Author: Jaco van Heerden
Initial Date: 22 May 2006
Updated: 19 November 2010 

**THE APPLICATION IS A WORK IN PROGRESS**

Disclaimer
----------
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, 
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, 
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, 
OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
OF SUCH DAMAGE

Requirements:
-------------
Microsoft Windows: .NET 2.0 or higher
Linux: Mono 1.2.3 or higher
CPU Architecture that handles aggressive multi-threading
128MB RAM

Recommended:
------------
Dual Core CPU
512MB RAM
Red Wine...

Usage info:
-----------
Microsoft Windows: dnsfootprint.exe <cmdline switches>
Linux: mono dnsfootprint.exe <cmdline switches>

Command line switches:
----------------------
-a <hostname> : A Record
-mx <domain> : MX Record
-ptr <IP address> : PTR Record
-ns <domain> : NS Records
-soa <domain> : SOA Record
-srv <service type record> : SRV Record
-zt <domain> : Zone Transfer (You will have to specify the DNS server for the target domain)
-dnssrv <IP address only (not fqdn!!)> : Specify name server
-domcheck <filename containing list of domains OR a single domain name> : Validate existence of domain names and check for wildcard domains
-fwdenum <filename containing list of domains OR a single domain name> : Enumerate A records
-fwdf <filename> : Use custom hostnames file (for -fwdenum enumeration)
-dowildcard : Include wildcard domains (domains that responds to any query)
-d <number> : Specify the limit for forward enumeration num range. Default = dynamic (eg. www1,www2..to last one found)
-ptrenum <filename containing list of netblocks OR single IP netblock> : Enumerate PTR records (reverse lookups)
-ztenum <filename containing list of domains OR a single domain name> : Attempt Zone Transfer enumeration of domain list
-nsenum <filename containing list of domains OR a single domain name> : Attempt name server enumeration of domain list
-mxenum <filename containing list of domains OR a single domain name> : Attempt mx server enumeration of domain list
-tldenum <filename containing list of potential domain names OR a single domain name> : Enumerate top level domains
-tldf <filename> : Use custom file containing top level domains (for -tldenum enumeration)
-subdenum <filename containing list domain names OR a single domain name> : Enumerate subdomains for domain list
-subdf <filename> : Use custom file containing potential subdomain names (for -subdenum enumeration)
-footp <filename containing list of domains and IP netblocks> : Attempt zone transfers, enumerate NS, MX, A and PTR records
-noztenum : Skip enumeration attempts via zone transfers
-nofwdenum : Skip A-Record enumeration
-nosubdenum : Skip subdomains enumeration
-nocache : Disabled DNS cache based lookups
-w <number> : No of threads used, per task, during enumeration (default = 20)
-p show progressbar, requires that you also specify an output file with -o
-o <output filename> : Output file
-del <delimiter value> : E.g. , or && or ;

<startIP-endIP> or <IP/bitmask> : Accepted netblock syntax


Usage examples:
----------------
Get command line options
Microsoft Windows:> dnsfootprint.exe
Linux:> mono dnsfootprint.exe

A record lookup of FQDN (Fully qualified domain name)
Microsoft Windows:> dnsfootprint.exe -a <target FQDN>
Linux:> mono dnsfootprint.exe -a <target FQDN>

Specify specific name server to use during lookup
Microsoft Windows:> dnsfootprint.exe -a <target FQDN> -dnssrv <target DNS server>
Linux:> mono dnsfootprint.exe -a <target FQDN> -dnssrv <target DNS server>
(!!Use IP Address not the FQDN!!)

PTR record lookup
Microsoft Windows:> dnsfootprint.exe -ptr <target IP address>
Linux:> mono dnsfootprint.exe -ptr <target IP address>

SOA record lookup
Microsoft Windows:> dnsfootprint.exe -soa <targetdomain>
Linux:> mono dnsfootprint.exe -soa <targetdomain>

NS record lookup
Microsoft Windows:> dnsfootprint.exe -ns <targetdomain>
Linux:> mono dnsfootprint.exe -ns <targetdomain>

MX record lookup
Microsoft Windows:> dnsfootprint.exe -mx <targetdomain>
Linux:> mono dnsfootprint.exe -mx <targetdomain>

SRV record lookup
Microsoft Windows:> dnsfootprint.exe -srv <service.protocol.domain> (E.g. _http._tcp.example.com)

Zone Transfer
Microsoft Windows:> dnsfootprint.exe -zt <targetdomain> -dnssrv <target DNS server>
Linux:> mono dnsfootprint.exe -zt <targetdomain> -dnssrv <target DNS server>
(!!Important, specify the correct name server and use the IP Address, not FQDN!!)

Enumerate A-records (FQDN)
Microsoft Windows:> dnsfootprint.exe -fwdenum <inputfile containing target domains>
Microsoft Windows:> dnsfootprint.exe -fwdenum <target domain>
Linux:> mono dnsfootprint.exe dnsfootprint.exe <inputfile containing target domains>
Linux:> mono dnsfootprint.exe dnsfootprint.exe -fwdenum <target domain>
(By default dnsfootprint will use the default-names.txt for hostnames)

Enumerate A-records, specify a custom file to use for hostnames
Microsoft Windows:> dnsfootprint.exe -fwdenum <inputfile containing target domains> -fwdf <input file containing custom hostnames>
Microsoft Windows:> dnsfootprint.exe -fwdenum <target domain> -fwdf <input file containing custom hostnames>
Linux:> mono dnsfootprint.exe dnsfootprint.exe -fwdenum <inputfile containing target domains> -fwdf <input file containing custom hostnames>
Linux:> mono dnsfootprint.exe dnsfootprint.exe -fwdenum <target domain> -fwdf <input file containing custom hostnames>

Enumerate PTR records from IP netblocks (IP address ranges)
Microsoft Windows:> dnsfootprint.exe -ptrenum <inputfile containing target netblocks>
Microsoft Windows:> dnsfootprint.exe -ptrenum <target netblock with CIDR notation>
Linux:> mono dnsfootprint.exe dnsfootprint.exe -ptrenum <inputfile containing target netblocks>
Linux:> mono dnsfootprint.exe dnsfootprint.exe -ptrenum <x.x.x.x-y.y.y.y)
(File may contain netblocks in the following syntax: x.x.x.x/bitmask or x.x.x.x-y.y.y.y)

Enumerate records via zone transfers (attempt to ZT from each NS for domain)
Microsoft Windows:> dnsfootprint.exe -ztenum <input file containing target domains>
Linux:> mono dnsfootprint.exe dnsfootprint.exe -ztenum <target domain>

Perform footprint for target domain or domains
Microsoft Windows:> dnsfootprint.exe -footp <input file in footp format> 

Other interesting switches
-w <num> : specify number of threads (Default = 20), 
	Microsoft Windows:> dnsfootprint.exe -ptrenum <IP netblock> -w 30
Linux:> mono dnsfootprint.exe -ztenum <target domains file> -w 30
-p : Enable progressbar (requires that you speficy an outputfile using the -o switch)
	Microsoft Windows:> dnsfootprint.exe -ptrenum <IP netblock> -w 30 -p -o <outputfile>
-o : Send output to filename
	Linux:> mono dnsfootprint.exe -ztenum <target domains file> -w 30 -p -o <outputfile>
-d <num> : specify hard coded host name search depth (Default = 1, eg. www1, www2...). No value = dynamic search (tries 0 and 1, if found continues to num X)
	Microsoft Windows:> dnsfootprint.exe -fwdenum <domains file> -d 5
-del <delimeter char/string>: Default = ; You can also specify multiple characters for example &&
	Linux:> mono dnsfootprint.exe -ztenum <target domains file> -del ,

Disclaimer
----------
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, 
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, 
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, 
OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY 
OF SUCH DAMAGE