# Activity 3.1: DNS Enumeration
### Summary
### Deliverable 1. Provide a screenshot of your /24 port scan against 10.0.5.0/24 similar to the one below.
Code:
```bash
#!/bin/bash
network=$1
port=$2
echo "host,port"
for ((ip=1; ip<=254; ip++)); do
ipaddr="$1.$ip"
timeout .1 bash -c "echo >/dev/tcp/$ipaddr/$port" 2>/dev/null && echo "$ipaddr,$port"
done
```
Output:
Output
### Deliverable 3. Write a script that takes a network prefix and a specific dns server in which to perform a lookup. Assume a /24 network. Provide a screenshot similar to the one below showing the program run.
Code:
```bash
#!/bin/bash
network=$1
name_serv=$2
echo "dns resolution for $network"
for ((ip=1; ip<=254; ip++)); do
ipaddr="$1.$ip"
nslookup $ipaddr $name_serv | grep name
done
```
Output:
### Deliverable 5. Use nmap to find your DNS servers. Figure out how to: skip host discovery, use a grepable output to send results to dns-servers2.txt, only scan for a single tcp port across 10.0.5.0/24, only report "open" ports, see if you can use a bash 1 or 2 liner to list the unique IP addresses that respond to DNS lookups.
nmap:
```
sudo nmap -Pn --open 10.0.5.0/24 -p T:53 -oG dns-server2.txt
```
ouput:
```
cat dns-server2.txt | grep -v Nmap | grep -v / | awk '{print $2}'
```
Output
### Deliverable 6. The following nmap command will use -sL (list targets) while specifying a dns server. See if you can do some magic with grep and cut or awk to produce output similar to the one below. Provide a screenshot showing your modified nmap run. Note, you may have different hosts listed as our target environment changes and grows over time.
nmap:
```
sudo nmap -sL -R 10.0.5.1-124 --dns-server 10.0.5.22 | awk '{print $5 $6}' | grep "(" | grep -v addresses
```
Ouput:
### Deliverable 7. zt.txt should have some useful information, see what you can do to parse it in a manner that we have a hostname and associated ip address. Provide a screenshot similar to the one below. Note, the screenshot below is not quite perfect as not every host has an IP address.
Zone Transfer:
