The next tool up for review is the netenum script. Netenum can be used to produce lists of hosts for other programs. It’s not as powerful as other ping-sweep tools, but it’s simple. When giving a timeout, it uses ICMP echo request to find available hosts. If you don’t supply a timeout, it just prints an IP address per line, so you can use them in shell scripts.
Backtrack 4: Information Gathering: DNS: Dnsenum – Enumerate information on a domain and discover non-contiguous ip blocks
Dnsenum is a very robust script which was actually written by one of the Backtrack developers when Backtrack was still a Remote-Exploit Project. The author, Filip (barbsie) Waeytens is a Web Application penetration tester and has extensive experience on the topic of DNS and information gathering. Today we will look at some examples of using Dnsenum to passively gather information on a target.