Tuesday, May 25, 2010

Adding more DNS tools to BT4 part 2

DNSbf.py
Ok again this is a simple copy and paste.
Get the source here:
https://docs.google.com/View?docid=dg23j87b_213fh46kgfp

EDIT: Since the above google doc seems to no longer be valid, I will leave it to the user to find it by searching google. Frankly as I stated in the comments below if you can't find this or any other tool I write about then you probably shouldn't be using them since it's obvious you don't know what you are doing.

Copy and paste to wherever you want. I used the same directory as before.
The name is dnsbf.py The purpose of the tools is to use DNS and find hostnames in a subnet.
save and give execute permissions.

Generic usage with no flags set.

root@dorkness:/pentest/enumeration/dnsenum# ./dnsbf.py

*****************************************
* program created by t0ka7a *
* http://infond.blogspot.com *
* under GNU 3.0 licence *
* v0.2 02/13/2010 *
* using dns, find hostnames in a subnet *
*****************************************

begin search...

wrong number of arguments

exemple: ./dnsbf.py 192.168.1.0/24

root@dorkness:/pentest/enumeration/dnsenum#


This time we have some targets to scan.
root@dorkness:/pentest/enumeration/dnsenum# ./dnsbf.py 80.65.162.0/24

*****************************************
* program created by t0ka7a *
* http://infond.blogspot.com *
* under GNU 3.0 licence *
* v0.2 02/13/2010 *
* using dns, find hostnames in a subnet *
*****************************************

begin search...

80.65.162.2 bbr-gtz.europronet.ba
80.65.162.201 fa11_ssw-gadzo01.europronet.ba
80.65.162.202 smtps.bihgap.ba
80.65.162.205 fa05_ssw-sa02.europronet.ba
80.65.162.206 hotcasino03.europronet.ba
80.65.162.209 fa23_ssw-sa01.europronet.ba
80.65.162.210 ulk-srv01.linux.org.ba
80.65.162.213 fa15_ssw-sa01.europronet.ba
80.65.162.214 voip-gw01.europronet.ba
80.65.162.217 fa32_ssw-sa01.europronet.ba
80.65.162.218 yellow.europronet.ba
80.65.162.221 fa42_ssw-sa01.europronet.ba
80.65.162.225 fa06_ssw-sa02.europronet.ba
80.65.162.226 hotcasino2.europronet.ba
80.65.162.250 queer.ba
80.65.162.229 fa13_ssw-sa01.europronet.ba
80.65.162.230 mx2.europronet.ba
80.65.162.233 fa07_ssw-sa02.europronet.ba
80.65.162.234 hotcasinogb.europronet.ba
80.65.162.237 fa31_ssw-sa01.europronet.ba
80.65.162.241 fa34_ssw-sa01.europronet.ba
80.65.162.242 mail.triptih.europronet.ba
80.65.162.245 fa36_ssw-sa01.europronet.ba
80.65.162.1 fe08_asw-sa01.europronet.ba
80.65.163.78 mailsrvsa.octas.com
80.65.163.81 rg-ice.europronet.ba
80.65.163.108 terme-centrala.europronet.ba
80.65.163.162 mail2.procreditbank.ba
80.65.163.194 ip-65-163-194.europronet.ba
80.65.163.254 robot-vgw.europronet.ba
80.65.162.70 ns.queer.ba
80.65.162.34 posao.ba
80.65.162.35 mposao.ba

end of search
511 ip tested, 33 names found, in 11 s

root@dorkness:/pentest/enumeration/dnsenum#


So there you go another cool tool to add to BT for your
reconaissance efforts.

2 comments:

Anonymous said...

Archangel the google doc is not accessible and requires approval to gain access.

Is there anywhere else this tool is available ?

Best

wire[speed]

Unknown said...

Well if you can't find the damn tool per internet then you shouldn't be using it in the first place. I mean it's not that hard.