The--nslookup of penetration testing in DNS detection

1 DNS Introduction

DNS (domain Name System) can provide valuable data during the detection process, the basic function of DNS is to convert the domain name to an IP address. (If you don't know much about DNS, it's going to take a lot of effort!) Now there are a number of great tools that can help us extract the data we need from our domain name servers, and the information we can collect includes:

Record	Description
CNAME	Alias, used to bind multiple domain names to the same IP address
A	Convert a domain name or subdomain to a 32-bit IP address, or store other valuable information
Mx	Bind a domain name to a mail server

The DNS detective is considered an active casing reconnaissance, because you have to interact with the customer's device to get information.

2. Nslookup Tools

Nslookup is a DNS query tool that resolves a domain name to an IP address and vice versa. It can query a given domain name server and give a specific record. Nslookup is a cross-platform software that has been preinstalled in Kali Linux.

2.1 Default Output

Take www.baidu.com domain name as an example, implement a fast IP address query. Enter the following command on the Kali Linux terminal:
　　
　　# nslookup www.baidu.com
　　
The output information is as follows:
　　
Server 202.205.16.4 is the NDS server for this network, and UDP port 53 is the port used by DNS requests. According to the output shows that the Baidu alias is www.a.shifen.com, the query to two IP address description Baidu used more than one server to balance the load.

2.2 Replacing a domain name server

The results of using different authentication DNS queries, such as server 8.8.8.8, are public DNS servers provided by Google to provide secure browsing for public users. In penetration testing, it makes sense to use a different public DNS server to detect if your current DNS server has been tampered with.


# nslookup
\> server
\>server 8.8.8.8
\>set type=ns
\>www.baidu.com

Initialize nslookup, and then console input server, you can see the domain name servers and ports currently used by this machine. For a domain name server, enter a command to server 8.8.8.8 view the domain name with the specified domain name server. set type=nsdefines the type as NS (domain name server).
The above command can be simplified to one line of command:
　　
　　# nslookup -type=ns baidu.com 8.8.8.8
　　
　　
Nslookup Reverse parsing Example:
　　

2.3 Creating an Automation script

Nslookup can be executed with a single command, so you can create a script that automatically performs the extraction of information for a domain name or host, and then imports the output into a text file.

1. Create a text file for the domain name you want to query

   
# vim DomainNames.txt

   Fill in
   
baidu.com
blog.csdn.net


: Wq save exit.

1. Create a script

   # vim autoDNS.sh

   Write the following script to the autodns.sh file:

   #!/bin/sh
for HOSTNAME in `cat DomainNames.txt`
do
echo "Name servers of [$HOSTNAME]"
nslookup $HOSTNAME
done
   　　
   Add executable permissions for autodns.sh.

   # chmod +x autoDNS.sh
   Execute script
   # ./autoDNS.sh
   The results are as follows:
   

2. Export the results to the specified file

   # ./autoDNS.sh > NameServerLists.txt# cat NameSercerLists.txt

   Cat views the results correctly.

The--nslookup of penetration testing in DNS detection