Scribd
Upload
144 views1 page

DNSRecon Command Cheat Sheet

Uploaded by

4K BGM Studio
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
144 views1 page

DNSRecon Command Cheat Sheet

Uploaded by

4K BGM Studio
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Ethical Hacking and Countermeasures

Certified Ethical Hacker

DNSRecon Cheat Sheet


DNSRecon is for performing the reverse DNS lookup on the target host, check NS Records for zone transfer, exploit vulnerabili�es and obtain network informa�on of a target domain and further launch Internet-based a�acks, enumerate DNS
DNSRecon Records for domains (MX, SOA, NS, A, AAAA, SPF, and TXT), perform common SRV record enumera�on, Top Level Domain (TLD) expansion, check for wildcard resolu�on, brute Force subdomain and host A and AAAA records given a domain and
Source: https://github.com a wordlist, perform a PTR Record lookup for a given IP Range or CIDR, check a DNS server cached records for A, AAAA and CNAME Records provided a list of host records in a text file to check, enumerate common mDNS records in the local
network enumerate hosts and subdomains using Google.

Syntax Command Description Arguments

dnsrecon -r <Target IP range> Reverse DNS lookup on the target host -h, --help Help message and exit
dnsrecon.py [-h] [-d DOMAIN] [-n
NS_SERVER] [-r RANGE] [-D dnsrecon -t axfr -d <Target
DNS zone transfer -d DOMAIN, --domain Target domain
DICTIONARY][-f] [-t TYPE] [-a] [-s] [-g] Domain>
DOMAIN
[-b] [-k] [-w] [-z] [--threads THREADS] dnsrecon -d <Target Domain> -z Zone enumera�on against a target domain -n NS_SERVER, Domain server to use. If none is given, the SOA of the
[--lifetime LIFETIME] [--tcp] [--db DB] --name_server NS_SERVER target will be used
[-x XML] [-c CSV] [-j JSON] [--iw] [-v] dnsrecon -d <Target Domain> -a
./dnsrecon.py -d <Target Domain> -n nsserver.com Use a custom name server
-a
or Zone transfer IP range for reverse lookup brute force in formats
DNSRecon Installation dnsrecon -d <Target Domain> -t -r RANGE, --range RANGE
(first-last) or in (range/bitmask)
axfr
ap�tude install dnsrecon On Parrot, or: ./dnsrecon.py -d <Target Domain> Dic�onary file of subdomain and hostnames to use for
-t axfr -D DICTIONARY, brute force. Filter out of brute force domain lookup,
git clone h�ps://github.com/darkoperator/dnsrecon.git dnsrecon -r <start Target --dictionary DICTIONARY records that resolve to the wildcard defined IP address
IP>-<end Target IP> when saving records
cd dnsrecon ./dnsrecon.py -r <start Target Reverse Lookup against IP range
IP>-<end Target IP> Filter out of brute force domain lookup, records that
./dnsrecon.py -r <Target IP -f resolve to the wildcard defined IP address when saving
pip install -r requirements.txt
range> records
dnsrecon -d <Target Domain> -s
Reverse Lookup against all ranges in -t TYPE, --type TYPE Type of enumera�on to perform
--db SQLite 3 file ./dnsrecon.py -d <Target Domain>
-s SPF records
--xml XML file dnsrecon -d <Target Domain> -D -a AXFR with standard enumera�on
<namelist.txt> -t brt
Domain Brute Force Enumera�on
--json JSON file ./dnsrecon.py -d <Target Domain> -r Recursively scan subdomains
-D <namelist> -t brt
--csv CSV file dnsrecon -d <Target Domain> -D Reverse lookup of IPv4 ranges in the SPF record with
-s
/usr/share/wordlists/dnsmap.txt DNS Brute force standard enumera�on
-t std --xml ouput.xml
dnsrecon -t snoop -n <Server IP> -T TLD expansion
Command Description -D <namelist.txt>
Cache Snooping against name servers -g Google enumera�on with standard enumera�on
dnsrecon -d <Target Domain> -j ./dnsrecon.py -t snoop -n
<results json file> Save results in a json file <Server IP> -D <dictionary file>
dnsrecon -d <Target Domain> -b Bing enumera�on with standard enumera�on
dnscan.py -l $domains_file -o Standard Records Enumera�on/ enumerate
Subdomain brute-force of domains listed ./dnsrecon.py -d <Target
outfile -w $wordlist in a file (one by line) Domain> DNS record of targeted website -k Crt.sh enumera�on with standard enumera�on
dnscan.py -d target.com -o dnsrecon -d <Target Domain> -t
Zone Walking Deep whois record analysis and reverse lookup of IP
outfile -w $wordlist Subdomain brute-force of a domain zonewalk
-w ranges found through Whois when doing a standard
dnsrecon -d <Target Domain> -t enumera�on
dnssearch -domain <Target Reverse lookup of a given CIDR or IP range
Dnssearch Subdomain brute-force rvl
Domain> -wordlist $wordlist
dnsrecon -d <Target Domain> -t Brute force domains and hosts using a given -z DNSSEC zone walk with standard enumera�on
dnsrecon -d zonetransfer.me Use Robin Wood’s zonetransfer.me site to brt -D <Subdomains Dictionary> dic�onary
enumerate and Run a scan Number of threads to use in reverse lookups, forward
dnsrecon -d <Target Domain> -t Brute force domains and hosts using a given --threads THREADS
dnsrecon -d zonetransfer.me -D lookups, brute force, and SRV record enumera�on
<namelist.txt> -t brt Brute Force scan brt -D <Subdomains Dictionary> dic�onary. Con�nue brute-forcing a domain
--iw even if wildcard records are discovered --lifetime LIFETIME Time to wait for a server to respond to a query
dnsrecon -d zonetransfer.me -a Zone Transfer
dnsrecon -d <Target Domain> -t SRV records
dnsrecon -d zonetransfer.me -a srv --tcp Use TCP protocol to make queries
--db Look at SQLite database file
~/Desktop/dnsrecon/dnsrecon-db dnsrecon -d <Target Domain> -t SQLite 3 file to save found records/ save results to SQLite
Test all NS servers for a zone transfer --db DB
axfr database file
dnsrecon -d zonetransfer.me -a dnsrecon -d <Target Domain> -t
--xml Save the results in XML format goo
Google search for subdomains and hosts XML file to save found records/ save results to the XML
~/Desktop/dnsrecon/dnsrecon-xml -x XML, --xml XML
file
dnsrecon -d <Target Domain> -t Remove the TLD of a given domain and test
dnsrecon -d TARGET -D
tld against all TLDs registered in IANA -c CSV, --csv CSV Comma-separated value file
/usr/share/wordlists/dnsmap.txt DNS Zone Transfers
-t std --xml ouput.xml dnsrecon -d <Target Domain> -t
DNSSEC zone walk using NSEC records
dnsrecon -d <Target IP> -t std zonewalk
-D DNS (reverse) lookups / Enumeration DNS / -j JSON, --json JSON JSON file
/usr/share/wordlists/dnsmap.txt Brute force subdomains dnsrecon -d <Target Domain>
Save results in a sqlite file
--db <results sqlite File> Output discovered IP addresses
$ python dnsrecon.py -n -i $file to a text file
ns1.<Target Domain> -d <Target dnsrecon -d demo.com --xml
Domain> -D DNS enumeration tool <results xml file>
Save results in an xml file Con�nue brute-forcing a domain even if
--iw
subdomains-top1mil-5000.txt -t wildcard records are discovered
brt dnsrecon -d <Target Domain> -c Save results in a csv file
dnsrecon -w DNS Reconnaissance <results csv file> -v Enable verbose

www.eccouncil.org/ceh Over 50% Of Professionals Received Promo�ons a�er C|EH 01

You might also like