😆Port 53 (DNS)

Domain name system (DNS)

whois

whois <domain>
whois <ip>

Dig

dig axfr @dns-server domain.name
dig -x 10.10.10.10 @10.10.10.10

nslookup

nslookup <domain>

nslookup
set type=mx
set type=ns

dnsenum <DOMAIN>

Zone transfer

  root@kali:#  host -t ns uocra.org
  root@kali:#  host -l uocra.org  <dns to get the transfer>

dnsrecon

 root@kali:# dnsrecon -d megacorpone.com -t axfr

the harvester

scrapea mails y mucha data

 :~#theharvester -d cisco.com -l 500 -b all

Recon-ng

webreconnaissance framework written in python

$ recon-ng  <to start
$ help < to see help
$ show modules
$ load modules
$ use [module]
$ show info
$ set source  
$ run

nmap

• dns hostname lookup

  nmap -F --dns-server <dns server ip> <target ip range>`

• Host Lookup host -t ns megacorpone.com `

• Reverse Lookup Brute Force - find domains in the same range for ip in $(seq 155 190);do host 50.7.67.$ip;done |grep -v "not found"

• Perform DNS IP Lookup

  dig a domain-name-here.com @nameserver

• Reverse lookup

  dig -x 10.10.10.13 @nameserver

• Perform MX Record Lookup

  dig mx domain-name-here.com @nameserver

• Perform Zone Transfer with DIG

  dig axfr domain-name-here.com @nameserver

• Windows DNS zone transfer

  nslookup -> set type=any -> ls -d blah.com

• Linux DNS zone transfer

  dig axfr blah.com @ns1.blah.com

• Dnsrecon DNS Brute Force subdomain

  dnsrecon -d TARGET -D /usr/share/wordlists/dnsmap.txt -t std --xml ouput.xml

• Dnsrecon DNS List of megacorp

  dnsrecon -d megacorpone.com -t axfr

• DNSEnum

  dnsenum zonetransfer.me

DNS brute force

https://github.com/blark/aiodnsbrute