DNS Enumeration:

  • DNS ENUM
  • FIERCE
  • DNS DUMPSTER
  • NS LOOKUP
  • DIG
  • DNS RECON
  • DNS-PTR

NSLOOKUP:

nslookup domainName

Ex: nslookup els-dns.site


nslookup  -query=mx domainName

nslookup -type=MX domainName 

nslookup -query=CNAME domainName

nslookup -query=ns domainName

nslookup -query=ANY domainName     | For all the records

nslookup -type=PTR IPaddress       | conducting reverse lookup



nslookup -type=MX domainName

DIG

dig domainName

dig domainName A    | query A records ONLY

dig +nocmd  domainName MX  +noall +answer | return ONLY MX infos

dig AXFR domainName   | performs a zone tranfer of a domain

dig +nocmd domainName AXFR +noall +answer @dnsName | specifying the domain name is vital in querying zone transfer

FIERCE

fierce -dns domainName 

fierce -dns domainName -dnsserver dnsserveredomain | the dns server is used for zone transfer

DNSENUM

dnsenum domainName 

dnsenum domainName -f pathtoDNS brtueforce list

DNSMAP:

dnsmap domainName

dnsmap domainName -w wordList   | - w  for the built-in word list 

dnsmap domainName -r /tmp/      | -r for the user supplied wordlist

dnsmap domainName

DNS RECON:

dnsrecon -d domainName

Zone Transfer

nslookup:
----------

nalookup 

ls -d [Target]                  | ls -d localtarget.com


dig:
-------

dig  domain.com


dig  [@primaryserver.domain.com]   domain.com axfr


dig  [@IP_ADDRESS]   domain.com axfr




DNSBruteForce:
---------------

dnsbruteforce  [siteName] [dns_Server.list] [hosts.list]  | dnsbruteforce example.com [dns_Server.list] [hosts.list]


dnsbruteforce  [siteName] [dns_Server.list] [Urban.dict]  | dnsbruteforce example.com [dns_Server.list] [Urban.list]

Reverse Lookup

dns-ptr  [IP_Address range]    | EX: dns-ptr  215.36.254.12   215.36.254.254

results matching ""

    No results matching ""