1. First off you need to get a program called dig
for debian based Operating systems you can do
apt-get install dnsutils
a windows version can be downloaded from here
2. Find out the name servers of the domain this can be done by typing
dig ns <domain>
3. Now you query the Nameserver to output the subdomains
dig @<nameserver> <domain> axfr
4. You should now have a listing of all the subdomains :)
Example:
root@duffys-place:~# dig ns duffys-place.co.cc ; < <>> DiG 9.5.1-P1 < <>> ns duffys-place.co.cc ;; global options: printcmd ;; Got answer: ;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 48938 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;duffys-place.co.cc. IN NS ;; ANSWER SECTION: duffys-place.co.cc. 43180 IN NS ns3.co.cc. ;; Query time: 23 msec ;; SERVER: 212.113.0.3#53(212.113.0.3) ;; WHEN: Thu Apr 2 13:12:59 2009 ;; MSG SIZE rcvd: 54 root@duffys-place:~# dig @ns3.co.cc duffys-place.co.cc axfr ; <<>> DiG 9.5.1-P1 < <>> @ns3.co.cc duffys-place.co.cc axfr ; (1 server found) ;; global options: printcmd duffys-place.co.cc. 86400 IN SOA ns.duffys-place.co.cc. root.duffys-place.ns.co.cc. 2009030300 28800 7200 604800 3600 duffys-place.co.cc. 86400 IN NS ns3.co.cc. duffys-place.co.cc. 86400 IN A 88.151.87.96 duffys-place.co.cc. 86400 IN MX 10 mail1.duffys-place.co.cc. files.duffys-place.co.cc. 3600 IN CNAME cid-d037be1f66fbe46e.skydrive.live.com. home.duffys-place.co.cc. 86400 IN A 88.151.87.116 mail.duffys-place.co.cc. 86400 IN CNAME ghs.google.com. mail1.duffys-place.co.cc. 86400 IN CNAME aspmx.l.google.com. paste.duffys-place.co.cc. 86400 IN CNAME duffys-place.co.cc. shane.duffys-place.co.cc. 86400 IN CNAME duffys-place.co.cc. sms.duffys-place.co.cc. 86400 IN CNAME duffys-place.co.cc. usermin.duffys-place.co.cc. 86400 IN A 88.151.87.98 webmin.duffys-place.co.cc. 86400 IN A 88.151.87.97 www.duffys-place.co.cc. 86400 IN CNAME duffys-place.co.cc. duffys-place.co.cc. 86400 IN SOA ns.duffys-place.co.cc. root.duffys-place.ns.co.cc. 2009030300 28800 7200 604800 3600 ;; Query time: 308 msec ;; SERVER: 118.219.232.169#53(118.219.232.169) ;; WHEN: Thu Apr 2 13:13:06 2009 ;; XFR size: 15 records (messages 1, bytes 442)
Please Note This Will Only Work On Some Nameservers
June 28th, 2010 at 10:21 pm
不错的文章,已经转载!