dnsenum icon indicating copy to clipboard operation
dnsenum copied to clipboard

Published 20 hours ago verified publisher icon fwaeytens

dnsenum.pl line 843

Open zmajevi opened this issue 9 years ago • 7 comments

Whenever i start a scan it always fails at Trying Zone Transfers and getting Bind Versions and gives this message:

Trying Zone Transfers and getting Bind Versions:

ERROR: tcp recv failed: improperly terminated AXFR at /home/d4nte/dnsenum/dnsenum.pl line 843.

zmajevi avatar Jan 12 '16 18:01 zmajevi

same issue. latest pull.

eapolsniper avatar Apr 21 '16 23:04 eapolsniper

Sorry dude,

works fine for me:

fw@focpen1 ~/Tools $ rm -rf dnsenum/ fw@focpen1 ~/Tools $ git clone https://github.com/fwaeytens/dnsenum.git Cloning into 'dnsenum'... remote: Counting objects: 46, done. remote: Total 46 (delta 0), reused 0 (delta 0), pack-reused 46 Unpacking objects: 100% (46/46), done. Checking connectivity... done. fw@focpen1 ~/Tools $ cd dnsenum/ fw@focpen1 ~/Tools/dnsenum $ perl dnsenum.pl -f dns.txt zonetransfer.me Smartmatch is experimental at dnsenum.pl line 698. Smartmatch is experimental at dnsenum.pl line 698. dnsenum.pl VERSION:1.2.4

----- zonetransfer.me -----

Host's addresses:

zonetransfer.me. 7002 IN A 217.147.177.157

Name Servers:

nsztm1.digi.ninja. 10799 IN A 81.4.108.41 nsztm2.digi.ninja. 10602 IN A 167.88.42.94

Mail (MX) Servers:

ALT1.ASPMX.L.GOOGLE.COM. 28 IN A 74.125.68.27 ASPMX2.GOOGLEMAIL.COM. 292 IN A 74.125.68.27 ALT2.ASPMX.L.GOOGLE.COM. 292 IN A 64.233.189.27 ASPMX4.GOOGLEMAIL.COM. 94 IN A 173.194.72.27 ASPMX.L.GOOGLE.COM. 292 IN A 74.125.136.27 ASPMX5.GOOGLEMAIL.COM. 292 IN A 74.125.25.27 ASPMX3.GOOGLEMAIL.COM. 28 IN A 64.233.189.27

Trying Zone Transfers and getting Bind Versions:

Trying Zone Transfer for zonetransfer.me on nsztm1.digi.ninja ... zonetransfer.me. 7200 IN SOA nsztm1.digi.ninja. zonetransfer.me. 7200 IN RRSIG # zonetransfer.me. 7200 IN NS nsztm1.digi.ninja. zonetransfer.me. 7200 IN NS nsztm2.digi.ninja. zonetransfer.me. 7200 IN RRSIG # zonetransfer.me. 7200 IN A 217.147.177.157 zonetransfer.me. 7200 IN RRSIG # zonetransfer.me. 300 IN HINFO "Casio zonetransfer.me. 300 IN RRSIG # zonetransfer.me. 7200 IN MX 0 zonetransfer.me. 7200 IN MX 10 zonetransfer.me. 7200 IN MX 10 zonetransfer.me. 7200 IN MX 20 zonetransfer.me. 7200 IN MX 20 zonetransfer.me. 7200 IN MX 20 zonetransfer.me. 7200 IN MX 20 zonetransfer.me. 7200 IN RRSIG # zonetransfer.me. 301 IN TXT "google-site-verification=tyP28J7JAUHA9fw2sHXMgcCC0I6XBmmoVi04VlMewxA" zonetransfer.me. 301 IN RRSIG # zonetransfer.me. 3600 IN NSEC # zonetransfer.me. 3600 IN RRSIG # zonetransfer.me. 300 IN DNSKEY # zonetransfer.me. 300 IN DNSKEY # zonetransfer.me. 300 IN DNSKEY # zonetransfer.me. 300 IN RRSIG # zonetransfer.me. 300 IN RRSIG # _sip._tcp.zonetransfer.me. 14000 IN SRV 0 _sip._tcp.zonetransfer.me. 14000 IN RRSIG # _sip._tcp.zonetransfer.me. 3600 IN NSEC # _sip._tcp.zonetransfer.me. 3600 IN RRSIG # 157.177.147.217.IN-ADDR.ARPA.zonetransfer.me. 7200 IN PTR www.zonetransfer.me. 157.177.147.217.IN-ADDR.ARPA.zonetransfer.me. 7200 IN RRSIG

157.177.147.217.IN-ADDR.ARPA.zonetransfer.me. 3600 IN NSEC

157.177.147.217.IN-ADDR.ARPA.zonetransfer.me. 3600 IN RRSIG

asfdbauthdns.zonetransfer.me. 7900 IN AFSDB 1 asfdbauthdns.zonetransfer.me. 7900 IN RRSIG # asfdbauthdns.zonetransfer.me. 3600 IN NSEC # asfdbauthdns.zonetransfer.me. 3600 IN RRSIG # asfdbbox.zonetransfer.me. 7200 IN A 127.0.0.1 asfdbbox.zonetransfer.me. 7200 IN RRSIG # asfdbbox.zonetransfer.me. 3600 IN NSEC # asfdbbox.zonetransfer.me. 3600 IN RRSIG # asfdbvolume.zonetransfer.me. 7800 IN AFSDB 1 asfdbvolume.zonetransfer.me. 7800 IN RRSIG # asfdbvolume.zonetransfer.me. 3600 IN NSEC # asfdbvolume.zonetransfer.me. 3600 IN RRSIG # canberra-office.zonetransfer.me. 7200 IN A 202.14.81.230 canberra-office.zonetransfer.me. 7200 IN RRSIG # canberra-office.zonetransfer.me. 3600 IN NSEC # canberra-office.zonetransfer.me. 3600 IN RRSIG # cmdexec.zonetransfer.me. 300 IN TXT "; cmdexec.zonetransfer.me. 300 IN RRSIG # cmdexec.zonetransfer.me. 3600 IN NSEC # cmdexec.zonetransfer.me. 3600 IN RRSIG # contact.zonetransfer.me. 2592000 IN TXT "Remember contact.zonetransfer.me. 2592000 IN RRSIG # contact.zonetransfer.me. 3600 IN NSEC # contact.zonetransfer.me. 3600 IN RRSIG # dc-office.zonetransfer.me. 7200 IN A 143.228.181.132 dc-office.zonetransfer.me. 7200 IN RRSIG # dc-office.zonetransfer.me. 3600 IN NSEC # dc-office.zonetransfer.me. 3600 IN RRSIG # deadbeef.zonetransfer.me. 7201 IN AAAA dead:beaf:0:0:0:0:0:0 deadbeef.zonetransfer.me. 7201 IN RRSIG # deadbeef.zonetransfer.me. 3600 IN NSEC # deadbeef.zonetransfer.me. 3600 IN RRSIG # dr.zonetransfer.me. 300 IN LOC 53 dr.zonetransfer.me. 300 IN RRSIG # dr.zonetransfer.me. 3600 IN NSEC # dr.zonetransfer.me. 3600 IN RRSIG # DZC.zonetransfer.me. 7200 IN TXT "AbCdEfG" DZC.zonetransfer.me. 7200 IN RRSIG # DZC.zonetransfer.me. 3600 IN NSEC # DZC.zonetransfer.me. 3600 IN RRSIG # email.zonetransfer.me. 7200 IN A 74.125.206.26 email.zonetransfer.me. 7200 IN RRSIG # email.zonetransfer.me. 2222 IN NAPTR 1 email.zonetransfer.me. 2222 IN RRSIG # email.zonetransfer.me. 3600 IN NSEC # email.zonetransfer.me. 3600 IN RRSIG # Info.zonetransfer.me. 7200 IN TXT "ZoneTransfer.me Info.zonetransfer.me. 7200 IN RRSIG # Info.zonetransfer.me. 3600 IN NSEC # Info.zonetransfer.me. 3600 IN RRSIG # internal.zonetransfer.me. 300 IN NS intns1.zonetransfer.me. internal.zonetransfer.me. 300 IN NS intns2.zonetransfer.me. internal.zonetransfer.me. 3600 IN NSEC # internal.zonetransfer.me. 3600 IN RRSIG # intns1.zonetransfer.me. 300 IN A 167.88.42.94 intns1.zonetransfer.me. 300 IN RRSIG # intns1.zonetransfer.me. 3600 IN NSEC # intns1.zonetransfer.me. 3600 IN RRSIG # intns2.zonetransfer.me. 300 IN A 167.88.42.94 intns2.zonetransfer.me. 300 IN RRSIG # intns2.zonetransfer.me. 3600 IN NSEC # intns2.zonetransfer.me. 3600 IN RRSIG # office.zonetransfer.me. 7200 IN A 4.23.39.254 office.zonetransfer.me. 7200 IN RRSIG # office.zonetransfer.me. 3600 IN NSEC # office.zonetransfer.me. 3600 IN RRSIG # ipv6actnow.org.zonetransfer.me. 7200 IN AAAA 2001:67c:2e8:11:0:0:c100:1332 ipv6actnow.org.zonetransfer.me. 7200 IN RRSIG # ipv6actnow.org.zonetransfer.me. 3600 IN NSEC # ipv6actnow.org.zonetransfer.me. 3600 IN RRSIG # owa.zonetransfer.me. 7200 IN A 207.46.197.32 owa.zonetransfer.me. 7200 IN RRSIG # owa.zonetransfer.me. 3600 IN NSEC # owa.zonetransfer.me. 3600 IN RRSIG # robinwood.zonetransfer.me. 302 IN TXT "Robin robinwood.zonetransfer.me. 302 IN RRSIG # robinwood.zonetransfer.me. 3600 IN NSEC # robinwood.zonetransfer.me. 3600 IN RRSIG # rp.zonetransfer.me. 321 IN RP robin.zonetransfer.me. rp.zonetransfer.me. 321 IN RRSIG # rp.zonetransfer.me. 3600 IN NSEC # rp.zonetransfer.me. 3600 IN RRSIG # sip.zonetransfer.me. 3333 IN NAPTR 2 sip.zonetransfer.me. 3333 IN RRSIG # sip.zonetransfer.me. 3600 IN NSEC # sip.zonetransfer.me. 3600 IN RRSIG # sqli.zonetransfer.me. 300 IN TXT "' sqli.zonetransfer.me. 300 IN RRSIG # sqli.zonetransfer.me. 3600 IN NSEC # sqli.zonetransfer.me. 3600 IN RRSIG # sshock.zonetransfer.me. 7200 IN TXT "() sshock.zonetransfer.me. 7200 IN RRSIG # sshock.zonetransfer.me. 3600 IN NSEC # sshock.zonetransfer.me. 3600 IN RRSIG # staging.zonetransfer.me. 7200 IN CNAME www.sydneyoperahouse.com. staging.zonetransfer.me. 7200 IN RRSIG # staging.zonetransfer.me. 3600 IN NSEC # staging.zonetransfer.me. 3600 IN RRSIG # alltcpportsopen.firewall.test.zonetransfer.me. 301 IN A 127.0.0.1 alltcpportsopen.firewall.test.zonetransfer.me. 301 IN RRSIG

alltcpportsopen.firewall.test.zonetransfer.me. 3600 IN NSEC # alltcpportsopen.firewall.test.zonetransfer.me. 3600 IN RRSIG

testing.zonetransfer.me. 301 IN CNAME www.zonetransfer.me. testing.zonetransfer.me. 301 IN RRSIG # testing.zonetransfer.me. 3600 IN NSEC # testing.zonetransfer.me. 3600 IN RRSIG # vpn.zonetransfer.me. 4000 IN A 174.36.59.154 vpn.zonetransfer.me. 4000 IN RRSIG # vpn.zonetransfer.me. 3600 IN NSEC # vpn.zonetransfer.me. 3600 IN RRSIG # www.zonetransfer.me. 7200 IN A 217.147.177.157 www.zonetransfer.me. 7200 IN RRSIG # www.zonetransfer.me. 3600 IN NSEC # www.zonetransfer.me. 3600 IN RRSIG # xss.zonetransfer.me. 300 IN TXT "'>" xss.zonetransfer.me. 300 IN RRSIG # xss.zonetransfer.me. 3600 IN NSEC # xss.zonetransfer.me. 3600 IN RRSIG #

Trying Zone Transfer for zonetransfer.me on nsztm2.digi.ninja ... zonetransfer.me. 7200 IN SOA nsztm1.digi.ninja. zonetransfer.me. 300 IN HINFO "Casio zonetransfer.me. 301 IN TXT "google-site-verification=tyP28J7JAUHA9fw2sHXMgcCC0I6XBmmoVi04VlMewxA" zonetransfer.me. 7200 IN MX 0 zonetransfer.me. 7200 IN MX 10 zonetransfer.me. 7200 IN MX 10 zonetransfer.me. 7200 IN MX 20 zonetransfer.me. 7200 IN MX 20 zonetransfer.me. 7200 IN MX 20 zonetransfer.me. 7200 IN MX 20 zonetransfer.me. 7200 IN A 217.147.177.157 zonetransfer.me. 7200 IN NS nsztm1.digi.ninja. zonetransfer.me. 7200 IN NS nsztm2.digi.ninja. _sip._tcp.zonetransfer.me. 14000 IN SRV 0 157.177.147.217.IN-ADDR.ARPA.zonetransfer.me. 7200 IN PTR www.zonetransfer.me. asfdbauthdns.zonetransfer.me. 7900 IN AFSDB 1 asfdbbox.zonetransfer.me. 7200 IN A 127.0.0.1 asfdbvolume.zonetransfer.me. 7800 IN AFSDB 1 canberra-office.zonetransfer.me. 7200 IN A 202.14.81.230 cmdexec.zonetransfer.me. 300 IN TXT "; contact.zonetransfer.me. 2592000 IN TXT "Remember dc-office.zonetransfer.me. 7200 IN A 143.228.181.132 deadbeef.zonetransfer.me. 7201 IN AAAA dead:beaf:0:0:0:0:0:0 dr.zonetransfer.me. 300 IN LOC 53 DZC.zonetransfer.me. 7200 IN TXT "AbCdEfG" email.zonetransfer.me. 2222 IN NAPTR 1 email.zonetransfer.me. 7200 IN A 74.125.206.26 Info.zonetransfer.me. 7200 IN TXT "ZoneTransfer.me internal.zonetransfer.me. 300 IN NS intns1.zonetransfer.me. internal.zonetransfer.me. 300 IN NS intns2.zonetransfer.me. intns1.zonetransfer.me. 300 IN A 167.88.42.94 intns2.zonetransfer.me. 300 IN A 167.88.42.94 office.zonetransfer.me. 7200 IN A 4.23.39.254 ipv6actnow.org.zonetransfer.me. 7200 IN AAAA 2001:67c:2e8:11:0:0:c100:1332 owa.zonetransfer.me. 7200 IN A 207.46.197.32 robinwood.zonetransfer.me. 302 IN TXT "Robin rp.zonetransfer.me. 321 IN RP robin.zonetransfer.me. sip.zonetransfer.me. 3333 IN NAPTR 2 sqli.zonetransfer.me. 300 IN TXT "' sshock.zonetransfer.me. 7200 IN TXT "() staging.zonetransfer.me. 7200 IN CNAME www.sydneyoperahouse.com. alltcpportsopen.firewall.test.zonetransfer.me. 301 IN A 127.0.0.1 testing.zonetransfer.me. 301 IN CNAME www.zonetransfer.me. vpn.zonetransfer.me. 4000 IN A 174.36.59.154 www.zonetransfer.me. 7200 IN A 217.147.177.157 xss.zonetransfer.me. 300 IN TXT "'>"

Brute forcing with dns.txt:

^C

On Fri, Apr 22, 2016 at 1:28 AM, eapolsniper [email protected] wrote:

same issue. latest pull.

— You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub https://github.com/fwaeytens/dnsenum/issues/6#issuecomment-213158039

fwaeytens avatar Apr 22 '16 08:04 fwaeytens

Try it against 'gorlice.pl' or 'krakow.pl' or 'waw.pl' for example. The error will occur there.

vddCore avatar Apr 23 '16 13:04 vddCore

The error doesn't occur for me. Try reinstalling dnsenum from GIT and reinstall the dependencies

fw@focpen1 ~/Tools/dnsenum $ perl dnsenum.pl -f dns.txt gorlice.pl Smartmatch is experimental at dnsenum.pl line 698. Smartmatch is experimental at dnsenum.pl line 698. dnsenum.pl VERSION:1.2.4

----- gorlice.pl -----

Host's addresses:

Name Servers:

e-dns.pl. 19755 IN A 46.28.245.82 a-dns.pl. 1572 IN A 194.181.87.156 f-dns.pl. 4176 IN A 77.79.212.238 i-dns.pl. 682 IN A 156.154.100.15

Mail (MX) Servers:

Trying Zone Transfers and getting Bind Versions:

Trying Zone Transfer for gorlice.pl on e-dns.pl ... AXFR record query failed: Response code from server: REFUSED

Trying Zone Transfer for gorlice.pl on a-dns.pl ... AXFR record query failed: Response code from server: REFUSED

Trying Zone Transfer for gorlice.pl on f-dns.pl ... AXFR record query failed: Response code from server: REFUSED

Trying Zone Transfer for gorlice.pl on i-dns.pl ... AXFR record query failed: Response code from server: REFUSED

Brute forcing with dns.txt:

it.gorlice.pl. 3599 IN A 85.128.229.250 mail.gorlice.pl. 3599 IN A 79.96.56.1 ....

On Sat, Apr 23, 2016 at 3:17 PM, Tomasz Cichoń [email protected] wrote:

Try it against 'gorlice.pl' for example. The error will occur there.

— You are receiving this because you commented. Reply to this email directly or view it on GitHub https://github.com/fwaeytens/dnsenum/issues/6#issuecomment-213741568

fwaeytens avatar Apr 28 '16 07:04 fwaeytens

The problem occurs with "recent" Net::DNS version 1.05 :

$ perl -e 'use Net::DNS; print Net::DNS->version, "\n";'
1.05
$ perl -e 'use Net::DNS; my $res = Net::DNS::Resolver->new(udp_timeout => 2, tcp_timeout => 2); my @zone = $res->axfr("github.com");'
improperly terminated AXFR at -e line 1.
$

But not with "old" version :

$ perl -e 'use Net::DNS; print Net::DNS->version, "\n";'
0.68
$ perl -e 'use Net::DNS; my $res = Net::DNS::Resolver->new(udp_timeout => 2, tcp_timeout => 2); my @zone = $res->axfr("github.com");'
$

This is apparently fixed in 1.06 : https://rt.cpan.org/Public/Bug/Display.html?id=112860.

guikcd avatar May 17 '16 20:05 guikcd

Ok, thanks for the heads-up

On Tue, May 17, 2016 at 10:59 PM, Guillaume Delacour < [email protected]> wrote:

The problem occurs with "recent" Net::DNS version 1.05 :

$ perl -e 'use Net::DNS; print Net::DNS->version, "\n";' 1.05 $ perl -e 'use Net::DNS; my $res = Net::DNS::Resolver->new(udp_timeout => 2, tcp_timeout => 2); my @zone = $res->axfr("github.com");' improperly terminated AXFR at -e line 1. $

But not with "old" version :

$ perl -e 'use Net::DNS; print Net::DNS->version, "\n";' 0.68 $ perl -e 'use Net::DNS; my $res = Net::DNS::Resolver->new(udp_timeout => 2, tcp_timeout => 2); my @zone = $res->axfr("github.com");' $

This is apparently fixed in 1.06 : https://rt.cpan.org/Public/Bug/Display.html?id=112860.

— You are receiving this because you commented. Reply to this email directly or view it on GitHub https://github.com/fwaeytens/dnsenum/issues/6#issuecomment-219852173

fwaeytens avatar May 18 '16 14:05 fwaeytens

faced the same issue, not only with dnsenum, but with other tools too. I had to install perl module "Net::DNS" for all the DNS enumerators to work successfully.

Hope that helps, if the problem remains of course.

yourtechnetguy avatar Jun 25 '16 15:06 yourtechnetguy