🧬
DNS Enumeration
dig
1
dig piratemoo.com
2
dig –x piratemoo.com // Reverse DNS lookup
3
dig piratemoo.com -t mx +short // Grab mail info
4
dig piratemoo.com -t ns +short // Grab NS info
5
dig piratemoo.com -t cname // Grab CNAME info
6
dig axfr piratemoo.com ns08.domaincontrol.com // Check DNS xfers
Copied!
host
1
host piratemoo.com // find the address of said host
2
host -t mx piratemoo.com // Check mail info
3
-t flagged is used to specify a specific type of scan (ns/mx/cname)
4
host -t axfr piratemoo.com ns08.domaincontrol.com // Check DNS zone xfers
5
Success? host -l zonetransfer.me piratemoo.com
Copied!
DNSEnum
1
dnsenum --noreverse -o file.txt piratemoo.com
2
Use Google to scrape results and get a list of subdomains
3
-p specifies # of pages searched on Google
4
-s defines max # of subdomains from Google
5
dnsenum --dnsserver piratemoo.com github.com -p 10 -s 50
Copied!
NMAP
1
nmap -T4 -p 53 --script dns-brute piratemoo.com
Copied!
DNSRecon
1
dnsrecon -d piratemoo.com
Copied!
fierce
1
fierce -dns piratemoo.com
Copied!
Copy link