Re: [PEN-TEST] Recon tool kit part 1

[H D Moore <hdm () SECUREAUSTIN COM>]

Hi Matt/All,

I wrote a similar tool that takes an address mask and does the same
thing in a recursive and parallel fashion.  It will first perform a
reverse DNS lookup on every address in the given network mask/address,
then attempt a zone transfer of each domain it finds in the reverse
resolution.  For example, you run this tool on 192.168.10.0/24:

$ ./rrdns.pl 192.168.10.0/24
Getting reverse DNS information for 128 addresses...
Resolver finished in 3 seconds (42/sec)...

Starting Zone Transfer for example.lan (level 127)...
Starting Zone Transfer for exampletwo.lan (level 5)...

192.168.10.1:testbox.example.lan
[..]
192.168.10.145:www.exampletwo.lan
[..]
mail.example.lan     3600    IN      A       192.168.10.5
testbox.example.lan. 3600    IN      A       192.168.10.1
[..]
www.exampletwo.lan    3600    IN      A       192.168.10.145
ftp.exampletwo.lan    3600    IN      A       192.168.10.148
[..]

required modules: Net::DNS and Net::Netmask

# perl -MCPAN -e 'install Net::DNS'
# perl -MCPAN -e 'install Net::Netmask'


Script is attached.

-HD

http://www.digitaloffense.net (play)
http://www.digitaldefense.net (work)

"Matt W." wrote:
> Announcing the release of DNSHoe.pl v1.0.0 by Xram_LraK.  DNSHoe allows
> anyone to find out all the host names associated with a range of IPs.
> It's nice when the dns server doesn't allows zone transfers.  Requires
> NET::DNS perl module.
>
> Xram_LraK
> Egatobas Advanced Research Labs
> kmx () egatobas org

Attachment: rrdns.pl
Description: