dnsenum

Enumerate domain DNS records

-h, --help
    Show help summary

-f <file>
    Specify wordlist file for brute-force

-D <file>
    Specify file with domains to enumerate

-r <N>, --recurse <N>
    Recursion level (default: 2)

-d <N>
    Minimum domain level

-s <N>
    Set number of threads (default: 5)

-t <timeout>
    DNS query timeout in seconds (default: 10)

--dnsserver <IP>
    Specify custom DNS server

--noreverse
    Skip reverse IP lookups

--noenum
    Disable enumeration phase

-o <file>
    Output file

--print
    Print results to stdout

--csvdump <file.csv>
    Dump results to CSV file

--json
    Dump results to JSON file

--xml
    Dump results to XML files

--xml-single
    Single XML file output

--up
    Update GeoIP database

--ping
    Ping discovered IP addresses

--geonames <USERNAME>
    GeoNames.org username for geolocation

--enum
    Perform full enumeration including enum4linux

--abu
    Use abuse.ch zone file

--exclude <domain>
    Exclude temporary names from dictionary

DESCRIPTION

Dnsenum is a Perl-based multithreaded tool for DNS reconnaissance and enumeration, commonly used in penetration testing. It performs brute-force subdomain discovery using wordlists, attempts zone transfers (AXFR), extracts SOA, NS, MX, and other records, and conducts reverse IP lookups. The tool supports recursion to find deeper subdomains, geolocation via GeoIP and GeoNames, ping sweeps, and output in formats like XML, JSON, or CSV. Multithreading accelerates queries, and options allow customization of DNS servers, timeouts, and exclusions. Dnsenum helps map attack surfaces by identifying hidden hosts and services under a domain, but requires ethical use to avoid detection or legal issues.

dnsenum

Enumerate domain DNS records

SYNOPSIS

PARAMETERS

DESCRIPTION

CAVEATS

INSTALLATION

EXAMPLE USAGE

HISTORY

SEE ALSO