DNS Enumeration Cheatsheet

DNS Enumeration

manual DNS queries using dig:

• dig <record-type> <domain> @<dns-server>
  • <record-type> could be
    • A
    • MX
    • CNAME
    • NS
    • SOA
    • ETC
  • -4 or -6 to force ipv4 or ipv6 dns queries
  • @<dns-server> is the ip address of the DNS server. dns busting with gobuster:
• gobuster dns -u "<domain>" -w <wordlist> -t <threads> zonetransfer:
• dig axfr <domain> @<dns-server> dnsdumpster: https://dnsdumpster.com shodan: https://shodan.io whois history: https://whoxy.com asns: https://bgp.he.net

Related

Related Notes

All Related Notes

TABLE file.ctime as "Created", tags as "Tags"
FROM "New Notes"
WHERE contains(tags, "windows") OR contains(tags, "active-directory") OR contains(tags, "enumeration")
SORT file.ctime DESC

windows

TABLE file.ctime as "Created", tags as "Tags"
FROM "New Notes"
WHERE contains(tags, "windows")
SORT file.ctime DESC

active-directory

TABLE file.ctime as "Created", tags as "Tags"
FROM "New Notes"
WHERE contains(tags, "active-directory")
SORT file.ctime DESC

enumeration

TABLE file.ctime as "Created", tags as "Tags"
FROM "New Notes"
WHERE contains(tags, "enumeration")
SORT file.ctime DESC