DNSenum – Gathering DNS Information

13 Jul

DNSenum is a tool that it was designed with the purpose of enumerating DNS information about a domain.Then information that you can obtain from this tool is useful for the phase of information gathering when you are conducting especially a penetration test.

So lets say that you want to obtain information about a specific domain.In this article we will use different domains as an example in order to see the different responses that we can get.First you will need to go to the directory that the DNSenum is located.In backtrack 5 this in the /pentest/enumeration/dns/dnsenum and in order to run it you can use the command: perl [host]

The DNSenum will start querying the DNS servers of first information that we will get is the host address which for is the we will see the name servers which will give us an idea of the hosting provider that the is using and after that is the MX record where we can see the mail server of our target host.

Gathering the first information


After that the DNSenum will start the DNS Zone Transfer.Performing a Zone Transfer you can discover more information about a domain like any sub-domains that are included in the same zone, SOA records etc.In the screenshot below you can see the results after performing a zone transfer for the domain

DNS Zone Transfer


By reviewing the results we can see that the SOA record is the means that this DNS name server is the best source of information for the data within this domain.Also we have a list with all the sub-domains and the interesting thing is that we have located the administration panel which is on the sub-domain

Administration Panel


Another option that DNSenum offers is the Google Scraping which it queries google search pages to discover various domain names of the target domain.This can be particular helpful when the zone transfer is disabled.Basically what it does is trying to get results from google by using the following command:

allinurl: -www


DNSenum is a great tool to be used in the information gathering stage of a penetration testing.As we saw in this article we obtained a lot of information about our targets and we even discovered an administration panel from the early stage of our penetration test which can help us to perform further attacks on the target.


Posted by on July 13, 2012 in Information Gathering


Tags: , , , ,

2 responses to “DNSenum – Gathering DNS Information

  1. Robert

    July 14, 2012 at 12:03 pm

    Nice article

  2. soldier_cyber

    September 11, 2013 at 9:17 pm

    nice tool it save the time to go to and other related sites


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: