Skip to content

Enumeration dns

whois


whois $URL

nslookup


nslookup $URL

host


host $URL
host -t A $URL
host -t MX $URL
host -t TXT $URL
host -t CNAME $URL
zone transfer
host -l $URL ns1.$URL

dnsrecon


dnsrecon -n $IP -d $URL
zone transfer
dnsrecon -n $IP -d $URL -t axfr
subdomain enumeration
SUB=/usr/share/wordlists/seclists/Discovery/DNS/bitquark-subdomains-top100000.txt
dnsrecon -d $URL -n $IP -D $SUB -t brt

gobuster


subdomain enumeration

SUB=/usr/share/wordlists/seclists/Discovery/DNS/bitquark-subdomains-top100000.txt
gobuster dns -d nsa.gov -r $IP -w $

dig


zone transfer

dig axfr @$IP example.com
dig chaos*
dig @$IP chaos version.bind txt 
dig @$IP chaos hostname.bind txt 
dig @$IP chaos authors.bind txt 
dig @$IP chaos ID.server txt

dnsenum


dnsenum $URL
dnsenum --dnsserver $IP $URL
subdomain enumeration
SUB=/usr/share/wordlists/seclists/Discovery/DNS/bitquark-subdomains-top100000.txt
dnsenum --dnsserver $IP -f $SUB $URL


  • https://nip.io
  • https://whois.domaintools.com
  • https://viewdns.info
  • https://threatintelligenceplatform.com
  • http://ptrarchive.com/
  • https://lookup.icann.org/lookup