53 DOMAIN

Enumerate Domain-name { reverse lookup }

interactive search

nslookup
server 10.10.10.10
10.10.10.10

non-interactive search

nslookup 10.10.10.10

Zone transfer attack

List all the domains present in Domain. Use host command

host -l abcd.com $ip

dig axfr @$ip xyz.com

dig @$ip domain.local

dig $ip domain.local && dig $ip dc.domain.local

DNS enum

dnsenum --dnsserver $ip -f /usr/share/seclists/Discovery/DNS/bitquark-subdomains-top100000.txt -o scans/dnsenum-bitquark-intelligence.htb intelligence.htb dnsenum VERSION:1.2.6

Previous25 SMTP Next88 KERBEROS

Last updated 7 months ago

hashtagEnumerate Domain-name { reverse lookup }

hashtagZone transfer attack

hashtagDNS enum

Enumerate Domain-name { reverse lookup }

Zone transfer attack

DNS enum