Showing posts with label DNS. Show all posts
Showing posts with label DNS. Show all posts

Wednesday, 12 March 2014

[QuickSetDNS] Quickly change DNS servers of your Internet connection


QuickSetDNS is a simple tool that allows you to easily change the DNS servers that are used for your Internet connection. You can set the desired DNS servers from the user interface, by choosing from a list of DNS servers that you defined, or from command-line, without displaying any user interface.

System Requirements
This utility works on any version of Windows, starting from Windows 2000 and up to Windows 8. Both 32-bit and 64-bit systems are supported.

Versions History
  • Version 1.01:
    • Added 'Router DNS' item, which allows you to choose the internal DNS server of your router.
  • Version 1.00 - First release.

Start Using QuickSetDNS

QuickSetDNS doesn't require any installation process or additional dll files. In order to start using it, simply run the executable file - QuickSetDNS.exe


After running QuickSetDNS, the main window allows you to easily choose the desired DNS servers to use on your Internet connection, by using the 'Set Active DNS' option (F2). By default, QuickSetDNS provides only one alternative: the public DNS servers of Google - 8.8.8.8 and 8.8.4.4 

You can easily add more DNS servers to the list by using the 'New DNS Server' option (Ctrl+N).


If the 'Automatic DNS' option is selected, then the DNS server information is received from your router automatically, using DHCP.

If you have multiple network adapters, you may need to choose the correct network adapter from the combo-box located just below the toolbar of QuickSetDNS. 


Posted by at No comments:
Labels: , , , ,

Tuesday, 25 February 2014

[DomainHostingView] Show domain hosting information


DomainHostingView is a utility for Windows that collects extensive information about a domain by using a series of DNS and WHOIS queries, and generates HTML report that can be displayed in any Web browser. 

The information displayed by the report of DomainHostingView includes: the hosting company or data center that hosts the Web server, mail server, and domain name server (DNS) of the specified domain, the created/changed/expire date of the domain, domain owner, domain registrar that registered the domain, list of all DNS records, and more...

System Requirements And Limitations

  • This utility works on any version of Windows, starting from Windows XP and up to Windows 7/2008, including x64 versions of Windows. This utility also works on Windows 2000, but without the IDN support.
  • Firewall/router requirements: You should allow DomainHostingView to connect the following outgoing TCP/UDP ports: 43 (WHOIS), 53 (DNS), 80 (HTTP), and 25 (SMTP).
  • The report created by DomainHostingView is based on the information provided by public WHOIS servers. If WHOIS server is temporary down, some information won't be displayed in the report. Also, some WHOIS servers may block your IP address if you use DomainHostingView to get reports about many domains in short perion of time.

DomainHostingView Features

  • DomainHostingView is a Unicode application and this it can display properly WHOIS records containing non-English characters.
  • DomainHostingView supports Internationalized domain names (IDN). When you type a domain with non-English characters, DomainHostingView automatically converts it into a format that can be used in the WHOIS and DNS servers.
  • DomainHostingView parses the text returned by the WHOIS servers, extracts the important data, and displays it in easy-to-read summary.
  • DomainHostingView also displays the raw text returned by the WHOIS servers, with a small enhancement - every http link is displayed as clickable link that opens the Web page in a new window. 

Posted by at No comments:
Labels: , , , , ,

Tuesday, 14 January 2014

[DNSRecon v0.8.6] DNS Enumeration Script

Just updated DNSRecon to check if it can pull the Bind Version by doing a query for the TXT Record version.bind and it will now check if the RA Flag is set in responses from each of the NS servers it detects. If the server has recursion enabled it could be used for DDoS attacks and for performing Cache Snooping.

Example of a run where it is able to pull the Bind Version:
infidel02:dnsrecon carlos$ ./dnsrecon.py -d zonetransfer.me -x zt.xml
[*] Performing General Enumeration of Domain: zonetransfer.me
[-] DNSSEC is not configured for zonetransfer.me
[*]SOA ns16.zoneedit.com 69.64.68.41
[*]NS ns12.zoneedit.com 209.62.64.46
[*]Bind Version for 209.62.64.46 8.4.X
[*]NS ns16.zoneedit.com 69.64.68.41
[*]Bind Version for 69.64.68.41 8.4.X
[*]MX ASPMX2.GOOGLEMAIL.COM 173.194.75.27
[*]MX ASPMX3.GOOGLEMAIL.COM 173.194.66.27
[*]MX ASPMX4.GOOGLEMAIL.COM 173.194.65.26
[*]MX ASPMX5.GOOGLEMAIL.COM 173.194.70.26
[*]MX ASPMX.L.GOOGLE.COM 74.125.140.27
[*]MX ALT1.ASPMX.L.GOOGLE.COM 173.194.75.26
[*]MX ALT2.ASPMX.L.GOOGLE.COM 173.194.66.27
[*]MX ASPMX2.GOOGLEMAIL.COM 2607:f8b0:400c:c03::1a
[*]MX ASPMX3.GOOGLEMAIL.COM 2a00:1450:400c:c03::1b
[*]MX ASPMX4.GOOGLEMAIL.COM 2a00:1450:4013:c01::1b
[*]MX ASPMX5.GOOGLEMAIL.COM 2a00:1450:4001:c02::1a
[*]MX ASPMX.L.GOOGLE.COM 2607:f8b0:4002:c01::1a
[*]MX ALT1.ASPMX.L.GOOGLE.COM 2607:f8b0:400c:c01::1b
[*]MX ALT2.ASPMX.L.GOOGLE.COM 2a00:1450:400c:c03::1a
[*]A zonetransfer.me 217.147.180.162
[*]TXT zonetransfer.me Remember to call or email Pippa on +44 123 4567890 or pippa@zonetransfer.me when making DNS changes
[*]TXT zonetransfer.me google-site-verification=tyP28J7JAUHA9fw2sHXMgcCC0I6XBmmoVi04VlMewxA
[*] Enumerating SRV Records
[*]SRV _sip._tcp.zonetransfer.me www.zonetransfer.me 217.147.180.162 5060 0
[*] 1 Records Found
[*] Saving records to XML file: zt.xml

The information on version and recursion are also saved in the XML as you can see:

infidel02:dnsrecon carlos$ cat zt.xml

<?xml version="1.0" ?> <records> <record address="69.64.68.41" mname="ns16.zoneedit.com" type="SOA"/> <record Recursive="False" Version="8.4.X" address="209.62.64.46" target="ns12.zoneedit.com" type="NS"/> <record Recursive="False" Version="8.4.X" address="69.64.68.41" target="ns16.zoneedit.com" type="NS"/> <record address="173.194.75.27" exchange="ASPMX2.GOOGLEMAIL.COM" type="MX"/> <record address="173.194.66.27" exchange="ASPMX3.GOOGLEMAIL.COM" type="MX"/> <record address="173.194.65.26" exchange="ASPMX4.GOOGLEMAIL.COM" type="MX"/> <record address="173.194.70.26" exchange="ASPMX5.GOOGLEMAIL.COM" type="MX"/> <record address="74.125.140.27" exchange="ASPMX.L.GOOGLE.COM" type="MX"/> <record address="173.194.75.26" exchange="ALT1.ASPMX.L.GOOGLE.COM" type="MX"/> <record address="173.194.66.27" exchange="ALT2.ASPMX.L.GOOGLE.COM" type="MX"/> <record address="2607:f8b0:400c:c03::1a" exchange="ASPMX2.GOOGLEMAIL.COM" type="MX"/> <record address="2a00:1450:400c:c03::1b" exchange="ASPMX3.GOOGLEMAIL.COM" type="MX"/> <record address="2a00:1450:4013:c01::1b" exchange="ASPMX4.GOOGLEMAIL.COM" type="MX"/> <record address="2a00:1450:4001:c02::1a" exchange="ASPMX5.GOOGLEMAIL.COM" type="MX"/> <record address="2607:f8b0:4002:c01::1a" exchange="ASPMX.L.GOOGLE.COM" type="MX"/> <record address="2607:f8b0:400c:c01::1b" exchange="ALT1.ASPMX.L.GOOGLE.COM" type="MX"/> <record address="2a00:1450:400c:c03::1a" exchange="ALT2.ASPMX.L.GOOGLE.COM" type="MX"/> <record address="217.147.180.162" name="zonetransfer.me" type="A"/> <record name="zonetransfer.me" strings="Remember to call or email Pippa on +44 123 4567890 or pippa@zonetransfer.me when making DNS changes" type="TXT"/> <record name="zonetransfer.me" strings="google-site-verification=tyP28J7JAUHA9fw2sHXMgcCC0I6XBmmoVi04VlMewxA" type="TXT"/> <record address="217.147.180.162" name="_sip._tcp.zonetransfer.me" port="5060" target="www.zonetransfer.me" type="SRV"/> <scaninfo arguments="./dnsrecon.py -d zonetransfer.me -x zt.xml" time="2013-05-29 11:36:06.550073"/> <domain domain_name="zonetransfer.me"/> </records>

Here is an example where recursion is enabled, you will see that the message is shown differently since this information is crucial during an engagement:

infidel02:dnsrecon carlos$ ./dnsrecon.py -d acmelab.com -n 192.168.1.80
[*] Performing General Enumeration of Domain: acmelab.com
[*] DNSSEC is configured for acmelab.com
[*] DNSKEYs:
[*] NSEC KSk RSASHA256 ...
[*] NSEC ZSK RSASHA256 ...
[*] NSEC ZSK RSASHA256 ...
[*] NSEC KSk RSASHA256 ...
[*]SOA labns1.acmelab.com 192.168.1.80
[*]NS labns1.acmelab.com 192.168.1.80
[-]Recursion enabled on NS Server 192.168.1.80
[*]MX mail1.acmelab.com 192.168.1.4
[*]A acmelab.com 192.168.1.2
[*]TXT acmelab.com v=spf1 192.168.1.0/24
[*]TXT _domainkey.acmelab.com o=~; r=postmaster@acmelab.com
[*] Enumerating SRV Records
[*]SRV _finger._tcp.acmelab.com web1.acmelab.com 192.168.1.2 79 0
[*]SRV _http._tcp.acmelab.com web2.acmelab.com 192.168.1.3 80 0
[*]SRV _http._tcp.acmelab.com web1.acmelab.com 192.168.1.2 80 0
[*]SRV _sip._tls.acmelab.com chat.acmelab.com 192.168.1.5 443 0
[*]SRV _sipinternaltls._tcp.acmelab.com chat.acmelab.com 192.168.1.5 5061 0
[*]SRV _https._tcp.acmelab.com web1.acmelab.com 192.168.1.2 443 0
[*]SRV _https._tcp.acmelab.com web2.acmelab.com 192.168.1.3 443 0
[*] 7 Records Found

Posted by at No comments:
Labels: , , , , , , , ,

Sunday, 7 April 2013

[Evil Foca (Alpha Version)] Herramienta para probar la seguridad en redes de datos IPv4 / IPv6


Evil Foca (Alpha Version) es una herramienta para pentester y auditores de seguridad que tiene como fin poner a prueba la seguridad en redes de datos IPv4 / IPv6.
La herramienta es capaz de realizar distintos ataques como:

  • MITM sobre redes IPv4 con ARP Spoofing y DHCP ACK Injection.
  • MITM sobre redes IPv6 con Neighbor Advertisement Spoofing, Ataque SLAAC, fake DHCPv6.
  • DoS (Denegación de Servicio) sobre redes IPv4 con ARP Spoofing.
  • DoS (Denegación de Servicio) sobre redes IPv6 con SLAAC DoS.
  • DNS Hijacking.

Automáticamente se encarga de escanear la red e identificar todos los dispositivos y sus respectivas interfaces de red, especificando sus direcciones IPv4 e IPv6 y las direcciones físicas.

Evil Foca está dividida en 4 paneles, a la izquierda el panel encargado de mostrar los equipos encontrados en la red, donde se podrá agregarlos a mano, y filtrar los resultados obtenidos.

El segundo panel, dispuesto en el centro con todos los posibles ataques a realizar con la herramienta, y a su derecha una breve descripción de cada uno de ellos.

Colocado bajo el panel anterior, se muestran los ataques que se están realizando, su configuración y su estado, permitiendo activarlo o desactivarlo.

Por último, el panel inferior donde se imprime un log de los eventos de la Evil Foca.


Posted by at No comments:
Labels: , , , , ,
Subscribe to: Comments (Atom)