The--nslookup of penetration testing in DNS detection

Source: Internet
Author: User
Tags domain name server nslookup kali linux

1 DNS Introduction

DNS (domain Name System) can provide valuable data during the detection process, the basic function of DNS is to convert the domain name to an IP address. (If you don't know much about DNS, it's going to take a lot of effort!) Now there are a number of great tools that can help us extract the data we need from our domain name servers, and the information we can collect includes:

Record Description
CNAME Alias, used to bind multiple domain names to the same IP address
A Convert a domain name or subdomain to a 32-bit IP address, or store other valuable information
Mx Bind a domain name to a mail server

The DNS detective is considered an active casing reconnaissance, because you have to interact with the customer's device to get information.

2. Nslookup Tools

Nslookup is a DNS query tool that resolves a domain name to an IP address and vice versa. It can query a given domain name server and give a specific record. Nslookup is a cross-platform software that has been preinstalled in Kali Linux.

2.1 Default Output

Take www.baidu.com domain name as an example, implement a fast IP address query. Enter the following command on the Kali Linux terminal:
  
  # nslookup www.baidu.com
  

The output information is as follows:
  
Server 202.205.16.4 is the NDS server for this network, and UDP port 53 is the port used by DNS requests. According to the output shows that the Baidu alias is www.a.shifen.com, the query to two IP address description Baidu used more than one server to balance the load.

2.2 Replacing a domain name server

The results of using different authentication DNS queries, such as server 8.8.8.8, are public DNS servers provided by Google to provide secure browsing for public users. In penetration testing, it makes sense to use a different public DNS server to detect if your current DNS server has been tampered with.


# nslookup
\> server
\>server 8.8.8.8
\>set type=ns
\>www.baidu.com

Initialize nslookup, and then console input server, you can see the domain name servers and ports currently used by this machine. For a domain name server, enter a command to server 8.8.8.8 view the domain name with the specified domain name server. set type=nsdefines the type as NS (domain name server).
The above command can be simplified to one line of command:
  
  # nslookup -type=ns baidu.com 8.8.8.8
  

  
Nslookup Reverse parsing Example:
  

2.3 Creating an Automation script

Nslookup can be executed with a single command, so you can create a script that automatically performs the extraction of information for a domain name or host, and then imports the output into a text file.

    1. Create a text file for the domain name you want to query


      # vim DomainNames.txt

      Fill in

      baidu.com
      blog.csdn.net

: Wq save exit.

    1. Create a script

      # vim autoDNS.sh

      Write the following script to the autodns.sh file:

      #!/bin/sh
      for HOSTNAME in `cat DomainNames.txt`
      do
      echo "Name servers of [$HOSTNAME]"
      nslookup $HOSTNAME
      done

        
      Add executable permissions for autodns.sh.

      # chmod +x autoDNS.sh
      Execute script
      # ./autoDNS.sh
      The results are as follows:

    2. Export the results to the specified file

      # ./autoDNS.sh > NameServerLists.txt# cat NameSercerLists.txt

      Cat views the results correctly.

The--nslookup of penetration testing in DNS detection

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.