dns_enumeration used and required in Penetration Testing ~ MrLeet

Title: dns_enumeration used and required in Penetration TestingAuthor: ajayverma

# DNS Enumeration

- NMAP DNS Hostnames Lookup

```ShellSession
nmap -F --dns-server
```

- Host Lookup

```ShellSession
host -t ns [megacorpone.com](http://megacorpone.com/)
```

- Reverse Lookup Brute Force - find domains in the same range

```ShellSession
for ip in $(seq 155 190);do host 50.7.67.$ip;done |grep -v "not found"
```

- Perform DNS IP Lookup

```ShellSession
dig a [domain-name-here.com](http://domain-name-here.com/) @nameserver
```

- Perform MX Record Lookup

```ShellSession
dig mx [domain-name-here.com](http://domain-name-here.com/) @nameserver
```

- Perform Zone Transfer with DIG

```ShellSession
dig axfr [domain-name-here.com](http://domain-name-here.com/) @nameserver
```

## DNS Zone Transfers

- Windows DNS zone transfer

```ShellSession
nslookup -> set type=any -> ls -d [blah.com ](http://blah.com/)
```

- Linux DNS zone transfer

```ShellSession
dig axfr [blah.com](http://blah.com/) @[ns1.blah.com](http://ns1.blah.com/)
```

- Dnsrecon DNS Brute Force

```ShellSession
dnsrecon -d TARGET -D /usr/share/wordlists/dnsmap.txt -t std --xml ouput.xml
```

- Dnsrecon DNS List of megacorp

```ShellSession
dnsrecon -d [megacorpone.com](http://megacorpone.com/) -t axfr
```

- DNSEnum

```ShellSession
dnsenum zonetransfer.m
```

Dislike

Submitted On: 2019-06-25 12:39:24