Penetration Testing of domain name Information Finder Dig tutorial

Source: Internet
Author: User
Tags domain name server domain transfer nslookup reverse dns kali linux

1. Introduction

The Domain name Information Finder (DIG) is a powerful tool similar to Nslookup, which not only supports running command-line options, but also enables you to import files directly through the pipeline when querying multiple domain names. Dig uses /etc/resolve.conf a file to iterate over the request Domain name server (except for the specified domain name server), dig has a long list of options that can be configured to get the data that needs to be collected.
The dig website details the functions of dig.

2. Dig Command Query

In the Kali Linux terminal, enter the command to query for Baidu.com as an example:
 
 # dig baidu.com

Output results such as:

  
The output details indicate the version number of the dig, and the global option is selected by default. According to the results, Baidu.com's A records listed 3:132.125.114.144,180.149.132.47 and 220.181.57.217.
Deeper dig query:

# dig +qr youku.com any

Option any will query all DNS records about youku.com, +QR is the result of printing, this query results in addition to the previous data header and tail, but also contains some other records, including all the name servers and aliases.

3. Using Dig for domain transfer

Domain Transfer (AXFR) is able to get all the records for the entire domain name server at once, and if executed successfully, all the information on the domain name server can be listed with a simple command. In a highly secure environment, domain transfer is disabled because it provides an attacker with a range of valuable information such as host names.
Terminal input:
  
  # dig @ns1.youku.com youku.com axfr
  

  

This query failed, and then tried the other three failed, it seems that Youku still has some security measures. However, not all servers have this feature disabled, and this is not disabled.

4. Dig Advanced Features

The dig feature is quite diverse and allows you to export different data formats. You can use +nocmd the command information to delete the output.
 +noallThe dig output does not contain flag information.
 +answerThe dig output shows only the answer section.
 
 # dig +nocmd +noall +answer baidu.com
 

Show Results only:
 
This makes it easy to use the awk and grep tools to further process the results.

In addition, dig has some other valuable commands.

    • List bind versions
# dig +nocmd txt chaos VERSION.BIND @sn1.example.com +noall +answer

This command determines the BIND version information that is running on the server and is valuable for finding vulnerabilities.

    • Reverse DNS Lookups
      Resolves the IP address to a domain name, except Nslookup can also use the dig command to accomplish this task.
# dig +nocmd +noall +answer -x 180.149.132.47
    • Query path
      Use +trace The routing information that you can get dig resolving domain names.
# dig +trace baidu.com


    • Dig Batch Processing
      Unlike Nslookup, you don't need to write a script to iterate through all of the file names. Dig can use the -f options to complete the batch process.
      Write the following to the Digtask.txt file

+nocmd +noall +answer baidu.com
+nocmd +noall +answer youku.com
+nocmd +noall +answer blog.csdn.net

Enter the command to execute the following command:

# dig -f digtask.txt

Penetration Testing of domain name Information Finder Dig tutorial

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.