5. DNS Enumeration

DNS enumeration techniques are used to obtain information about the DNS servers and network infrastructure of the target organization.

1. DNS Enumeration using zone transfer

find the nameserver of a domain

dig ns zonetransfer.me

Now try the zone transfer for the domain from its primary and secondary name servers

dig axfr zonetransfer.me @nsztm2.digi.ninja

Fire up the tool on windows

nslookup
set querytype=soa

Now execute the zone transfer

ls -d nsztm2.digi.ninja

./dnsrecon.py -d zonetransfer.me -z

-d target domain

-z DNSSEC Zone walk

Other tools

GitHub - davebarr/dnswalk: A DNS database debuggerGitHub

nmap --script=broadcast-dns-service-discovery zonetransfer.me

DNS brute forcing

nmap -T5 -p 53 --script dns-brute zonetransfer.me

common service records

nmap --script dns-srv-enum --script-args "dns-srv-enum.domain='zonetransfer.me'"

Last updated 1 day ago