Digging DNS
Tools
dig
Versatile DNS lookup tool that supports various query types (A, MX, NS, TXT, etc.) and detailed output.
Manual DNS queries, zone transfers (if allowed), troubleshooting DNS issues, and in-depth analysis of DNS records.
nslookup
Simpler DNS lookup tool, primarily for A, AAAA, and MX records.
Basic DNS queries, quick checks of domain resolution and mail server records.
host
Streamlined DNS lookup tool with concise output.
Quick checks of A, AAAA, and MX records.
dnsenum
Automated DNS enumeration tool, dictionary attacks, brute-forcing, zone transfers (if allowed).
Discovering subdomains and gathering DNS information efficiently.
fierce
DNS reconnaissance and subdomain enumeration tool with recursive search and wildcard detection.
User-friendly interface for DNS reconnaissance, identifying subdomains and potential targets.
dnsrecon
Combines multiple DNS reconnaissance techniques and supports various output formats.
Comprehensive DNS enumeration, identifying subdomains, and gathering DNS records for further analysis.
theHarvester
OSINT tool that gathers information from various sources, including DNS records (email addresses).
Collecting email addresses, employee information, and other data associated with a domain from multiple sources.
Dig
Basics
$ dig google.com
$ dig +short hackthebox.com
# For only providing final information without all the text.
Zone Transfer
$ dig axfr @SERVER-TO-QUERY <DOMAIN>The information gleaned from an unauthorized zone transfer can be invaluable to an attacker. It reveals a comprehensive map of the target's DNS infrastructure, including : Subdomains, IP Addresses, Name Server Records.
dnsenum
$ dnsenum --dnsserver <DNS server to query> --enum -p 0 -s 0 -o subdomains.txt -f /opt/useful/SecLists/Discovery/DNS/subdomains-top1million-110000.txt <DOMAIN>
-p Option for the maximum number of google search pages when scraping.
-s Option for maximum number of subdomains to be scraped from google.Last updated