The next tool up for review is the netenum script. Netenum can be used to produce lists of hosts for other programs. It’s not as powerful as other ping-sweep tools, but it’s simple. When giving a timeout, it uses ICMP echo request to find available hosts. If you don’t supply a timeout, it just prints an IP address per line, so you can use them in shell scripts.
Backtrack 4: Information Gathering: DNS: Dnsenum – Enumerate information on a domain and discover non-contiguous ip blocks
Dnsenum is a very robust script which was actually written by one of the Backtrack developers when Backtrack was still a Remote-Exploit Project. The author, Filip (barbsie) Waeytens is a Web Application penetration tester and has extensive experience on the topic of DNS and information gathering. Today we will look at some examples of using Dnsenum to passively gather information on a target.
This is one of the first articles in our Backtrack tutorial series. Alex and I will be be going through the entire distro of Backtrack 4 and writing a post on each tool. There is no one blog or web site which has a tutorial on each tool in backtrack so we are going to attempt to do that.