DNS Enumeration
Last updated
Last updated
Enumerating Domain Name System or DNS can help reveal a larger scope for potential attacks.
We then add those subdomains to our /etc/hosts file.
Command
Description
nslookup $TARGET
Identify the A
record for the target domain.
nslookup -query=A $TARGET
Identify the A
record for the target domain.
dig $TARGET @<nameserver/IP>
Identify the A
record for the target domain.
dig a $TARGET @<nameserver/IP>
Identify the A
record for the target domain.
nslookup -query=PTR <IP>
Identify the PTR
record for the target IP address.
dig -x <IP> @<nameserver/IP>
Identify the PTR
record for the target IP address.
nslookup -query=ANY $TARGET
Identify ANY
records for the target domain.
dig any $TARGET @<nameserver/IP>
Identify ANY
records for the target domain.
nslookup -query=TXT $TARGET
Identify the TXT
records for the target domain.
dig txt $TARGET @<nameserver/IP>
Identify the TXT
records for the target domain.
nslookup -query=MX $TARGET
Identify the MX
records for the target domain.
dig mx $TARGET @<nameserver/IP>
Identify the MX
records for the target domain.
Weak email security (SPF, DMARC and DKIM) may allow us to spoof emails to appear as though theyβre coming from their own domain. is a Python tool that can verify the email security of a given domain.