DNS Enumeration
DNS Enumeration
host <website>
host -t mx <domain>
****************************************************Forward Lookup bruteforce for ip in $(cat list.txt); do host $ip.megacorpone.com; done where list.txt has all subdomain
Forward Lookup bruteforce for ip in $(seq 50 100); do host 38.100.193.$ip; done | grep -v "not found”
Dnsrecon tool (DNS Zone transfer)
Dnsrecon tool (DNS Zone transfer)
nslookup 10.10.10.13 will get domain name
dnsrecon -d megacorpone.com -t axfr for dnszone transfer
dnsrecon -d megacorpone.com -t axfr -n <server> can put ip address of machine
dnsrecon -d megacorpone.com -t axfr -n 10.10.10.13
dnsrecon -d megacorpone.com -D ~/list.txt -t brt for bruteforce
edit /etc/hosts
10.10.10.13 cronos.htb admin.cronos.htb ns1.cronos.htb www.cronos.htb
DNS Zone transfer (using dig)
dig axfr <domain> @<server-ip or machine ip>
dig axfr friendzone.red @10.10.10.123
Last updated