dns_enumeration.md

DNS Enumeration

• NMAP DNS Hostnames Lookup

nmap -F --dns-server

• Host Lookup

host -t ns [megacorpone.com](http://megacorpone.com/)

• Reverse Lookup Brute Force - find domains in the same range

for ip in $(seq 155 190);do host 50.7.67.$ip;done |grep -v "not found"

• Perform DNS IP Lookup

dig a [domain-name-here.com](http://domain-name-here.com/) @nameserver

• Perform MX Record Lookup

dig mx [domain-name-here.com](http://domain-name-here.com/) @nameserver

• Perform Zone Transfer with DIG

dig axfr [domain-name-here.com](http://domain-name-here.com/) @nameserver

DNS Zone Transfers

• Windows DNS zone transfer

nslookup -> set type=any -> ls -d [blah.com  ](http://blah.com/)

• Linux DNS zone transfer

dig axfr [blah.com](http://blah.com/) @[ns1.blah.com](http://ns1.blah.com/)

• Dnsrecon DNS Brute Force

dnsrecon -d TARGET -D /usr/share/wordlists/dnsmap.txt -t std --xml ouput.xml

• Dnsrecon DNS List of megacorp

dnsrecon -d [megacorpone.com](http://megacorpone.com/) -t axfr

• DNSEnum

dnsenum zonetransfer.m