DNS Enumeration on Cygwin

As part of pentesting your site, or that of a client, you will need to find all as much detail out about a domain and it’s IP ranges as possible, or at least demonstrate what can be found via automated tools. Typically this is done through dig, or a bruteforcing tool like dnsenum or fierce.pl. Dig is installed with the bind-utils cygwin package, and it straightforward to use (type ‘dig any domainname.com’, or look at man dig to get started).

DNSenum gives you the ability to brute force domain names using a custom text file. dnsenum is written in perl, and requires several libraries to be installed first. From cygwin you’ll need to have perl and several other modules – I’ve installed perl, perl-ExUtils-LibBuilder, perl-IO-Socket-IP, perl-IO-Socket-SSL, perl-Archive-Zip, perl-List-AllUtils, perl-List-MoreUtils.

Now that this is done, dnsenum should run. You can brute force a domain name with the following command:

Fierce.pl doesn’t look like it’s seen an update in a while, but it is included here for completeness

Then execute with the following command, or see for more options

Happy enumerating!