• Home »
  • Security »
  • Backtrack 5: Information Gathering: Network Analysis: DNS Analysis: reverseraider

Backtrack 5: Information Gathering: Network Analysis: DNS Analysis: reverseraider

So many of the DNS enumeration scripts available in backtrack focus on typical DNS but reverseraider does what it sounds like it might do which is enumerate reverse DNS names. Enumerating reverse DNS on an IP or set of IP’s can sometimes reveal information you did not previously have. It is possible to be targeting a web server that has a bunch of virtual hosts and you prefer to track down primary web site on the web server which is where reverseraider may provide the results necessary as it is more likely that the most important site on the virtual web server has reverse DNS configured on the host itself. Below I display the primary three methods of using reverseraider.

Use reverseraider To Enumerate Reverse DNS On A File Of IP’s:

root@bt:/pentest/enumeration/reverseraider# ./reverseraider -f iplist-test.txt
resolver3.opendns.com           	208.67.222.220
resolver3.opendns.com           	208.67.222.220
resolver1.opendns.com           	208.67.222.222
resolver1.opendns.com           	208.67.222.222
google-public-dns-a.google.com  	8.8.8.8
google-public-dns-a.google.com  	8.8.8.8
resolver2.opendns.com           	208.67.220.220
resolver2.opendns.com           	208.67.220.220
resolver2.opendns.com           	208.67.220.220
resolver2.opendns.com           	208.67.220.220
root@bt:/pentest/enumeration/reverseraider#

The above list of IP’s is provided with reverseraider as test list of IP’s and resolves various Google IP’s reverse DNS. The primary thing to take away from the above example is that the -f switch allows you to specificy a file that has a list of IP’s, a list of IP ranges, or a combination of the two. The next example below uses a wordlist against a specific domain looking for reverse DNS by parsing a wordlist trying each combination within.

Use reverseraider To Enumerate Reverse DNS Based On A Wordlist:

root@bt:/pentest/enumeration/reverseraider# ./reverseraider -w wordlists/fast.list -d louisville.edu
smtp.louisville.edu             	136.165.233.235
smtp.louisville.edu             	136.165.233.231
smtp.louisville.edu             	136.165.233.227
hermes.louisville.edu           	136.165.253.10
dns.louisville.edu              	136.165.253.10
smtp.louisville.edu             	136.165.233.227
mail.louisville.edu             	136.165.233.227
smtp.louisville.edu             	136.165.233.235
mail.louisville.edu             	136.165.233.235
smtp.louisville.edu             	136.165.233.231
mail.louisville.edu             	136.165.233.231
www.louisville.edu              	136.165.238.157
web.louisville.edu              	136.165.238.183
ldaplb.louisville.edu           	136.165.229.2
ldap.louisville.edu             	136.165.229.2
www.louisville.edu              	136.165.238.157
smtp.louisville.edu             	136.165.233.231
smtp.louisville.edu             	136.165.233.227
smtp.louisville.edu             	136.165.233.235
hermes.louisville.edu           	136.165.253.10
dns.louisville.edu              	136.165.253.10
smtp.louisville.edu             	136.165.233.235
mail.louisville.edu             	136.165.233.235
smtp.louisville.edu             	136.165.233.231
mail.louisville.edu             	136.165.233.231
smtp.louisville.edu             	136.165.233.227
mail.louisville.edu             	136.165.233.227
web.louisville.edu              	136.165.238.183
ldaplb.louisville.edu           	136.165.229.2
ldap.louisville.edu             	136.165.229.2
vpn.louisville.edu              	216.249.140.85
vpn.louisville.edu              	216.249.140.85
root@bt:/pentest/enumeration/reverseraider#

In the above example the smallest wordlist example was used which still turned up a ton of results. In this example with the -d switch it specifies a domain you want to enumerate reverse DNS names for however keep in mind that you must also use the -w switch to specify a wordlist. There are three wordlists located in /pentest/enumeration/reverseraider/wordlists/. You can also see how numerous reverse DNS names have multiple IP’s which is another thing to think about when thinking of the value of reverse DNS. If you knew of the IP address 136.165.233.235 above which allowed you to obtain mail.louisville.edu then you could then investigate using reverseraider and other tools to see if there are other mail servers in the same IP range. The last example below displays reverseraider using the -r switch which allows you to specify a single IP or a range of IP’s on the command line.

Use reverseraider To Enumerate Reverse DNS Entries By IP Address:

root@bt:/pentest/enumeration/reverseraider# ./reverseraider -r 2.1.1.1-10
ANantes-551-1-154-1.w2-1.abo.wanadoo.fr	2.1.1.1
ANantes-551-1-154-1.w2-1.abo.wanadoo.fr	2.1.1.1
ANantes-551-1-154-2.w2-1.abo.wanadoo.fr	2.1.1.2
ANantes-551-1-154-2.w2-1.abo.wanadoo.fr	2.1.1.2
ANantes-551-1-154-3.w2-1.abo.wanadoo.fr	2.1.1.3
ANantes-551-1-154-3.w2-1.abo.wanadoo.fr	2.1.1.3
ANantes-551-1-154-4.w2-1.abo.wanadoo.fr	2.1.1.4
ANantes-551-1-154-4.w2-1.abo.wanadoo.fr	2.1.1.4
ANantes-551-1-154-5.w2-1.abo.wanadoo.fr	2.1.1.5
ANantes-551-1-154-5.w2-1.abo.wanadoo.fr	2.1.1.5
ANantes-551-1-154-6.w2-1.abo.wanadoo.fr	2.1.1.6
ANantes-551-1-154-6.w2-1.abo.wanadoo.fr	2.1.1.6
ANantes-551-1-154-7.w2-1.abo.wanadoo.fr	2.1.1.7
ANantes-551-1-154-7.w2-1.abo.wanadoo.fr	2.1.1.7
ANantes-551-1-154-8.w2-1.abo.wanadoo.fr	2.1.1.8
ANantes-551-1-154-8.w2-1.abo.wanadoo.fr	2.1.1.8
ANantes-551-1-154-9.w2-1.abo.wanadoo.fr	2.1.1.9
ANantes-551-1-154-9.w2-1.abo.wanadoo.fr	2.1.1.9
ANantes-551-1-154-10.w2-1.abo.wanadoo.fr	2.1.1.10
ANantes-551-1-154-10.w2-1.abo.wanadoo.fr	2.1.1.10
root@bt:/pentest/enumeration/reverseraider#

That is pretty much it. There is not a lot to reverseraider though I believe it to be a valuable to specifically for reverse DNS enumeration.


List Price: $140.00 USD
New From: $95.41 USD In Stock
Used from: $119.60 USD In Stock

Share