LinuxCommandLibrary

dnsrecon

TLDR

Scan and save to SQLite database

$ dnsrecon -d [example.com] --db [path/to/database.sqlite]
copy
Perform zone transfer
$ dnsrecon -d [example.com] -n [nameserver.example.com] -t axfr
copy
Brute-force subdomains
$ dnsrecon -d [example.com] -D [path/to/dictionary.txt] -t brt
copy
Reverse lookup from SPF, save to JSON
$ dnsrecon -d [example.com] -s -j
copy
Google enumeration, save to CSV
$ dnsrecon -d [example.com] -g -c
copy
Cache snooping
$ dnsrecon -d [example.com] -t snoop -n [nameserver.example.com] -D [path/to/dictionary.txt]
copy
Zone walking
$ dnsrecon -d [example.com] -t zonewalk
copy

SYNOPSIS

dnsrecon [options]

DESCRIPTION

dnsrecon is a comprehensive DNS enumeration tool. It performs various DNS reconnaissance techniques including zone transfers, brute-force subdomain discovery, cache snooping, and zone walking.
Widely used in penetration testing and security assessments.

PARAMETERS

-d, --domain domain

Target domain
-n, --name_server ns
Specific nameserver
-t, --type type
Scan type (std, axfr, brt, snoop, zonewalk)
-D, --dictionary file
Dictionary for brute force
-j, --json
Output to JSON
-c, --csv
Output to CSV
--db file
SQLite database output

CAVEATS

Use only against authorized targets. Zone transfers often blocked. Brute-force can be slow depending on dictionary size.

SEE ALSO

dnsmap(1), dig(1), nslookup(1)

Copied to clipboard