1
00:00:00,210 --> 00:00:05,370
OK, guys, so another orders for some DNS reconnaissance that I'm going to show you really quick is

2
00:00:05,370 --> 00:00:09,330
called DNS Recon is a tool that we can use really quickly.

3
00:00:09,820 --> 00:00:14,340
I'm going to switch right over the colonics and it should come by default.

4
00:00:14,340 --> 00:00:18,750
So you can just go ahead and type in the DNS recon command and then we can start playing with this.

5
00:00:19,320 --> 00:00:26,820
OK, so once we're in callisthenics, you just type in DNS recon and it'll actually pop up with a lot

6
00:00:26,820 --> 00:00:29,750
of the different commands that you can actually use when you're doing it.

7
00:00:29,760 --> 00:00:33,780
So you could play, go through and play and see what kind of information you want to pull.

8
00:00:33,780 --> 00:00:38,760
But this is another valuable tool for when you're actually conducting, you know, that open source

9
00:00:38,760 --> 00:00:42,830
intelligence research and you trying to figure out a little bit more about a domain.

10
00:00:42,840 --> 00:00:54,210
So let's see so we can do something like Anthony Semba oh sorry, Dienes, Rickon and Dash D to designate

11
00:00:54,210 --> 00:00:59,310
the domains that are targeted domain, as do Anthony Timber's dot com.

12
00:00:59,670 --> 00:01:03,570
And if we wanted to, we can add different things like we want to do a reverse look up.

13
00:01:04,320 --> 00:01:06,780
We can just, you know, put a good dash around here.

14
00:01:07,010 --> 00:01:12,510
If we wanted to, you know, do some enumeration via Google, would you just do a dash G right here?

15
00:01:12,630 --> 00:01:16,770
This is a good Sergeevich doing so open source, you know, intelligence research.

16
00:01:17,280 --> 00:01:18,240
So you want to give us.

17
00:01:18,390 --> 00:01:20,610
So we're going to give us the time, but you're going to see a lot of stuff.

18
00:01:21,000 --> 00:01:24,890
We're getting name servers, we're getting different IP addresses and stuff.

19
00:01:25,080 --> 00:01:27,690
So it's gives you pretty valuable information.

20
00:01:28,200 --> 00:01:32,670
Some of these things might take a little bit of time, but it's definitely worth checking out and just

21
00:01:32,670 --> 00:01:35,400
make sure that you're taking notes on everything and you'd be good to go.

22
00:01:35,780 --> 00:01:38,160
OK, so all the searches that everything are finished.

23
00:01:38,160 --> 00:01:43,320
Just remember, we use the Dash G and the dash desperate to find some extra records.

24
00:01:43,320 --> 00:01:49,510
And so so if there is some DNS searching, like, you know, with Google and it found a bunch of records

25
00:01:49,530 --> 00:01:54,360
I was pointing to, like my different subdomains that I have set up and like, you know, where those

26
00:01:54,360 --> 00:01:58,110
that I hosted is finding different records and records.

27
00:01:58,650 --> 00:02:04,980
So it's actually pretty, pretty powerful tool if you want to get as much you can like on a specific

28
00:02:04,980 --> 00:02:05,610
domain.

29
00:02:05,830 --> 00:02:07,530
So I really recommend that you use this tool.