DNS Recon and Enum

DNS Recon

DNSRecon is a python tool that provides information lookup and reconaissance services. You have the ability to perform:

  • Check on all NS Records for Zone Transfers

  • Enumerate General DNS Records for a given domain

  • Perofrm common SRV Record Enumeration. TLD Expansion.

  • Check for Wildcard REsolution

  • Brute Force subdomain and host A and AAAA records given a domain and wordlist

  • Perofmr a PTR record lookup for a given IP

  • Save output to a SQL, JSON, or text file

kali@kali:~$ dnsrecon -d google.com

DNS Enum

dnsenum is a perl script to enumerate DNS information of a domain to discover non-contiguous ip blocks. Standard operations:

  • Get the host A Record

  • Get the nameservers

  • Get the MX records

  • Perform axfr queries on nameservers and get BIND VERSION

  • Get extra names and subdomains via google scraping

  • Brute force subdomains from file

  • Write to domain _ips.txt file ip-blocks

kali@kali:~$ dnsenum --norevers -o mydomain.xml google.com

PreviousNSLookup & DigNextAMASS

Last updated