PLEASE DO NOT USE TOOLS LISTED HERE FOR ANY ILLEGAL OPERATION!

An option that DNSenum offers is the Google Scraping which it queries google search pages to discover various domain names of the target domain. This feature is very useful when zone transfer is disabled in target. What it does is trying to get results from google by using following command, where www is omitted:

allinurl: -www site:example.com

dnsenum -p 7 -s 9 example.com

p -> number of google search pages to process when scraping names

s -> maximum number of subdomains that will be scraped from Google

If below message is displayed as a result of dnsenum google scraping options, paste google dork mentioned above in google search page to receive results.

enum1

 

DNSenum without any option will get us host addresses, name servers and mail servers.

enum2

 

After getting above information dnsenum will attempt zone transfer as shown below, from the nameservers identified. It could yield additional information like sub-domains.

enum3

 

Attempting to connect manually on the sub-domains identified via zone transfer could yield more information about target domain.

Leave a Reply

Your email address will not be published. Required fields are marked *