Information Security

Backtrack 5: Information Gathering: Network Analysis: DNS Analysis: reverseraider

So many of the DNS enumeration scripts available in backtrack focus on typical DNS but reverseraider does what it sounds like it might do which is enumerate reverse DNS names. Enumerating reverse DNS on an IP or set of IP’s can sometimes reveal information you did not previously have. It is possible to be targeting a web server that has a bunch of virtual hosts and you prefer to track down primary web site on the web server which is where reverseraider may provide the results necessary as it is more likely that the most important site on the virtual web server has reverse DNS configured on the host itself. Below I display the primary three methods of using reverseraider.

Information Security

Backtrack 5 : Information Gathering : Web Application Analysis : CMS Identification : wpscan

One of my favorite apps in Backtrack Linux that I recently discovered is wpscan. There are a ton of WordPress sites in the wild and using wpscan is an excellent way to begin an audit on a WP site. There are a couple things that wpscan does that is really amazing such as enumerating logins from WordPress sites and enumerating WordPress plugins that are installed. Below are a couple examples of how wpscan can be useful for WordPress web site analysis.

Information Security

Backtrack 5: Information Gathering: Network Analysis: DNS Analysis: dnsdict6

Awhile back purehate and myself started writing articles related to Backtrack in an attempt to write a single article about each application available within Backtrack 4. Things came up and we never accomplished that goal so here we go again with a second attempt to write a single article for every Backtrack application. If you have requests for any applications we will move them up in priority so the application you need more information on will have an article released sooner.

With that being said dnsdict6 is a CLI utility that was built to enumerate IPv6 sub domains for a specific domain name. Below I describe the command line switches available and provide examples so you can see what type of output dnsdict6 provides. All commands, examples, and command output has been issued via Backtrack 5 R2.

Information Security

Backtrack 4: Information Gathering: Route: Netenum – Produce lists of hosts for other programs

The next tool up for review is the netenum script. Netenum can be used to produce lists of hosts for other programs. It’s not as powerful as other ping-sweep tools, but it’s simple. When giving a timeout, it uses ICMP echo request to find available hosts. If you don’t supply a timeout, it just prints an IP address per line, so you can use them in shell scripts.