DNS

DNS (Domain Name System) is a system that translates human-readable domain names into IP addresses, allowing browsers to locate and load internet resources.

Conducting passive reconnaissance on DNS involves gathering information about a target's domain and DNS infrastructure without directly interacting with their systems. This helps avoid detection.

dnsrecon

DNSRecon is a tool used for DNS (Domain Name System) enumeration. It helps security professionals gather information about a domain's DNS records.

dnsrecon performs several tasks, such as: Standard DNS Lookup, Zone Transfers (AXFR), Reverse DNS Lookup, Brute-Force Subdomains, Cache Snooping, Wildcard Resolution Detection.

sudo pip3 install dnsrecon

# Basic
dnsrecon -d [DOMAIN]

# Zone Transfer
dnsrecon -d [DOMAIN] -t axfr

# Brute-force Subdomain
dnsrecon -d [DOMAIN] -D [PATH_TO_WORDLIST] -t brt

# Reverse Lookup
dnsrecon -r [STARTIP]-[ENDIP]

DNS Dumpster

DNSDumpster.com is a free online tool for DNS enumeration and reconnaissance. It’s a very awesome tool, especially useful for security assessments, and must be used for everything DNS.

  • Graphical Representation: DNSDumpster not only provides DNS and MX record information but also represents the collected data graphically, making it easy to visualize the domain’s infrastructure.

  • Interactive Graph: The tool shows how DNS and MX records branch out to their respective servers, along with associated IP addresses. The interactive graph allows you to manipulate the layout, moving blocks around for a clearer view.

  • Export Options: You can also export the graph for reporting or further analysis.

Last updated