DNS Enumeration

Examine domain name system (DNS) using dnsenum, nslookup, dig and fierce tool

Check for zone transfer

Bruteforce subdomain using fierce tool

Run all nmap scripts using following command: nmap -Pn -sU -p53 --script dns* -v

Banner grabbing and finding publicly known exploits

Check for DNS amplification attack

NMAP DNS Hostnames Lookup

nmap -F --dns-server <dns server ip><target ip range>

Host Lookup

host -t ns megacorpone.com

Reverse Lookup Brute Force - find domains in the same range

for ip in $(seq 155 190);do host 50.7.67.$ip;done |grep -v "not found"

Perform DNS IP Lookup

dig a domain-name-here.com @nameserver

Perform MX Record Lookup

dig mx domain-name-here.com @nameserver

Perform Zone Transfer with DIG

dig axfr domain-name-here.com @nameserver

DNS Zone Transfers

Windows DNS zone transfer

nslookup -> set type=any -> ls -d blah.com

Linux DNS zone transfer

dig axfr blah.com @ns1.blah.com

Dnsrecon DNS Brute Force

dnsrecon -d TARGET -D /usr/share/wordlists/dnsmap.txt -t std --xml ouput.xml

Dnsrecon DNS List of megacorp

dnsrecon -d megacorpone.com -t axfr

DNSEnum

dnsenum zonetransfer.me