Article From:https://www.cnblogs.com/-wenli/p/9967898.html

 

The Use of DNS Dictionary Explosion Tool fierce and dnsdict6 for Subdomain Collection

 

I. fierce

 0.introduce

This tool is a comprehensive tool for domain name scanning. It can quickly access DNS servers with specified domain names and check for Zone Transfer vulnerabilities. If this vulnerability does not exist, violent cracking will be automatically performed to obtain subdomain information. On the acquired IP addressIt also traverses the surrounding IP addresses for more information. Kali 2.0 is installed by default, and finally, IP addresses are segmented to facilitate later scanning of other tools, such as NMAP.

 

1.Use format

fierce -dnsserver Caching DNS server-dns target domain name-wordlist dictionary file

Example:

fierce -dnsserver 114.114.114.114 -dns baidu.com -wordlist /usr/share/fierce/hosts.txt

  

 

2.Here’s how to use it

 

(1)First, the dictionary explodes, then the dictionary is needed.

/usr/share/fierce/hosts.txtIt is its own dictionary file, you can find all the file locations when it is installed in Kali by dpkg-L command

 

Order:

dpkg -L fierce

 

 

(2)More examples

 

Use local DNS server to query

fierce -dns hbeu.cn -wordlist /usr/share/fierce/hosts.txt

  

 Use Google DNS server 8.8.8.8 query

fierce -dnsserver 8.8.8.8 -dns sina..com.cn -wordlist /usr/share/fierce/hosts.txt

  

(3)Actual use

 

Be careful:

If you specify a nonexistent dictionary file above, the command can also run.
Because the AXFR zone transfer request is made first, then the file does not exist and exits.

Suppose a.txt is a nonexistent dictionary file

 

Order:

fierce -dnsserver 114.114.114.114 -dns baidu.com -wordlist a.txt

  

DNS Servers for baidu.com:
    ns4.baidu.com
    dns.baidu.com
    ns7.baidu.com
    ns3.baidu.com
    ns2.baidu.com
Trying zone transfer first...

Unsuccessful in zone transfer (it was worth a shot)
Okay, trying the good old fashioned way... brute force
Can't open a.txt or the default wordlistExiting...

  

When you enter the location of the dictionary file correctly

Order:

fierce -dnsserver 114.114.114.114 -dns baidu.com -wordlist /usr/share/fierce/hosts.txt

 

DNS Servers for baidu.com:
    dns.baidu.com
    ns7.baidu.com
    ns2.baidu.com
    ns4.baidu.com
    ns3.baidu.com
Trying zone transfer first...

Unsuccessful in zone transfer (it was worth a shot)
Okay, trying the good old fashioned way... brute force

Checking for wildcard DNS...
Nope. Good.
Now performing 2280 test(s)...
111.206.223.136 0.baidu.com
61.135.186.115  1.baidu.com
61.135.186.230  11.baidu.com
202.108.23.222  11.baidu.com
123.125.115.209 12.baidu.com
123.125.115.174 12.baidu.com
180.149.131.33  61.baidu.com
^C

Note: Ctrl + C stops blasting

 

 

 Two, dnsdict6

 

0.introduce

dnsdict6It’s a tool for getting information about websites. Dnsdict6 can scan websites and display how many domains or subdomains it has, and it can also scan ipv6/ipv4 addresses. Dnsdict6 is a powerful tool, very fast and accurate, it can extract those for use.Household restricted or invisible subdomains. All of this proves that it is a good tool for getting information from websites.

Note: This tool is no longer integrated in Kali 2.0 and needs to be downloaded separately. Certificate errors are prompted by using wget, so download them with a physical machine and then load them into a virtual machine.

Download address: https://src.fedoraproject.org/lookaside/pkgs/thc-ipv6/thc-ipv6-2.7.tar.gz/

 

1.install

(1)Download and drag into virtual machine

(2)Environmental installation

apt-get install libpcap-dev libssl-dev libnetfilter-queue-dev

(3)decompression

tar xzf thc-ipv6-2.7.tar.gz

(4)Access to root directory

cd thc-ipv6-2.7

(5)install

make && make install

  

2.Use

 

(1)Use format

dnsdict6 [-d4] [-s|-m|-l|-x|-u] [-t Number of concurrent threads [-D] domain name [dictionary file]

 

(2)Parameter introduction

-d Display IPv6 results-4 shows IPv4 results.- t Number of concurrent threads, default 8, maximum 32-[smlxu] uses built-in dictionaries, increasing size from left to right-D uses local dictionary files

Note: dnsdict6 only needs to specify the own dictionary – [smlxu], you can also specify the local dictionary file with – D

 

(3)Actual use

command

dnsdict6 -4 -t 32 -u baidu.com

 

Starting DNS enumeration work on baidu.com. ...
Starting enumerating baidu.com. - creating 32 threads for 16726 words...
Estimated time to completion: 2 to 6 minutes
1.baidu.com. => 61.135.186.115
0.baidu.com. => 111.206.223.136
12.baidu.com. => 123.125.115.209
12.baidu.com. => 123.125.115.174
11.baidu.com. => 61.135.186.230
11.baidu.com. => 202.108.23.222
^C

  

 

Leave a Reply

Your email address will not be published. Required fields are marked *