DNSRECON(1) | dnsrecon - DNS Enumeration Tool | DNSRECON(1) |
dnsrecon - DNS Enumueration and Scanning Tool
dnsrecon <options>
-h, --help
Show help message and exit
-d, --domain <domain>
Domain to Target for enumeration.
-r, --range <range>
IP Range for reverse look-up brute force in formats (first-last)
or in (range/bitmask).
-n, --name_server <name>
Domain server to use, if none is given the SOA of the
target will be used
-D, --dictionary <file>
Dictionary file of sub-domain and hostnames to use for
brute force.
-f Filter out of Brute Force Domain lookup records that resolve
to the wildcard defined IP Address when saving records.
-t, --type <types>
brt To Brute force Domains and Hosts using a given
dictionary.
srv To Enumerate common SRV Records for a given
domain.
axfr Test all NS Servers in a domain for misconfigured
zone transfers.
goo Perform Google search for sub-domains and hosts.
bing Perform Bing search for sub-domains and hosts.
crt Perform crt.sh search for subdomains and hosts.
snoop To Perform a Cache Snooping against all NS
servers for a given domain, testing all with
file containing the domains, file given with -D
option.
tld Will remove the TLD of given domain and test against
all TLD's registered in IANA
-s Perform Reverse Look-up of ipv4 ranges in the
SPF Record of the targeted domain with the
standard enumeration.
-g Perform Google enumeration with the standard
enumeration.
-b Perform Bing enumeration with the standard enumeration.
-k Perform crt.sh enumeration with standard enumeration.
-w Do deep whois record analysis and
reverse look-up of IP ranges found thru whois
when doing standard query.
-z Performs a DNSSEC Zone Walk with the standard
enumeration.
--threads <number>
Number of threads to use in Range Reverse Look-up,
Forward Look-up Brute force
and SRV Record Enumeration
--lifetime <number>
Time to wait for a server to response to a query.
--db <file> SQLite 3 file to save found records.
--xml <file> XML File to save found records.
--iw Continue brute forcing a domain even if a wildcard
records are discovered.
-c, --csv <file> Comma separated value file.
-j, --json <file> JSON file.
-v Show attempts in the bruteforce modes.
I wrote this tool back in late 2006 and it has been my favorite tool for enumeration thru DNS, in great part because I wrote it and it gives the output in a way that I can manipulate it in my own style. One of the features that I used the most and gave me excellent results is the SRV record enumeration.
Carlos Perez, Carlos_Perez@darkoperator.com
Copyright (C) 2012 Carlos Perez
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; Applies version 2 of the License.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
March 23, 2013 | 0.8.1 |