June 2018
Intermediate to advanced
294 pages
7h 5m
English
Content preview from Practical Web Penetration Testing
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Domain name system – DNS enumeration
DNS enumeration will reveal information regarding domain names and IP addresses assigned to the target, as well as the route between us and the final destination.
In summary, the Domain Name System (DNS) is a database that resolves domain names (for example, google.com) to its IP addresses (172.217.10.46).
You will use the DNS information for the following reasons:
- To identify whether the DNS server allows a zone transfer. If it does, then it will reveal the hostnames and IP addresses of internet-accessible systems.
- By using a brute-force methodology, the tool allows us to identify new domain names or subdomains associated with the target.
- Finding services that may be vulnerable (for example, FTP).