Find Ipv6 Addresses for Website or Server With Dnsdict6
In this tutorial I show you a method to gather information with the dnsdict6 tool that is very useful to enumerate the DNS, dnsdict6 is present by default in Kali Linux.
The dnsdict6 CLI tool is brute force DNS IPv6, even if it can be used with the IPv4 protocol, it is especially used for IPv6 in a domain address. It is somehow the first cousin of dnsmap but for IPv6. The most advanced use of dnsdict6 is list all addresses IPv4 and IPv6.
This tool is very powerful because it allows to extract a Web site or a Web server subdomains which are invisible for the users.
Dnsdict6 manual
This tool is in Kali Linux category > information retrieval > analysis DNS > Dnsdict6.
root@kali:~# dnsdict6 -h<
dnsdict6 [-d46] [-s|-m|-l|-x] [-t THREADS] [-D] domain [dictionary-file]dnsdict6 [-d46] [-s|-m|-l|-x] [-t THREADS] [-D] domain [dictionary-file]
-4 : trouver aussi les adresse IPv4
-t spécifier le nombre de threads à utiliser (default: 8, max: 32).
-D  affichera la liste de mots  inclus défaut  avec dnsdict6, pas de scan.
-d afficher les information IPv6 sur domain NS and MX
-[smlx] Choisir la taille du dictionnaire
-s(mall >= 50)
-m(edium >= 796)
-l(arge >= 1419) (DEFAULT)
-x(treme >= 3211)
Find the sub areas IPv6
The dnsdict6 program is made to enumerate IPv6 subdomains. Simply type the command dnsdict6 followed by the gmail.com domain for subdomains with their IPv6 address.
root@kali:~# dnsdict6 gmail.com
Starting DNS enumeration work on gmail.com. ...
Starting enumerating gmail.com. - creating 8 threads for 1419 words...
Estimated time to completion: 1 to 2 minutes
imap.gmail.com. => 2a00:1450:400c:c02::6c
m.gmail.com. => 2a00:1450:4007:80e::2005
pop.gmail.com. => 2a00:1450:400c:c00::6d
smtp.gmail.com. => 2a00:1450:400c:c00::6d
www.gmail.com. => 2a00:1450:4007:807::1015
Found 5 domain names and 4 unique ipv6 addresss for gmail.com.
Find the sub areas IPv6 and IPv4
The below command is very similar to the previous one, because it allows to find IPv4 addresses relate gmail.com with the default wide list subdomains. Note that in a true penetration test that you need to verify that all IP associated with this domain have the same security settings and OS patches / software.
root@kali:~# dnsdict6 -4 gmail.com
Starting DNS enumeration work on gmail.com. ...
Starting enumerating gmail.com. - creating 8 threads for 1419 words...
Estimated time to completion: 1 to 2 minutes
imap.gmail.com. => 74.125.206.108
imap.gmail.com. => 74.125.206.109
imap.gmail.com. => 2a00:1450:400c:c04::6c
m.gmail.com. => 173.194.45.53
m.gmail.com. => 173.194.45.54
m.gmail.com. => 2a00:1450:4007:807::1016
pop.gmail.com. => 74.125.140.109
pop.gmail.com. => 74.125.140.108
pop.gmail.com. => 2a00:1450:400c:c07::6c
smtp.gmail.com. => 74.125.71.109
smtp.gmail.com. => 74.125.71.108
smtp.gmail.com. => 2a00:1450:400c:c0a::6c
www.gmail.com. => 173.194.45.86
www.gmail.com. => 173.194.45.85
www.gmail.com. => 2a00:1450:4007:806::1016
Found 5 domain names, 10 unique ipv4 and 5 unique ipv6 addresses for gmail.com.
Find information of NS & MX IPv6 areas
The-d option allows to have information NS or MX or mail Exchange domain information.
root@kali:~# dnsdict6 -d gmail.com
Starting DNS enumeration work on gmail.com. ...
Gathering NS and MX information...
No IPv6 address for NS entries found in DNS for domain gmail.com.
MX of gmail.com. is alt4.gmail-smtp-in.l.google.com. => 2404:6800:4008:c01::1a
MX of gmail.com. is alt2.gmail-smtp-in.l.google.com. => 2404:6800:4003:c02::1a
MX of gmail.com. is gmail-smtp-in.l.google.com. => 2a00:1450:400c:c01::1a
MX of gmail.com. is alt3.gmail-smtp-in.l.google.com. => 2404:6800:4008:c07::1b
MX of gmail.com. is alt1.gmail-smtp-in.l.google.com. => 2a00:1450:4010:c01::1b
Starting enumerating gmail.com. - creating 8 threads for 1419 words...
Estimated time to completion: 1 to 2 minutes
imap.gmail.com. => 2a00:1450:400c:c02::6c
m.gmail.com. => 2a00:1450:4007:805::1016
pop.gmail.com. => 2a00:1450:400c:c02::6c
smtp.gmail.com. => 2a00:1450:400c:c02::6d
www.gmail.com. => 2a00:1450:4007:806::1016
Found 5 domain names and 4 unique ipv6 addresss for gmail.com.
Trouver les informations de domaines NS & MX IPv6 et IPv4
In the command below, we I combined the-d with the option-4 option for domain NS or MX information for both version 4 and version 6 of the IP protocol.
root@kali:~# dnsdict6 -d -4 gmail.com
Starting DNS enumeration work on gmail.com. ...
Gathering NS and MX information...
NS of gmail.com. is ns3.google.com. => 216.239.36.10
NS of gmail.com. is ns1.google.com. => 216.239.32.10
NS of gmail.com. is ns2.google.com. => 216.239.34.10
NS of gmail.com. is ns4.google.com. => 216.239.38.10
No IPv6 address for NS entries found in DNS for domain gmail.com.
MX of gmail.com. is gmail-smtp-in.l.google.com. => 74.125.71.26
MX of gmail.com. is gmail-smtp-in.l.google.com. => 2a00:1450:400c:c02::1b
MX of gmail.com. is alt3.gmail-smtp-in.l.google.com. => 64.233.187.26
MX of gmail.com. is alt3.gmail-smtp-in.l.google.com. => 2404:6800:4008:c07::1b
MX of gmail.com. is alt1.gmail-smtp-in.l.google.com. => 64.233.161.27
MX of gmail.com. is alt1.gmail-smtp-in.l.google.com. => 2a00:1450:4010:c06::1a
MX of gmail.com. is alt4.gmail-smtp-in.l.google.com. => 173.194.72.27
MX of gmail.com. is alt4.gmail-smtp-in.l.google.com. => 2404:6800:4008:c01::1a
MX of gmail.com. is alt2.gmail-smtp-in.l.google.com. => 74.125.68.27
MX of gmail.com. is alt2.gmail-smtp-in.l.google.com. => 2404:6800:4003:c02::1b
Starting enumerating gmail.com. - creating 8 threads for 1419 words...
Estimated time to completion: 1 to 2 minutes
imap.gmail.com. => 64.233.167.108
imap.gmail.com. => 64.233.167.109
imap.gmail.com. => 2a00:1450:400c:c0a::6c
m.gmail.com. => 216.58.211.69
m.gmail.com. => 2a00:1450:4007:807::1015
pop.gmail.com. => 173.194.78.108
pop.gmail.com. => 173.194.78.109
pop.gmail.com. => 2a00:1450:400c:c0a::6c
smtp.gmail.com. => 74.125.71.108
smtp.gmail.com. => 74.125.71.109
smtp.gmail.com. => 2a00:1450:400c:c05::6c
www.gmail.com. => 216.58.208.197
www.gmail.com. => 2a00:1450:4007:807::1015
Found 5 domain names, 8 unique ipv4 and 3 unique ipv6 addresses for gmail.com.
Post a Comment