Kali system -- dnsrecon for DNS collection and analysis

1> function ：
DNS Reconnaissance is an important part of penetration test information collection .DNS Reconnaissance is to get from DNS In the records returned by the server , For more information . Don't trigger IDS/IPS You can get information about network facilities . Most companies do not monitor DNS The server , It will only monitor whether there is a zone transfer vulnerability .

There are already many tools available on the Internet to collect DNS Information , This article introduces DNSRecon, from Carlos Perez use Python Development , be used for DNS scout .
This tool can complete the following operations :

Area transmission ---- Zone Transfer
Reverse query ---- Reverse Lookup
A violent guess ---- Domain and Host Brute-Force
Standard record enumeration ---- Standard Record Enumeration (wildcard,SOA,MX,A,TXT etc.)
cache snooping ---- Cache Snooping
Area traversal ---- Zone Walking
Google Inquire about ---- Google Lookup

2>

	  -h, --help                                        Print help and exit 

	   -d, --domain      <domain>           Target domain name 

	   -r, --range       <range>                 For a given format IP The scope of blasting , The format is ( Start IP- end IP) or ( Range / Mask ).

	   -n, --name_server <name>           Specify a domain name server 

	   -D, --dictionary  <file>                  The subdomain name and hostname dictionary file used to explode 

	   -f                                                    Ignore enum field lookup results when saving results 

	   -t, --type        <types>     Specify enumeration type ：

	                                std                 If NS Domain transfer failed for server , Conduct SOA、NS、A、AAAA、MX  and  SRV Enumeration ( You have to use -d Parameter specifies the domain name to use this parameter )

	                                rvl                  For given IP Scope or CIDR Reverse lookup ( You have to use -r Appoint IP Range )

	                                brt                 Use the specified dictionary to explode the domain name and host name 

	                                srv                 enumeration SRV Record 

	                                axfr                For all the NS The server performs a domain transfer test 

	                                goo                For subdomains and host Conduct Google Search for 

	                                snoop            Yes -D Options given in the file DNS Server cache detection 

	                                tld                  Delete... For the given domain TLD And test on IANA All registered in TLD

	                                zonewalk       Use NSEC Recording DNSSEC Domain roaming 

	   -a                           Carry out spatial domain transfer test in the standard enumeration process 

	   -s                           In the standard enumeration process IP Reverse lookup of address range 

	   -g                          In the process of standard enumeration Google enumeration 

	   -w                          Depth in the process of standard enumeration whois Query and IP The check 

	   -z                           In the process of standard enumeration DNSSEC Domain roaming 

	   --threads         <number>        Specified number of threads 

	   --lifetime        <number>        Specify the time to wait for the query 

	   --db              <file>                  Store the results as sqlite3 Database files 

	   --xml             <file>                  Store the results as XML File format 

	   --iw                                           Even if wildcards are found, they still explode 

	   -c, --csv         <file>                 CSV File format 

	   -j, --json        <file>                 json file 

	   -v                                              Show the process of blasting 

3> experiment ：

For given IP Perform domain name reverse query in the scope