http:\/\/code.google.com\/p\/dnsenum\/<\/a><\/p>\n\u521a\u624d\u5206\u522b\u5728Kali Linux\u4e0a\u90fd\u4f7f\u7528\u4e86\u4e00\u4e0b\u8fd93\u6b3eDNS\u4fe1\u606f\u641c\u96c6\u7684\u5de5\u5177\uff0c\u4e2a\u4eba\u4f7f\u7528\u611f\u53d7\u5982\u4e0b\uff1a<\/p>\n
dnsenum\u8fd9\u4e2a\u901f\u5ea6\u6700\u5feb\uff0c\u800c\u4e14\u4e5f\u6709\u4e2a\u5206\u7c7b\uff0c\u8fd9\u4e2a\u4f7f\u7528\u8d77\u6765\u8fd8\u4e0d\u9519\uff08\u4f46\u662f\u901f\u5ea6\u662f\u4e0d\u662f\u592a\u5feb\u4e86\uff1f\u5bfc\u81f4\u6211\u5bf9\u5168\u9762\u6027\u548c\u51c6\u786e\u6027\u90fd\u6709\u4e9b\u6000\u7591\u4e86\uff09\uff1b<\/p>\n
dnsmap\u548cfierce\u8fd9\u4e24\u4e2a\u90fd\u5f88\u6162\uff0c\u4e0d\u8fc7\u6162\u7684\u597d\u5904\u5c31\u662f\u641c\u96c6\u5230\u7684\u4e1c\u897f\u591a\uff0c\u5728\u4f7f\u7528\u7684\u65b9\u4fbf\u7a0b\u5ea6\u4e0a\u9762\uff0c\u6211\u8fd8\u662f\u89c9\u5f97dnsmap\u8fd9\u8981\u6bd4fierce\u8981\u597d\uff0c\u4e00\u4e2a\u662f\u76f4\u63a5\uff0c\u518d\u4e00\u4e2a\u5c31\u662ffierce\u8fd9\u8fd8\u9700\u8981\u540c\u65f6\u63d0\u4f9bhosts.txt\u6587\u4ef6\uff0c\u7565\u663e\u9ebb\u70e6\u3002\uff08PS:fierce\u8fd9\u4e2a\u5de5\u5177\u5728\u78b0\u5230\u6bd4\u8f83\u5c11\u89c1\u7684\u57df\u540d\u65f6\uff0c\u90a3\u901f\u5ea6\u771f\u7684\u4e0d\u662f\u4e00\u822c\u7684\u6162\uff0c\u800c\u4e14\u8fde\u4e2a\u8fdb\u5ea6\u90fd\u6ca1\u6709\uff0c\u8ba9\u4eba\u7b49\u7684\u63ea\u5fc3\u554a\uff01PS2:\u624d\u53d1\u73b0\uff0c\u539f\u6765fierce\u53ef\u4ee5\u6307\u5b9athread\u9009\u9879\u4ee5\u63d0\u9ad8\u901f\u5ea6\uff09<\/p>\n
—————–\u6d4b\u8bd5\u5982\u4e0b——————<\/p>\n
root@xxx:~# dnsenum baidu.com<\/span><\/strong><\/p>\ndnsenum.pl VERSION:1.2.2
\n……<\/p>\n
root@xxx:~# dnsmap baidu.com<\/span><\/strong><\/p>\ndnsmap 0.30 – DNS Network Mapper by pagvac (gnucitizen.org)
\n[+] searching (sub)domains for baidu.com using built-in wordlist
\n[+] using maximum random delay of 10 millisecond(s) between requests
\na.baidu.com
\nIP address #1: 123.125.114.38
\nab.baidu.com
\nIP address #1: 10.26.209.25
\n[+] warning: internal IP address disclosed
\naccounts.baidu.com
\nIP address #1: 10.11.252.74
\n[+] warning: internal IP address disclosed #dnsmap\u8fd8\u4f1a\u68c0\u6d4b\u5185\u90e8IP\u5730\u5740\u662f\u5426\u5b58\u5728\u6cc4\u6f0f\u7684\u95ee\u9898
\nad.baidu.com
\nIP address #1: 202.108.23.200
\n\u2026\u2026\u2026\u2026\u2026\u2026
\n250 (sub)domains and 290 IP address(es) found #dnsmap\u662f\u6700\u6162\u7684\uff0c\u4e0d\u8fc7\u68c0\u67e5\u51fa\u6765\u7684\u4e1c\u897f\u662f\u6700\u591a\u7684\uff0c\u800c\u4e14\u5728\u6700\u540e\u4f1a\u7ed9\u51fa\u4e00\u4e9b\u626b\u63cf\u4fe1\u606f\u51fa\u6765
\n[+] 89 internal IP address(es) disclosed
\n[+] completion time: 1298 second(s)<\/p>\n
root@xxx:~\/Desktop# .\/fierce.pl baidu.com #\u8fd8\u5f97\u52a0\u4e0a\u4e2a\u201c-dns\u201d\u9009\u9879<\/strong><\/span>
\nYou have to use the -dns switch with a domain after it.
\nType: perl fierce.pl -h for help
\nExiting…
\nroot@xxx:~\/Desktop# .\/fierce.pl -dns baidu.com<\/strong><\/span>
\nDNS Servers for baidu.com:
\nns3.baidu.com
\nns7.baidu.com
\nns2.baidu.com
\nns4.baidu.com
\ndns.baidu.com
\nTrying zone transfer first…
\nTesting ns3.baidu.com
\nRequest timed out or transfer not allowed.
\nTesting ns7.baidu.com
\nRequest timed out or transfer not allowed.
\nTesting ns2.baidu.com
\nRequest timed out or transfer not allowed.
\nTesting ns4.baidu.com
\nRequest timed out or transfer not allowed.
\nTesting dns.baidu.com
\nRequest timed out or transfer not allowed.
\nUnsuccessful in zone transfer (it was worth a shot) #\u9996\u5148\uff0cfierce\u4f1a\u5c1d\u8bd5\u57df\u4f20\u9001\u6f0f\u6d1e\u7684\u68c0\u6d4b
\nOkay, trying the good old fashioned way… brute force
\nChecking for wildcard DNS… #\u5c1d\u8bd5DNS\u7684\u901a\u914d\u7b26\u68c0\u6d4b
\nNope. Good.
\nNow performing 2280 test(s)… #\u5c1d\u8bd5\u6b21\u6570\u548c\u5b57\u5178\u6587\u4ef6\u6709\u5173
\n10.11.252.74 accounts.baidu.com
\n180.76.2.25 antivirus.baidu.com
\n……
\n\u2026\u2026\u2026\u2026Found 118 entries.\u2026\u2026\u2026\u2026
\n—————–
\n\u51b3\u5b9a\u4ee5\u540e\u5c31\u4f7f\u7528dnsmap\u4f5c\u4e3a\u8fd9\u65b9\u9762\u7684\u4e3b\u529b\u5de5\u5177\u4e86\uff01
\n\/usr\/share\/dnsmap\/wordlist_TLAs.txt #17576\u884c\uff08\u5c31\u662f\u4eceaaa-zzz\uff09
\nroot@xxx:~# find \/ -name “*dnsmap*”
\n\u2026\u2026
\n\/usr\/share\/wordlists\/dnsmap.txt
\n\u2026\u2026
\n\u6ce8\u610f\u4e00\u4e0bKali Linux\u4e0b\u7684\u8fd9\u4e2a\u6587\u4ef6\u5939\uff1a\/usr\/share\/wordlists<\/span><\/strong>
\nroot@xxx:\/usr\/share\/wordlists# ll
\n\u603b\u7528\u91cf 52128
\ndrwxr-xr-x \u00a0 2 root root \u00a0 \u00a0 4096 \u00a09\u6708 29 14:19 .
\ndrwxr-xr-x 464 root root \u00a0 \u00a016384 11\u6708 17 18:57 ..
\nlrwxrwxrwx \u00a0 1 root root \u00a0 \u00a0 \u00a0 25 \u00a09\u6708 29 14:19 dirb -> \/usr\/share\/dirb\/wordlists
\nlrwxrwxrwx \u00a0 1 root root \u00a0 \u00a0 \u00a0 30 \u00a09\u6708 29 14:19 dirbuster -> \/usr\/share\/dirbuster\/wordlists
\nlrwxrwxrwx \u00a0 1 root root \u00a0 \u00a0 \u00a0 35 \u00a09\u6708 29 14:19 dnsmap.txt -> \/usr\/share\/dnsmap\/wordlist_TLAs.txt
\nlrwxrwxrwx \u00a0 1 root root \u00a0 \u00a0 \u00a0 41 \u00a09\u6708 29 14:19 fasttrack.txt -> \/usr\/share\/set\/src\/fasttrack\/wordlist.txt
\nlrwxrwxrwx \u00a0 1 root root \u00a0 \u00a0 \u00a0 45 \u00a09\u6708 29 14:19 fern-wifi -> \/usr\/share\/fern-wifi-cracker\/extras\/wordlists
\nlrwxrwxrwx \u00a0 1 root root \u00a0 \u00a0 \u00a0 46 \u00a09\u6708 29 14:19 metasploit -> \/usr\/share\/metasploit-framework\/data\/wordlists
\nlrwxrwxrwx \u00a0 1 root root \u00a0 \u00a0 \u00a0 51 \u00a09\u6708 29 14:19 metasploit-jtr -> \/usr\/share\/metasploit-framework\/data\/john\/wordlists
\nlrwxrwxrwx \u00a0 1 root root \u00a0 \u00a0 \u00a0 39 \u00a09\u6708 29 14:19 metasploit-pro -> \/opt\/metasploit\/apps\/pro\/data\/wordlists
\nlrwxrwxrwx \u00a0 1 root root \u00a0 \u00a0 \u00a0 41 \u00a09\u6708 29 14:19 nmap.lst -> \/usr\/share\/nmap\/nselib\/data\/passwords.lst
\n-rw-r–r– \u00a0 1 root root 53357341 \u00a03\u6708 \u00a03 \u00a02013 rockyou.txt.gz
\nlrwxrwxrwx \u00a0 1 root root \u00a0 \u00a0 \u00a0 34 \u00a09\u6708 29 14:19 sqlmap.txt -> \/usr\/share\/sqlmap\/txt\/wordlist.txt
\nlrwxrwxrwx \u00a0 1 root root \u00a0 \u00a0 \u00a0 57 \u00a09\u6708 29 14:19 termineter.txt -> \/usr\/share\/termineter\/framework\/data\/smeter_passwords.txt
\nlrwxrwxrwx \u00a0 1 root root \u00a0 \u00a0 \u00a0 57 \u00a09\u6708 29 14:19 w3af.txt -> \/usr\/share\/w3af\/core\/controllers\/bruteforce\/passwords.txt
\nlrwxrwxrwx \u00a0 1 root root \u00a0 \u00a0 \u00a0 29 \u00a09\u6708 29 14:19 webslayer -> \/usr\/share\/webslayer\/wordlist
\nlrwxrwxrwx \u00a0 1 root root \u00a0 \u00a0 \u00a0 25 \u00a09\u6708 29 14:19 wfuzz -> \/usr\/share\/wfuzz\/wordlist
\nlrwxrwxrwx \u00a0 1 root root \u00a0 \u00a0 \u00a0 53 \u00a09\u6708 29 14:19 wfuzz.txt -> \/usr\/share\/golismero\/wordlist\/wfuzz\/Discovery\/all.txt<\/p>\n\u53ef\u4ee5\u770b\u5230\u8be5\u6587\u4ef6\u5939\u4e0b\u5305\u542b\u4e86\u5f88\u591aKali Linux\u4e0b\u7684\u66b4\u529b\u7834\u89e3\u5de5\u5177\u7b49\u7684\u5b57\u5178\u6587\u4ef6\u7684\u8f6f\u94fe\u63a5\u3002\uff08\u5176\u4e2d\u8fd8\u5305\u62ec\u6211\u4e4b\u524d\u6ca1\u6709\u4f7f\u7528\u8fc7\u7684dirbuster\/fasttrack\/wfuzz\/webslayer\u7b49\u5de5\u5177\uff09<\/p>\n
\u7136\u540e\uff0c\u6211\u67e5\u770b\u4e4b\u524d\u4f7f\u7528fierce\u5de5\u5177\u5728\u4f7f\u7528\u7684\u65f6\u5019\u81ea\u5e26\u7684hosts.txt\u6587\u4ef6\uff0c\u5176\u4e2d\u5171\u5305\u542b2280\u884c\uff0c\u4e0d\u518d\u662f\u4eceaaa-zzz\u7684\u7b80\u5355\u5b57\u7b26\u679a\u4e3e\u4e86\uff0c\u52a0\u4e0a\u4e86\u4e00\u4e9b\u6570\u5b57\u548c\u5e38\u89c1\u7684\u5b50\u57df\u540d\u524d\u7f00\uff0c\u53ef\u4ee5\u627e\u5230dnsmap\u627e\u4e0d\u5230\u7684\u4e00\u4e9b\u81ea\u5b9a\u4e49\u5b50\u57df\u540d\u4fe1\u606f\u3002<\/p>\n
\u5bf9\u4e86\uff0c\u5728Metasploit\u6846\u67b6\u4e2d\uff0c\u4e5f\u6709\u4e0d\u5c11DNS\u4fe1\u606f\u641c\u96c6\u5de5\u5177(search dns \u5149\u662f\u4fe1\u606f\u641c\u96c6\u811a\u672c\u5c31\u67095\u4e2a)\uff0c\u53ef\u4ee5\u5c1d\u8bd5\u4e00\u4e0b\uff01<\/p>\n","protected":false},"excerpt":{"rendered":"
\u4e4b\u524d\u5728\u6d4b\u8bd5DNS\u57df\u4f20\u9001\u6f0f\u6d1e\u65f6\u8bb0\u5f55\u7684\u5de5\u5177\u4f7f\u7528\u8bb0\u5f55\uff1a \u4e00\u4e9b\u53c2\u8003\u94fe\u63a5\uff1a \u4f7f\u7528theHarvester\u548cMSF3\u5feb\u901f\u6709 […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,25,12],"tags":[205,206,207,208],"class_list":["post-444","post","type-post","status-publish","format-standard","hentry","category-linux","category-security","category-tools","tag-dns","tag-dnsenum","tag-dnsmap","tag-fierce"],"views":8323,"_links":{"self":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/444","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/comments?post=444"}],"version-history":[{"count":0,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/444\/revisions"}],"wp:attachment":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/media?parent=444"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/categories?post=444"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/tags?post=444"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}