Skip to content

Enumeration - DNS

whois

whois $URL

nslookup

nslookup $URL

host

host $URL
host -t A $URL
host -t MX $URL
host -t TXT $URL
host -t CNAME $URL
zone transfer
host -l $URL ns1.$URL

DNSrecon

dnsrecon -n $IP -d $URL
zone transfer
dnsrecon -n $IP -d $URL -t axfr
subdomain enumeration
SUB=/usr/share/wordlists/seclists/Discovery/DNS/bitquark-subdomains-top100000.txt
dnsrecon -d $URL -n $IP -D $SUB -t brt

dig

zone transfer

dig axfr @1.1.1.1 example.com
dig chaos*
dig @10.0.2.5 chaos version.bind txt 
dig @10.0.2.5 chaos hostname.bind txt 
dig @10.0.2.5 chaos authors.bind txt 
dig @10.0.2.5 chaos ID.server txt

dnsenum

dnsenum $URL
dnsenum --dnsserver 1.1.1.1 $URL
subdomain enumeration
SUB=/usr/share/wordlists/seclists/Discovery/DNS/bitquark-subdomains-top100000.txt
dnsenum --dnsserver $IP -f $SUB $URL

  • https://viewdns.info/
  • https://threatintelligenceplatform.com