search

fwaeytens / dnsenum

dnsenum is a perl script that enumerates DNS information
608 stars 132 forks source link

dnsenum.pl line 843 #6

Open zmajevi opened 8 years ago

zmajevi commented 8 years ago

Whenever i start a scan it always fails at Trying Zone Transfers and getting Bind Versions and gives this message:

Trying Zone Transfers and getting Bind Versions:

ERROR: tcp recv failed: improperly terminated AXFR at /home/d4nte/dnsenum/dnsenum.pl line 843.

eapolsniper commented 8 years ago

same issue. latest pull.

fwaeytens commented 8 years ago

Sorry dude,

works fine for me:

fw@focpen1 ~/Tools $ rm -rf dnsenum/ fw@focpen1 ~/Tools $ git clone https://github.com/fwaeytens/dnsenum.git Cloning into 'dnsenum'... remote: Counting objects: 46, done. remote: Total 46 (delta 0), reused 0 (delta 0), pack-reused 46 Unpacking objects: 100% (46/46), done. Checking connectivity... done. fw@focpen1 ~/Tools $ cd dnsenum/ fw@focpen1 ~/Tools/dnsenum $ perl dnsenum.pl -f dns.txt zonetransfer.me Smartmatch is experimental at dnsenum.pl line 698. Smartmatch is experimental at dnsenum.pl line 698. dnsenum.pl VERSION:1.2.4

----- zonetransfer.me -----

Host's addresses:

zonetransfer.me. 7002 IN A 217.147.177.157

Name Servers:

nsztm1.digi.ninja. 10799 IN A 81.4.108.41 nsztm2.digi.ninja. 10602 IN A 167.88.42.94

Mail (MX) Servers:

ALT1.ASPMX.L.GOOGLE.COM. 28 IN A 74.125.68.27 ASPMX2.GOOGLEMAIL.COM. 292 IN A 74.125.68.27 ALT2.ASPMX.L.GOOGLE.COM. 292 IN A 64.233.189.27 ASPMX4.GOOGLEMAIL.COM. 94 IN A 173.194.72.27 ASPMX.L.GOOGLE.COM. 292 IN A 74.125.136.27 ASPMX5.GOOGLEMAIL.COM. 292 IN A 74.125.25.27 ASPMX3.GOOGLEMAIL.COM. 28 IN A 64.233.189.27

Trying Zone Transfers and getting Bind Versions:

Trying Zone Transfer for zonetransfer.me on nsztm1.digi.ninja ... zonetransfer.me. 7200 IN SOA nsztm1.digi.ninja. zonetransfer.me. 7200 IN RRSIG # zonetransfer.me. 7200 IN NS nsztm1.digi.ninja. zonetransfer.me. 7200 IN NS nsztm2.digi.ninja. zonetransfer.me. 7200 IN RRSIG # zonetransfer.me. 7200 IN A 217.147.177.157 zonetransfer.me. 7200 IN RRSIG # zonetransfer.me. 300 IN HINFO "Casio zonetransfer.me. 300 IN RRSIG # zonetransfer.me. 7200 IN MX 0 zonetransfer.me. 7200 IN MX 10 zonetransfer.me. 7200 IN MX 10 zonetransfer.me. 7200 IN MX 20 zonetransfer.me. 7200 IN MX 20 zonetransfer.me. 7200 IN MX 20 zonetransfer.me. 7200 IN MX 20 zonetransfer.me. 7200 IN RRSIG # zonetransfer.me. 301 IN TXT "google-site-verification=tyP28J7JAUHA9fw2sHXMgcCC0I6XBmmoVi04VlMewxA" zonetransfer.me. 301 IN RRSIG # zonetransfer.me. 3600 IN NSEC # zonetransfer.me. 3600 IN RRSIG # zonetransfer.me. 300 IN DNSKEY # zonetransfer.me. 300 IN DNSKEY # zonetransfer.me. 300 IN DNSKEY # zonetransfer.me. 300 IN RRSIG # zonetransfer.me. 300 IN RRSIG # _sip._tcp.zonetransfer.me. 14000 IN SRV 0 _sip._tcp.zonetransfer.me. 14000 IN RRSIG # _sip._tcp.zonetransfer.me. 3600 IN NSEC # _sip._tcp.zonetransfer.me. 3600 IN RRSIG # 157.177.147.217.IN-ADDR.ARPA.zonetransfer.me. 7200 IN PTR www.zonetransfer.me. 157.177.147.217.IN-ADDR.ARPA.zonetransfer.me. 7200 IN RRSIG # 157.177.147.217.IN-ADDR.ARPA.zonetransfer.me. 3600 IN NSEC # 157.177.147.217.IN-ADDR.ARPA.zonetransfer.me. 3600 IN RRSIG # asfdbauthdns.zonetransfer.me. 7900 IN AFSDB 1 asfdbauthdns.zonetransfer.me. 7900 IN RRSIG # asfdbauthdns.zonetransfer.me. 3600 IN NSEC # asfdbauthdns.zonetransfer.me. 3600 IN RRSIG # asfdbbox.zonetransfer.me. 7200 IN A 127.0.0.1 asfdbbox.zonetransfer.me. 7200 IN RRSIG # asfdbbox.zonetransfer.me. 3600 IN NSEC # asfdbbox.zonetransfer.me. 3600 IN RRSIG # asfdbvolume.zonetransfer.me. 7800 IN AFSDB 1 asfdbvolume.zonetransfer.me. 7800 IN RRSIG # asfdbvolume.zonetransfer.me. 3600 IN NSEC # asfdbvolume.zonetransfer.me. 3600 IN RRSIG # canberra-office.zonetransfer.me. 7200 IN A 202.14.81.230 canberra-office.zonetransfer.me. 7200 IN RRSIG # canberra-office.zonetransfer.me. 3600 IN NSEC # canberra-office.zonetransfer.me. 3600 IN RRSIG # cmdexec.zonetransfer.me. 300 IN TXT "\; cmdexec.zonetransfer.me. 300 IN RRSIG # cmdexec.zonetransfer.me. 3600 IN NSEC # cmdexec.zonetransfer.me. 3600 IN RRSIG # contact.zonetransfer.me. 2592000 IN TXT "Remember contact.zonetransfer.me. 2592000 IN RRSIG # contact.zonetransfer.me. 3600 IN NSEC # contact.zonetransfer.me. 3600 IN RRSIG # dc-office.zonetransfer.me. 7200 IN A 143.228.181.132 dc-office.zonetransfer.me. 7200 IN RRSIG # dc-office.zonetransfer.me. 3600 IN NSEC # dc-office.zonetransfer.me. 3600 IN RRSIG # deadbeef.zonetransfer.me. 7201 IN AAAA dead:beaf:0:0:0:0:0:0 deadbeef.zonetransfer.me. 7201 IN RRSIG # deadbeef.zonetransfer.me. 3600 IN NSEC # deadbeef.zonetransfer.me. 3600 IN RRSIG # dr.zonetransfer.me. 300 IN LOC 53 dr.zonetransfer.me. 300 IN RRSIG # dr.zonetransfer.me. 3600 IN NSEC # dr.zonetransfer.me. 3600 IN RRSIG # DZC.zonetransfer.me. 7200 IN TXT "AbCdEfG" DZC.zonetransfer.me. 7200 IN RRSIG # DZC.zonetransfer.me. 3600 IN NSEC # DZC.zonetransfer.me. 3600 IN RRSIG # email.zonetransfer.me. 7200 IN A 74.125.206.26 email.zonetransfer.me. 7200 IN RRSIG # email.zonetransfer.me. 2222 IN NAPTR 1 email.zonetransfer.me. 2222 IN RRSIG # email.zonetransfer.me. 3600 IN NSEC # email.zonetransfer.me. 3600 IN RRSIG # Info.zonetransfer.me. 7200 IN TXT "ZoneTransfer.me Info.zonetransfer.me. 7200 IN RRSIG # Info.zonetransfer.me. 3600 IN NSEC # Info.zonetransfer.me. 3600 IN RRSIG # internal.zonetransfer.me. 300 IN NS intns1.zonetransfer.me. internal.zonetransfer.me. 300 IN NS intns2.zonetransfer.me. internal.zonetransfer.me. 3600 IN NSEC # internal.zonetransfer.me. 3600 IN RRSIG # intns1.zonetransfer.me. 300 IN A 167.88.42.94 intns1.zonetransfer.me. 300 IN RRSIG # intns1.zonetransfer.me. 3600 IN NSEC # intns1.zonetransfer.me. 3600 IN RRSIG # intns2.zonetransfer.me. 300 IN A 167.88.42.94 intns2.zonetransfer.me. 300 IN RRSIG # intns2.zonetransfer.me. 3600 IN NSEC # intns2.zonetransfer.me. 3600 IN RRSIG # office.zonetransfer.me. 7200 IN A 4.23.39.254 office.zonetransfer.me. 7200 IN RRSIG # office.zonetransfer.me. 3600 IN NSEC # office.zonetransfer.me. 3600 IN RRSIG # ipv6actnow.org.zonetransfer.me. 7200 IN AAAA 2001:67c:2e8:11:0:0:c100:1332 ipv6actnow.org.zonetransfer.me. 7200 IN RRSIG # ipv6actnow.org.zonetransfer.me. 3600 IN NSEC # ipv6actnow.org.zonetransfer.me. 3600 IN RRSIG # owa.zonetransfer.me. 7200 IN A 207.46.197.32 owa.zonetransfer.me. 7200 IN RRSIG # owa.zonetransfer.me. 3600 IN NSEC # owa.zonetransfer.me. 3600 IN RRSIG # robinwood.zonetransfer.me. 302 IN TXT "Robin robinwood.zonetransfer.me. 302 IN RRSIG # robinwood.zonetransfer.me. 3600 IN NSEC # robinwood.zonetransfer.me. 3600 IN RRSIG # rp.zonetransfer.me. 321 IN RP robin.zonetransfer.me. rp.zonetransfer.me. 321 IN RRSIG # rp.zonetransfer.me. 3600 IN NSEC # rp.zonetransfer.me. 3600 IN RRSIG # sip.zonetransfer.me. 3333 IN NAPTR 2 sip.zonetransfer.me. 3333 IN RRSIG # sip.zonetransfer.me. 3600 IN NSEC # sip.zonetransfer.me. 3600 IN RRSIG # sqli.zonetransfer.me. 300 IN TXT "' sqli.zonetransfer.me. 300 IN RRSIG # sqli.zonetransfer.me. 3600 IN NSEC # sqli.zonetransfer.me. 3600 IN RRSIG # sshock.zonetransfer.me. 7200 IN TXT "() sshock.zonetransfer.me. 7200 IN RRSIG # sshock.zonetransfer.me. 3600 IN NSEC # sshock.zonetransfer.me. 3600 IN RRSIG # staging.zonetransfer.me. 7200 IN CNAME www.sydneyoperahouse.com. staging.zonetransfer.me. 7200 IN RRSIG # staging.zonetransfer.me. 3600 IN NSEC # staging.zonetransfer.me. 3600 IN RRSIG # alltcpportsopen.firewall.test.zonetransfer.me. 301 IN A 127.0.0.1 alltcpportsopen.firewall.test.zonetransfer.me. 301 IN RRSIG # alltcpportsopen.firewall.test.zonetransfer.me. 3600 IN NSEC # alltcpportsopen.firewall.test.zonetransfer.me. 3600 IN RRSIG # testing.zonetransfer.me. 301 IN CNAME www.zonetransfer.me. testing.zonetransfer.me. 301 IN RRSIG # testing.zonetransfer.me. 3600 IN NSEC # testing.zonetransfer.me. 3600 IN RRSIG # vpn.zonetransfer.me. 4000 IN A 174.36.59.154 vpn.zonetransfer.me. 4000 IN RRSIG # vpn.zonetransfer.me. 3600 IN NSEC # vpn.zonetransfer.me. 3600 IN RRSIG # www.zonetransfer.me. 7200 IN A 217.147.177.157 www.zonetransfer.me. 7200 IN RRSIG # www.zonetransfer.me. 3600 IN NSEC # www.zonetransfer.me. 3600 IN RRSIG # xss.zonetransfer.me. 300 IN TXT "'>" xss.zonetransfer.me. 300 IN RRSIG # xss.zonetransfer.me. 3600 IN NSEC # xss.zonetransfer.me. 3600 IN RRSIG #

Trying Zone Transfer for zonetransfer.me on nsztm2.digi.ninja ... zonetransfer.me. 7200 IN SOA nsztm1.digi.ninja. zonetransfer.me. 300 IN HINFO "Casio zonetransfer.me. 301 IN TXT "google-site-verification=tyP28J7JAUHA9fw2sHXMgcCC0I6XBmmoVi04VlMewxA" zonetransfer.me. 7200 IN MX 0 zonetransfer.me. 7200 IN MX 10 zonetransfer.me. 7200 IN MX 10 zonetransfer.me. 7200 IN MX 20 zonetransfer.me. 7200 IN MX 20 zonetransfer.me. 7200 IN MX 20 zonetransfer.me. 7200 IN MX 20 zonetransfer.me. 7200 IN A 217.147.177.157 zonetransfer.me. 7200 IN NS nsztm1.digi.ninja. zonetransfer.me. 7200 IN NS nsztm2.digi.ninja. _sip._tcp.zonetransfer.me. 14000 IN SRV 0 157.177.147.217.IN-ADDR.ARPA.zonetransfer.me. 7200 IN PTR www.zonetransfer.me. asfdbauthdns.zonetransfer.me. 7900 IN AFSDB 1 asfdbbox.zonetransfer.me. 7200 IN A 127.0.0.1 asfdbvolume.zonetransfer.me. 7800 IN AFSDB 1 canberra-office.zonetransfer.me. 7200 IN A 202.14.81.230 cmdexec.zonetransfer.me. 300 IN TXT "\; contact.zonetransfer.me. 2592000 IN TXT "Remember dc-office.zonetransfer.me. 7200 IN A 143.228.181.132 deadbeef.zonetransfer.me. 7201 IN AAAA dead:beaf:0:0:0:0:0:0 dr.zonetransfer.me. 300 IN LOC 53 DZC.zonetransfer.me. 7200 IN TXT "AbCdEfG" email.zonetransfer.me. 2222 IN NAPTR 1 email.zonetransfer.me. 7200 IN A 74.125.206.26 Info.zonetransfer.me. 7200 IN TXT "ZoneTransfer.me internal.zonetransfer.me. 300 IN NS intns1.zonetransfer.me. internal.zonetransfer.me. 300 IN NS intns2.zonetransfer.me. intns1.zonetransfer.me. 300 IN A 167.88.42.94 intns2.zonetransfer.me. 300 IN A 167.88.42.94 office.zonetransfer.me. 7200 IN A 4.23.39.254 ipv6actnow.org.zonetransfer.me. 7200 IN AAAA 2001:67c:2e8:11:0:0:c100:1332 owa.zonetransfer.me. 7200 IN A 207.46.197.32 robinwood.zonetransfer.me. 302 IN TXT "Robin rp.zonetransfer.me. 321 IN RP robin.zonetransfer.me. sip.zonetransfer.me. 3333 IN NAPTR 2 sqli.zonetransfer.me. 300 IN TXT "' sshock.zonetransfer.me. 7200 IN TXT "() staging.zonetransfer.me. 7200 IN CNAME www.sydneyoperahouse.com. alltcpportsopen.firewall.test.zonetransfer.me. 301 IN A 127.0.0.1 testing.zonetransfer.me. 301 IN CNAME www.zonetransfer.me. vpn.zonetransfer.me. 4000 IN A 174.36.59.154 www.zonetransfer.me. 7200 IN A 217.147.177.157 xss.zonetransfer.me. 300 IN TXT "'>"

Brute forcing with dns.txt:

^C

On Fri, Apr 22, 2016 at 1:28 AM, eapolsniper notifications@github.com wrote:

same issue. latest pull.

— You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub https://github.com/fwaeytens/dnsenum/issues/6#issuecomment-213158039

vddCore commented 8 years ago

Try it against 'gorlice.pl' or 'krakow.pl' or 'waw.pl' for example. The error will occur there.

fwaeytens commented 8 years ago

The error doesn't occur for me. Try reinstalling dnsenum from GIT and reinstall the dependencies

fw@focpen1 ~/Tools/dnsenum $ perl dnsenum.pl -f dns.txt gorlice.pl Smartmatch is experimental at dnsenum.pl line 698. Smartmatch is experimental at dnsenum.pl line 698. dnsenum.pl VERSION:1.2.4

----- gorlice.pl -----

Host's addresses:

Name Servers:

e-dns.pl. 19755 IN A 46.28.245.82 a-dns.pl. 1572 IN A 194.181.87.156 f-dns.pl. 4176 IN A 77.79.212.238 i-dns.pl. 682 IN A 156.154.100.15

Mail (MX) Servers:

Trying Zone Transfers and getting Bind Versions:

Trying Zone Transfer for gorlice.pl on e-dns.pl ... AXFR record query failed: Response code from server: REFUSED

Trying Zone Transfer for gorlice.pl on a-dns.pl ... AXFR record query failed: Response code from server: REFUSED

Trying Zone Transfer for gorlice.pl on f-dns.pl ... AXFR record query failed: Response code from server: REFUSED

Trying Zone Transfer for gorlice.pl on i-dns.pl ... AXFR record query failed: Response code from server: REFUSED

Brute forcing with dns.txt:

it.gorlice.pl. 3599 IN A 85.128.229.250 mail.gorlice.pl. 3599 IN A 79.96.56.1 ....

On Sat, Apr 23, 2016 at 3:17 PM, Tomasz Cichoń notifications@github.com wrote:

Try it against 'gorlice.pl' for example. The error will occur there.

— You are receiving this because you commented. Reply to this email directly or view it on GitHub https://github.com/fwaeytens/dnsenum/issues/6#issuecomment-213741568

guikcd commented 8 years ago

The problem occurs with "recent" Net::DNS version 1.05 : 

$ perl -e 'use Net::DNS; print Net::DNS->version, "\n";'
1.05
$ perl -e 'use Net::DNS; my $res = Net::DNS::Resolver->new(udp_timeout => 2, tcp_timeout => 2); my @zone = $res->axfr("github.com");'
improperly terminated AXFR at -e line 1.
$

But not with "old" version : 

$ perl -e 'use Net::DNS; print Net::DNS->version, "\n";'
0.68
$ perl -e 'use Net::DNS; my $res = Net::DNS::Resolver->new(udp_timeout => 2, tcp_timeout => 2); my @zone = $res->axfr("github.com");'
$

This is apparently fixed in 1.06 : https://rt.cpan.org/Public/Bug/Display.html?id=112860.

fwaeytens commented 8 years ago

Ok, thanks for the heads-up

On Tue, May 17, 2016 at 10:59 PM, Guillaume Delacour < notifications@github.com> wrote:

The problem occurs with "recent" Net::DNS version 1.05 :

$ perl -e 'use Net::DNS; print Net::DNS->version, "\n";' 1.05 $ perl -e 'use Net::DNS; my $res = Net::DNS::Resolver->new(udp_timeout => 2, tcp_timeout => 2); my @zone = $res->axfr("github.com");' improperly terminated AXFR at -e line 1. $

But not with "old" version :

$ perl -e 'use Net::DNS; print Net::DNS->version, "\n";' 0.68 $ perl -e 'use Net::DNS; my $res = Net::DNS::Resolver->new(udp_timeout => 2, tcp_timeout => 2); my @zone = $res->axfr("github.com");' $

This is apparently fixed in 1.06 : https://rt.cpan.org/Public/Bug/Display.html?id=112860.

— You are receiving this because you commented. Reply to this email directly or view it on GitHub https://github.com/fwaeytens/dnsenum/issues/6#issuecomment-219852173

yourtechnetguy commented 8 years ago

faced the same issue, not only with dnsenum, but with other tools too. I had to install perl module "Net::DNS" for all the DNS enumerators to work successfully.

Hope that helps, if the problem remains of course.