DNSRecon

DNSRecon is a versatile open-source tool designed for DNS enumeration and information gathering.

Purpose: DNSRecon assists in discovering and extracting valuable information related to DNS records, subdomains, and zone transfers.

Key Features:

Subdomain Enumeration
Zone Transfer Analysis
Brute-Force Dictionary Attacks
DNSSEC (DNS Security Extensions) Support
WHOIS Information Retrieval

Examples:

General Enumeration:

kali@kali:~$ dnsrecon -d jawad.ca -t std     
[*] std: Performing General Enumeration against: jawad.ca...
[-] DNSSEC is not configured for jawad.ca
[*]      SOA dns1.registrar-servers.com 156.154.132.200
[*]      SOA dns1.registrar-servers.com 2610:a1:1024::200
[*]      NS dns1.registrar-servers.com 156.154.132.200
[*]      Bind Version for 156.154.132.200 Nameserver"
[*]      NS dns1.registrar-servers.com 2610:a1:1024::200
[*]      NS dns2.registrar-servers.com 156.154.133.200
[*]      Bind Version for 156.154.133.200 Nameserver"
[*]      NS dns2.registrar-servers.com 2610:a1:1025::200
[*]      MX mx1.privateemail.com 198.54.122.240
[*]      MX mx2.privateemail.com 198.54.122.250
[*]      A jawad.ca 185.199.110.153
[*]      A jawad.ca 185.199.111.153
[*]      A jawad.ca 185.199.109.153
[*]      A jawad.ca 185.199.108.153
[*]      TXT jawad.ca v=spf1 include:spf.privateemail.com ~all
[*] Enumerating SRV Records
[+]      SRV _autodiscover._tcp.jawad.ca privateemail.com 198.54.122.136 443
[+] 1 Records Found

Zone Transfer Analysis:

kali@kali:~$ dnsrecon -d jawad.ca -t zonewalk
[*] Performing NSEC Zone Walk for jawad.ca
[*] Getting SOA record for jawad.ca
[*] Name Server 156.154.132.200 will be used
[*]      A jawad.ca 185.199.110.153
[*]      A jawad.ca 185.199.108.153
[*]      A jawad.ca 185.199.111.153
[*]      A jawad.ca 185.199.109.153
[+] 4 records found

Conducts a comprehensive zone transfer analysis to identify authoritative name servers.

Brute-Force Dictionary Attack:
```
dnsrecon -d example.com -D /path/to/wordlist.txt
```
Executes a dictionary attack on the domain "example.com" using a specified wordlist, uncovering potential subdomains.
DNSSEC Support:
```
dnsrecon -d example.com -a
```
Retrieves DNSSEC information for the domain "example.com," highlighting the presence of DNS security extensions.
WHOIS Information Retrieval:
```
dnsrecon -d example.com -w
```
Fetches WHOIS information for the domain "example.com," providing insights into domain registration details.

Resources:

PreviousWhois NextDNSenum

Last updated 1 year ago

kali@kali:~$ dnsrecon -d jawad.ca -t std [*] std: Performing General Enumeration against: jawad.ca... [-] DNSSEC is not configured for jawad.ca [*] SOA dns1.registrar-servers.com 156.154.132.200 [*] SOA dns1.registrar-servers.com 2610:a1:1024::200 [*] NS dns1.registrar-servers.com 156.154.132.200 [*] Bind Version for 156.154.132.200 Nameserver" [*] NS dns1.registrar-servers.com 2610:a1:1024::200 [*] NS dns2.registrar-servers.com 156.154.133.200 [*] Bind Version for 156.154.133.200 Nameserver" [*] NS dns2.registrar-servers.com 2610:a1:1025::200 [*] MX mx1.privateemail.com 198.54.122.240 [*] MX mx2.privateemail.com 198.54.122.250 [*] A jawad.ca 185.199.110.153 [*] A jawad.ca 185.199.111.153 [*] A jawad.ca 185.199.109.153 [*] A jawad.ca 185.199.108.153 [*] TXT jawad.ca v=spf1 include:spf.privateemail.com ~all [*] Enumerating SRV Records [+] SRV _autodiscover._tcp.jawad.ca privateemail.com 198.54.122.136 443 [+] 1 Records Found

kali@kali:~$ dnsrecon -d jawad.ca -t zonewalk [*] Performing NSEC Zone Walk for jawad.ca [*] Getting SOA record for jawad.ca [*] Name Server 156.154.132.200 will be used [*] A jawad.ca 185.199.110.153 [*] A jawad.ca 185.199.108.153 [*] A jawad.ca 185.199.111.153 [*] A jawad.ca 185.199.109.153 [+] 4 records found