😆Port 53 (DNS)

Domain name system (DNS)

whois

whois <domain>
whois <ip>

Dig

dig axfr @dns-server domain.name
dig -x 10.10.10.10 @10.10.10.10

nslookup

nslookup <domain>

nslookup
set type=mx
set type=ns
dnsenum <DOMAIN>

Zone transfer

  root@kali:#  host -t ns uocra.org
  root@kali:#  host -l uocra.org  <dns to get the transfer>

dnsrecon

 root@kali:# dnsrecon -d megacorpone.com -t axfr

the harvester

scrapea mails y mucha data

 :~#theharvester -d cisco.com -l 500 -b all

Recon-ng

webreconnaissance framework written in python

$ recon-ng  <to start
$ help < to see help
$ show modules
$ load modules
$ use [module]
$ show info
$ set source  
$ run

nmap

  • dns hostname lookup

    nmap -F --dns-server <dns server ip> <target ip range>`

  • Host Lookup host -t ns megacorpone.com `

  • Reverse Lookup Brute Force - find domains in the same range for ip in $(seq 155 190);do host 50.7.67.$ip;done |grep -v "not found"

  • Perform DNS IP Lookup

    dig a domain-name-here.com @nameserver

  • Reverse lookup

    dig -x 10.10.10.13 @nameserver

  • Perform MX Record Lookup

    dig mx domain-name-here.com @nameserver

  • Perform Zone Transfer with DIG

    dig axfr domain-name-here.com @nameserver

  • Windows DNS zone transfer

    nslookup -> set type=any -> ls -d blah.com

  • Linux DNS zone transfer

    dig axfr blah.com @ns1.blah.com

  • Dnsrecon DNS Brute Force subdomain

    dnsrecon -d TARGET -D /usr/share/wordlists/dnsmap.txt -t std --xml ouput.xml

  • Dnsrecon DNS List of megacorp

    dnsrecon -d megacorpone.com -t axfr

  • DNSEnum

    dnsenum zonetransfer.me

DNS brute force

https://github.com/blark/aiodnsbrute
PreviousPort 23 (TELNET)NextPort 79 (FINGER)

Last updated