Skip to content

Enumeration dns

whois

whois $URL

nslookup

nslookup $URL

host

host $URL
host -t A $URL
host -t MX $URL
host -t TXT $URL
host -t CNAME $URL
zone transfer 
host -l $URL ns1.$URL

dnsrecon

dnsrecon -n $IP -d $URL
zone transfer 
dnsrecon -n $IP -d $URL -t axfr
subdomain enumeration 
SUB=/usr/share/wordlists/seclists/Discovery/DNS/bitquark-subdomains-top100000.txt
dnsrecon -d $URL -n $IP -D $SUB -t brt

gobuster

subdomain enumeration 

SUB=/usr/share/wordlists/seclists/Discovery/DNS/bitquark-subdomains-top100000.txt
gobuster dns -d nsa.gov -r $IP -w $

dig

dump all records 

dig +noall +answer +multiline michalszalkowski.com any
zone transfer 
dig axfr @$IP example.com
dig chaos* 
dig @$IP chaos version.bind txt 
dig @$IP chaos hostname.bind txt 
dig @$IP chaos authors.bind txt 
dig @$IP chaos ID.server txt

dnsenum

dnsenum $URL
dnsenum --dnsserver $IP $URL
subdomain enumeration 
SUB=/usr/share/wordlists/seclists/Discovery/DNS/bitquark-subdomains-top100000.txt
dnsenum --dnsserver $IP -f $SUB $URL

  • https://nip.io
  • https://whois.domaintools.com
  • https://viewdns.info
  • https://threatintelligenceplatform.com
  • http://ptrarchive.com/
  • https://lookup.icann.org/lookup