效的主机名
OUTPUT OPTIONS: #输出选项 -o --output <file> Output in XML format. Can be imported in MagicTree (www.gremwell.com)
#输出XML格式,能够导入MagicTree工具
google相关选项需要配置代理以访问google,这里简单测试下qq.com
root@kali:~# dnsenum qq.com
dnsenum VERSION:1.2.6
----- qq.com -----
Host‘s addresses: #主机地址
__________________
qq.com. 5 IN A 183.3.226.35
qq.com. 5 IN A 61.129.7.47
qq.com. 5 IN A 123.151.137.18
Name Servers: #域名服务器
______________
ns3.qq.com. 5 IN A 112.60.1.69
ns3.qq.com. 5 IN A 183.192.201.116
ns4.qq.com. 5 IN A 58.144.154.100
ns4.qq.com. 5 IN A 125.39.46.125
ns4.qq.com. 5 IN A 203.205.221.79
ns2.qq.com. 5 IN A 203.205.177.41
ns2.qq.com. 5 IN A 121.51.160.100
ns2.qq.com. 5 IN A 123.151.66.78
ns1.qq.com. 5 IN A 157.255.246.101
ns1.qq.com. 5 IN A 183.3.226.207
ns1.qq.com. 5 IN A 101.89.19.165
Mail (MX) Servers: #邮件服务器
___________________
mx2.qq.com. 5 IN A 113.96.208.206
mx3.qq.com. 5 IN A 58.251.110.111
mx1.qq.com. 5 IN A 113.96.208.206
Trying Zone Transfers and getting Bind Versions:
#尝试在在区域传输中获取BIND(Berkeley Internet Name Domain)版本信息
_________________________________________________
Trying Zone Transfer for qq.com on ns3.qq.com ...
AXFR record query failed: REFUSED
Trying Zone Transfer for qq.com on ns4.qq.com ...
AXFR record query failed: REFUSED
Trying Zone Transfer for qq.com on ns2.qq.com ...
AXFR record query failed: REFUSED
Trying Zone Transfer for qq.com on ns1.qq.com ...
AXFR record query failed: REFUSED
Brute forcing with /usr/share/dnsenum/dns.txt: #从dns.txt文件中读取子域名进行猜测可能存在的子域名
_______________________________________________
11.qq.com. 5 IN CNAME 0.0.0.1.
25.qq.com. 5 IN A 0.0.0.1
33.qq.com. 5 IN A 0.0.0.1
...
...
https://blog.csdn.net/qq_17204441/article/details/89324101 #应用nslookup命令查看A记录、MX记录、CNAME记录和NS记录
https://www.cnblogs.com/jfzhu/p/3996323.html#正向查找与反向查找
https://blog.csdn.net/daxueba/article/details/53994178 #DNS区域传送
https://baike.baidu.com/item/PTR%E8%AE%B0%E5%BD%95/8243039?fr=aladdin #PTR记录
https://blog.csdn.net/jeanphorn/article/details/44886247 #MagicTree工具
https://blog.csdn.net/Jiajiajiang_/article/details/97142930 #dnsenum命令详解
标签:process version 相关 电子邮件 页面 目录 google搜索 exclude save
原文地址:https://www.cnblogs.com/fureteita/p/12857041.html
