DNSRecon
DNSRecon is a versatile open-source tool designed for DNS enumeration and information gathering.
Purpose: DNSRecon assists in discovering and extracting valuable information related to DNS records, subdomains, and zone transfers.
Key Features:
Subdomain Enumeration
Zone Transfer Analysis
Brute-Force Dictionary Attacks
DNSSEC (DNS Security Extensions) Support
WHOIS Information Retrieval
Examples:
General Enumeration:
kali@kali:~$ dnsrecon -d jawad.ca -t std [*] std: Performing General Enumeration against: jawad.ca... [-] DNSSEC is not configured for jawad.ca [*] SOA dns1.registrar-servers.com 156.154.132.200 [*] SOA dns1.registrar-servers.com 2610:a1:1024::200 [*] NS dns1.registrar-servers.com 156.154.132.200 [*] Bind Version for 156.154.132.200 Nameserver" [*] NS dns1.registrar-servers.com 2610:a1:1024::200 [*] NS dns2.registrar-servers.com 156.154.133.200 [*] Bind Version for 156.154.133.200 Nameserver" [*] NS dns2.registrar-servers.com 2610:a1:1025::200 [*] MX mx1.privateemail.com 198.54.122.240 [*] MX mx2.privateemail.com 198.54.122.250 [*] A jawad.ca 185.199.110.153 [*] A jawad.ca 185.199.111.153 [*] A jawad.ca 185.199.109.153 [*] A jawad.ca 185.199.108.153 [*] TXT jawad.ca v=spf1 include:spf.privateemail.com ~all [*] Enumerating SRV Records [+] SRV _autodiscover._tcp.jawad.ca privateemail.com 198.54.122.136 443 [+] 1 Records Found
Zone Transfer Analysis:
kali@kali:~$ dnsrecon -d jawad.ca -t zonewalk [*] Performing NSEC Zone Walk for jawad.ca [*] Getting SOA record for jawad.ca [*] Name Server 156.154.132.200 will be used [*] A jawad.ca 185.199.110.153 [*] A jawad.ca 185.199.108.153 [*] A jawad.ca 185.199.111.153 [*] A jawad.ca 185.199.109.153 [+] 4 records found
Conducts a comprehensive zone transfer analysis to identify authoritative name servers.
Brute-Force Dictionary Attack:
dnsrecon -d example.com -D /path/to/wordlist.txt
Executes a dictionary attack on the domain "example.com" using a specified wordlist, uncovering potential subdomains.
DNSSEC Support:
dnsrecon -d example.com -a
Retrieves DNSSEC information for the domain "example.com," highlighting the presence of DNS security extensions.
WHOIS Information Retrieval:
dnsrecon -d example.com -w
Fetches WHOIS information for the domain "example.com," providing insights into domain registration details.
Resources:
Last updated