Tuesday, May 25, 2010

Adding more DNS tools to BT4 part 1

So here is a write up on adding some tools to the BT4 DNS collection.
I will first show how to install and give a brief usage of each tool.
They are not hard to install and are simple to use. The power lies in what they can do.
These tools are ones that I found, and credit goes to their authors. Also note that since the tools are not included in BT by default you are on your own if something goes wrong. However since they are simple python and or ruby scripts with no real dependencies things should work just fine.
NOTE: Most output info has been slightly modified.

So without further delay the first up is
DNSDic.py
Code is here:
https://docs.google.com/View?docid=dg23j87b_214cdwmbjfx

So copy and paste the code from the link to a file named dnsdic.py and make the file executable. I added these tools to the following directory to keep things somewhat organised.
The script will need a dictionary when running. A good one and the one the author recommends is located in the dnsenum directory.

root@dorkness:/pentest/enumeration/#


Again executable is
root@dorkness:/pentest/enumeration/# chmod +x dnsdic.py


Generic run with no options:


root@dorkness:/pentest/enumeration/#python dnsdic.py

***************************************************
* program created by t0ka7a *
* http://infond.blogspot.com *
* under GNU 3.0 licence *
* v0.1 02/14/2010 *
* dns dictionnary search of hostnames in a subnet *
***************************************************

begin search...

wrong number of arguments

exemple: dnsdic.py -f ./dico.txt infond.blogspot.com



Ok now a run with some actual usage and results.

root@dorkness:/pentest/enumeration/# python dnsdic.py -f ./dns.txt exampleweb.ba

***************************************************
* program created by t0ka7a *
* http://infond.blogspot.com *
* under GNU 3.0 licence *
* v0.1 02/14/2010 *
* dns dictionnary search of hostnames in a subnet *
***************************************************

begin search...

exampleweb.ba ['ftp.exampleweb.ba'] ['81.61.112.150']
mail.exampleweb.ba [] ['81.61.112.10']
ns.exampleweb.ba [] ['81.61.112.70']
exampleweb.ba ['www.exampleweb.ba'] ['81.61.112.250']

end of search
95 names tested, 4 hostnames found, in 16.110284 s

root@dorkness:/pentest/enumeration/#

No comments: