53 - DNS
Enumeration
Note: Many of the techniques accomplished below can also be accomplished using DNS repositories, such as DNSdumpster.com
nslookup
nslookup $domain.com
nslookup $ipaddress (reverse lookup)dig
Basic syntax: dig @<nameserver> somesite.com options
dig somesite.com -t any (all available records)
dig somesite.com -t mx (mx records only)
dig somesite.com -t axfr (zone transfer)
dig -x $ipaddress (reverse lookup)host
Host www.somesite.com (web server)
Host -t ns somesite.com (nameservers)
Host -t mx somesite.com (mail servers)
host -l <domain name> <dns server address> (zone transfer)Automated tools
DNSRECON
dnsrecon -d somesite.com -t axfr
dnsrecon -r CIDR (reverse DNS lookup of net block)
-d: used to specify domain name
-r: IP range for reverse lookup
-t: used to specify the type of enumeration
Common types include:
std - SOA, NS, A, AAAA, MX and SRV
axfr - test all nameservers for zone transfer
brt - brute force domains and hosts using a given dictionaryDNSenum
dnsenum $domain.comLast updated