DNSRecon

DNSRecon is a versatile open-source tool designed for DNS enumeration and information gathering.

Purpose: DNSRecon assists in discovering and extracting valuable information related to DNS records, subdomains, and zone transfers.

Key Features:

  • Subdomain Enumeration

  • Zone Transfer Analysis

  • Brute-Force Dictionary Attacks

  • DNSSEC (DNS Security Extensions) Support

  • WHOIS Information Retrieval

Examples:

  1. General Enumeration:

    kali@kali:~$ dnsrecon -d jawad.ca -t std     
[*] std: Performing General Enumeration against: jawad.ca...
[-] DNSSEC is not configured for jawad.ca
[*]      SOA dns1.registrar-servers.com 156.154.132.200
[*]      SOA dns1.registrar-servers.com 2610:a1:1024::200
[*]      NS dns1.registrar-servers.com 156.154.132.200
[*]      Bind Version for 156.154.132.200 Nameserver"
[*]      NS dns1.registrar-servers.com 2610:a1:1024::200
[*]      NS dns2.registrar-servers.com 156.154.133.200
[*]      Bind Version for 156.154.133.200 Nameserver"
[*]      NS dns2.registrar-servers.com 2610:a1:1025::200
[*]      MX mx1.privateemail.com 198.54.122.240
[*]      MX mx2.privateemail.com 198.54.122.250
[*]      A jawad.ca 185.199.110.153
[*]      A jawad.ca 185.199.111.153
[*]      A jawad.ca 185.199.109.153
[*]      A jawad.ca 185.199.108.153
[*]      TXT jawad.ca v=spf1 include:spf.privateemail.com ~all
[*] Enumerating SRV Records
[+]      SRV _autodiscover._tcp.jawad.ca privateemail.com 198.54.122.136 443
[+] 1 Records Found

  2. Zone Transfer Analysis:

    kali@kali:~$ dnsrecon -d jawad.ca -t zonewalk
[*] Performing NSEC Zone Walk for jawad.ca
[*] Getting SOA record for jawad.ca
[*] Name Server 156.154.132.200 will be used
[*]      A jawad.ca 185.199.110.153
[*]      A jawad.ca 185.199.108.153
[*]      A jawad.ca 185.199.111.153
[*]      A jawad.ca 185.199.109.153
[+] 4 records found

    Conducts a comprehensive zone transfer analysis to identify authoritative name servers.

  3. Brute-Force Dictionary Attack:

    dnsrecon -d example.com -D /path/to/wordlist.txt

    Executes a dictionary attack on the domain "example.com" using a specified wordlist, uncovering potential subdomains.

  4. DNSSEC Support:

    dnsrecon -d example.com -a

    Retrieves DNSSEC information for the domain "example.com," highlighting the presence of DNS security extensions.

  5. WHOIS Information Retrieval:

    dnsrecon -d example.com -w

    Fetches WHOIS information for the domain "example.com," providing insights into domain registration details.

Resources:

PreviousWhoisNextDNSenum

Last updated