DNS Enumeration

LogoReverse Lookup – Penetration Testing LabPenetration Testing Lab
LogoGitHub - darkoperator/dnsrecon: DNS Enumeration ScriptGitHub

Enumerating Domain Name System or DNS can help reveal a larger scope for potential attacks. 

dig cyberbotic.io +short

follow up with: 
whois <dns.io>

nslookup

SERVER victim-ip

127.0.0.1

victim-ip again
dig axfr cronos.htb @10.10.10.13

We then add those subdomains to our /etc/hosts file.

Little Cheatsheet

Command

Description

nslookup $TARGET

Identify the A record for the target domain.

nslookup -query=A $TARGET

Identify the A record for the target domain.

dig $TARGET @<nameserver/IP>

Identify the A record for the target domain.

dig a $TARGET @<nameserver/IP>

Identify the A record for the target domain.

nslookup -query=PTR <IP>

Identify the PTR record for the target IP address.

dig -x <IP> @<nameserver/IP>

Identify the PTR record for the target IP address.

nslookup -query=ANY $TARGET

Identify ANY records for the target domain.

dig any $TARGET @<nameserver/IP>

Identify ANY records for the target domain.

nslookup -query=TXT $TARGET

Identify the TXT records for the target domain.

dig txt $TARGET @<nameserver/IP>

Identify the TXT records for the target domain.

nslookup -query=MX $TARGET

Identify the MX records for the target domain.

dig mx $TARGET @<nameserver/IP>

Identify the MX records for the target domain.

Subdomain Enumeration

LogoGitHub - rbsec/dnscanGitHub

https://nuclei.projectdiscovery.io/nuclei/get-started/

Spoofcheck

Weak email security (SPF, DMARC and DKIM) may allow us to spoof emails to appear as though they’re coming from their own domain. Spoofcheck is a Python tool that can verify the email security of a given domain.

$ ./spoofcheck.py cyberbotic.io
[+] cyberbotic.io has no SPF record!
[*] No DMARC record found. Looking for organizational record
[+] No organizational DMARC record
[+] Spoofing possible for cyberbotic.io!
PreviousRPC EnumerationNextRsync Enumeration

Last updated