53 ) DNS

  • DNS Reverse lookup

nslookup
SERVER IP
127.0.0.1
127.0.0.2
bank.htb
IP
  • DNSRecon

dnsrecon -r 127.0.0.0/24 -d 10.10.10.29
dnsrecon -r 10.10.10.0/24 -d 10.10.10.29
  • DNS Zone Transfer

dig axfr @10.10.10.29
dig axfr bank.htb @10.10.10.29
  • Config Files

nano /etc/resolv.conf
# Then add nameserver ex : 10.10.10.29
  • Subdomain Brute Forcing

for sub in $(cat /usr/share/SecLists/Discovery/DNS/subdomains-top1million-110000.txt);do dig $sub.<DOMAIN> @<IP> | grep -v ';\|SOA' | sed -r '/^\s*$/d' | grep $sub | tee -a subdomains.txt;done   

dnsenum --dnsserver <IP> --enum -p 0 -s 0 -o subdomains.txt -f /usr/share/SecLists/Discovery/DNS/subdomains-top1million-110000.txt <DOMAIN>     

Last updated