Technology Insights

dnsenum – Backtrack 5 – Information Gathering – Network Analysis – DNS Analysis – dnsenum

The Perl script as described in its Perl documentation is a multithreaded script to enumerate information on a domain and to discover non-contiguous IP blocks. So the gist of dnsenum is to gather information about a specific domain using various sources. Information gathered about a domain includes sub domains, associated IP ranges, name servers, mx records, reverse DNS records, hostname IP addresses, and potential vulnerabilities via zone transfers. Below we go into detail regarding the switches available with dnsenum as well as what the command returns by default without and CLI switches.

Information Security

weevely – Backtrack 5 – Maintaining Access – Web Backdoors – weevely

Need a quick way to generate a PHP backdoor for a compromised server you want to come back to later, then weevely is your application. I was pleasantly surprised when I started playing around with weevely in more detail as it provides a ton of built in functionality and does a lot more than I initially though that weevely did. The weevely application is built using Python and its current version on Backtrack 5 R3 is weevely v0.7. The Python script is located in theĀ /pentest/backdoors/web/weevely directory and some of its uses are described in more detail below.

Information Security

Backtrack 5 : Information Gathering : Web Application Analysis : CMS Identification : wpscan

One of my favorite apps in Backtrack Linux that I recently discovered is wpscan. There are a ton of WordPress sites in the wild and using wpscan is an excellent way to begin an audit on a WP site. There are a couple things that wpscan does that is really amazing such as enumerating logins from WordPress sites and enumerating WordPress plugins that are installed. Below are a couple examples of how wpscan can be useful for WordPress web site analysis.