Metasploit can also be used to fetch information about a host from DNS records using the dns_enum auxiliary. This script uses DNS queries to fetch information such as MX (mail exchanger), SOA (Start of Authority), and SRV (Service) records. It can be used both inside or outside a network. Sometimes, a DNS service is configured to be accessible by the public; in such cases, we can use dns_enum to find internal network hosts, MAC addresses, and IP addresses. In this section, we will look at the usage of dns_enum:
- We can use the enum_dns keyword in the module search option to look for the auxiliary:
- Clicking on the Modules name will redirect us to the options page, as shown in the following screenshot:
Here, we can set the target details such as the DNS servers we're using, the domain name, and what records we want the script to fetch.
- Clicking on Run Module will create a new task where the output will be displayed, as shown in the following screenshot:
Let's now look at how we can improve this even further to meet our needs and make the module fetch more results.