• Home »
  • »
  • Backtrack 5: Information Gathering: Network Analysis: DNS Analysis: reverseraider

Backtrack 5: Information Gathering: Network Analysis: DNS Analysis: reverseraider

So many of the DNS enumeration scripts available in backtrack focus on typical DNS but reverseraider does what it sounds like it might do which is enumerate reverse DNS names. Enumerating reverse DNS on an IP or set of IP’s can sometimes reveal information you did not previously have. It is possible to be targeting a web server that has a bunch of virtual hosts and you prefer to track down primary web site on the web server which is where reverseraider may provide the results necessary as it is more likely that the most important site on the virtual web server has reverse DNS configured on the host itself. Below I display the primary three methods of using reverseraider.

Use reverseraider To Enumerate Reverse DNS On A File Of IP’s:


  1. root@bt:/pentest/enumeration/reverseraider# ./reverseraider -f iplist-test.txt
  2. resolver3.opendns.com     
  3. resolver3.opendns.com     
  4. resolver1.opendns.com     
  5. resolver1.opendns.com     
  6. google-public-dns-a.google.com
  7. google-public-dns-a.google.com
  8. resolver2.opendns.com     
  9. resolver2.opendns.com     
  10. resolver2.opendns.com     
  11. resolver2.opendns.com     
  12. root@bt:/pentest/enumeration/reverseraider#

The above list of IP’s is provided with reverseraider as test list of IP’s and resolves various Google IP’s reverse DNS. The primary thing to take away from the above example is that the -f switch allows you to specificy a file that has a list of IP’s, a list of IP ranges, or a combination of the two. The next example below uses a wordlist against a specific domain looking for reverse DNS by parsing a wordlist trying each combination within.

Use reverseraider To Enumerate Reverse DNS Based On A Wordlist:


  1. root@bt:/pentest/enumeration/reverseraider# ./reverseraider -w wordlists/fast.list -d louisville.edu
  2. smtp.louisville.edu       
  3. smtp.louisville.edu       
  4. smtp.louisville.edu       
  5. hermes.louisville.edu     
  6. dns.louisville.edu        
  7. smtp.louisville.edu       
  8. mail.louisville.edu       
  9. smtp.louisville.edu       
  10. mail.louisville.edu       
  11. smtp.louisville.edu       
  12. mail.louisville.edu       
  13. www.louisville.edu        
  14. web.louisville.edu        
  15. ldaplb.louisville.edu     
  16. ldap.louisville.edu       
  17. www.louisville.edu        
  18. smtp.louisville.edu       
  19. smtp.louisville.edu       
  20. smtp.louisville.edu       
  21. hermes.louisville.edu     
  22. dns.louisville.edu        
  23. smtp.louisville.edu       
  24. mail.louisville.edu       
  25. smtp.louisville.edu       
  26. mail.louisville.edu       
  27. smtp.louisville.edu       
  28. mail.louisville.edu       
  29. web.louisville.edu        
  30. ldaplb.louisville.edu     
  31. ldap.louisville.edu       
  32. vpn.louisville.edu        
  33. vpn.louisville.edu        
  34. root@bt:/pentest/enumeration/reverseraider#

In the above example the smallest wordlist example was used which still turned up a ton of results. In this example with the -d switch it specifies a domain you want to enumerate reverse DNS names for however keep in mind that you must also use the -w switch to specify a wordlist. There are three wordlists located in /pentest/enumeration/reverseraider/wordlists/. You can also see how numerous reverse DNS names have multiple IP’s which is another thing to think about when thinking of the value of reverse DNS. If you knew of the IP address above which allowed you to obtain mail.louisville.edu then you could then investigate using reverseraider and other tools to see if there are other mail servers in the same IP range. The last example below displays reverseraider using the -r switch which allows you to specify a single IP or a range of IP’s on the command line.

Use reverseraider To Enumerate Reverse DNS Entries By IP Address:


  1. root@bt:/pentest/enumeration/reverseraider# ./reverseraider -r
  2. ANantes-551-1-154-1.w2-1.abo.wanadoo.fr
  3. ANantes-551-1-154-1.w2-1.abo.wanadoo.fr
  4. ANantes-551-1-154-2.w2-1.abo.wanadoo.fr
  5. ANantes-551-1-154-2.w2-1.abo.wanadoo.fr
  6. ANantes-551-1-154-3.w2-1.abo.wanadoo.fr
  7. ANantes-551-1-154-3.w2-1.abo.wanadoo.fr
  8. ANantes-551-1-154-4.w2-1.abo.wanadoo.fr
  9. ANantes-551-1-154-4.w2-1.abo.wanadoo.fr
  10. ANantes-551-1-154-5.w2-1.abo.wanadoo.fr
  11. ANantes-551-1-154-5.w2-1.abo.wanadoo.fr
  12. ANantes-551-1-154-6.w2-1.abo.wanadoo.fr
  13. ANantes-551-1-154-6.w2-1.abo.wanadoo.fr
  14. ANantes-551-1-154-7.w2-1.abo.wanadoo.fr
  15. ANantes-551-1-154-7.w2-1.abo.wanadoo.fr
  16. ANantes-551-1-154-8.w2-1.abo.wanadoo.fr
  17. ANantes-551-1-154-8.w2-1.abo.wanadoo.fr
  18. ANantes-551-1-154-9.w2-1.abo.wanadoo.fr
  19. ANantes-551-1-154-9.w2-1.abo.wanadoo.fr
  20. ANantes-551-1-154-10.w2-1.abo.wanadoo.fr
  21. ANantes-551-1-154-10.w2-1.abo.wanadoo.fr
  22. root@bt:/pentest/enumeration/reverseraider#

That is pretty much it. There is not a lot to reverseraider though I believe it to be a valuable to specifically for reverse DNS enumeration.