Scroll to navigation

DNSRECON(1) General Commands Manual DNSRECON(1)

NAME

dnsrecon - DNS Enumeration and Scanning Tool

SYNOPSIS

dnsrecon [-h] [-d DOMAIN] [-n NS_SERVER] [-r RANGE] [-D DICTIONARY] [-f] [-a] [-s] [-b] [-k] [-w] [-z] [-y] [--threads THREADS] [--lifetime LIFETIME] [--tcp] [--db DB] [-x XML] [-c CSV] [-j JSON] [--iw] [--disable_check_recursion] [--disable_check_bindversion] [-v] [-V] [-t TYPE]

DESCRIPTION

dsnrecon is a simple python script that enables to gather DNS-oriented information on a given target.

OPTIONS

show help message and exit
Target domain.
Domain server to use. If none is given, the SOA of the target will be used. Multiple servers can be specified using a comma separated list.
IP range for reverse lookup brute force in formats (first-last) or in (range/bitmask).
Dictionary file of subdomain and hostnames to use for brute force. Filter out of brute force domain lookup, records that resolve to the wildcard defined IP address when saving records.
Filter out of brute force domain lookup, records that resolve to the wildcard defined IP address when saving records.
Perform AXFR with standard enumeration.
Perform Bing enumeration with standard enumeration.
Perform a reverse lookup of IPv4 ranges in the SPF record with standard enumeration.
Perform Yandex enumeration with standard enumeration.
Perform crt.sh enumeration with standard enumeration.
Perform deep whois record analysis and reverse lookup of IP ranges found through Whois when doing a standard enumeration.
Performs a DNSSEC zone walk with standard enumeration.
Number of threads to use in reverse lookups, forward lookups, brute force and SRV record enumeration.
Time to wait for a server to respond to a query. default is 3.
Use TCP protocol to make queries.
SQLite 3 file to save found records.
XML file to save found records.
Comma separated value file.
JSON file.
Continue brute forcing a domain even if wildcard records are discovered.
Disables check for recursion on name servers
Disables check for BIND version on name servers
Enable verbose
Show version
Type of enumeration to perform. There are several possible types:
std: SOA, NS, A, AAAA, MX and SRV.
rvl: Reverse lookup of a given CIDR or IP range.
brt: Brute force domains and hosts using a given dictionary.
srv: SRV records.
axfr: Test all NS servers for a zone transfer.
bing: Perform Bing search for subdomains and hosts.
yand: Perform Yandex search for subdomains and hosts.
crt: Perform crt.sh search for subdomains and hosts.
snoop: Perform cache snooping against all NS servers for a given domain, testing all with file containing the domains, file given with -D option.
tld: Remove the TLD of given domain and test against all TLDs registered in IANA.
zonewalk: Perform a DNSSEC zone walk using NSEC records.

EXAMPLES

dnsrecon -t axfr -d zonetransfer.me