Home > Others

Penetration Testing of domain name Information Finder Dig tutorial

Source: Internet
Author: User
Tags domain name server domain transfer nslookup reverse dns kali linux
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

1. Introduction

The Domain name Information Finder (DIG) is a powerful tool similar to Nslookup, which not only supports running command-line options, but also enables you to import files directly through the pipeline when querying multiple domain names. Dig uses /etc/resolve.conf a file to iterate over the request Domain name server (except for the specified domain name server), dig has a long list of options that can be configured to get the data that needs to be collected.
The dig website details the functions of dig.

2. Dig Command Query

In the Kali Linux terminal, enter the command to query for Baidu.com as an example:
 
 # dig baidu.com

Output results such as:

  
The output details indicate the version number of the dig, and the global option is selected by default. According to the results, Baidu.com's A records listed 3:132.125.114.144,180.149.132.47 and 220.181.57.217.
Deeper dig query:

# dig +qr youku.com any

Option any will query all DNS records about youku.com, +QR is the result of printing, this query results in addition to the previous data header and tail, but also contains some other records, including all the name servers and aliases.

3. Using Dig for domain transfer

Domain Transfer (AXFR) is able to get all the records for the entire domain name server at once, and if executed successfully, all the information on the domain name server can be listed with a simple command. In a highly secure environment, domain transfer is disabled because it provides an attacker with a range of valuable information such as host names.
Terminal input:
  
  # dig @ns1.youku.com youku.com axfr
  
  

This query failed, and then tried the other three failed, it seems that Youku still has some security measures. However, not all servers have this feature disabled, and this is not disabled.

4. Dig Advanced Features

The dig feature is quite diverse and allows you to export different data formats. You can use +nocmd the command information to delete the output.
 +noallThe dig output does not contain flag information.
 +answerThe dig output shows only the answer section.
 
 # dig +nocmd +noall +answer baidu.com
 
Show Results only:
 
This makes it easy to use the awk and grep tools to further process the results.

In addition, dig has some other valuable commands.

    • List bind versions
# dig +nocmd txt chaos VERSION.BIND @sn1.example.com +noall +answer

This command determines the BIND version information that is running on the server and is valuable for finding vulnerabilities.

    • Reverse DNS Lookups
      Resolves the IP address to a domain name, except Nslookup can also use the dig command to accomplish this task.
# dig +nocmd +noall +answer -x 180.149.132.47
    • Query path
      Use +trace The routing information that you can get dig resolving domain names.
# dig +trace baidu.com


    • Dig Batch Processing
      Unlike Nslookup, you don't need to write a script to iterate through all of the file names. Dig can use the -f options to complete the batch process.
      Write the following to the Digtask.txt file

+nocmd +noall +answer baidu.com
+nocmd +noall +answer youku.com
+nocmd +noall +answer blog.csdn.net

Enter the command to execute the following command:

# dig -f digtask.txt

Penetration Testing of domain name Information Finder Dig tutorial

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
generic domain name finder domain name server information basics of hacking and penetration testing owasp penetration testing aws penetration testing qualys penetration testing zap penetration testing

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More