How to use the command 'dnsrecon' (with examples)

How to use the command 'dnsrecon' (with examples)

The command ‘dnsrecon’ is a DNS enumeration tool that allows users to perform various types of scans on a domain. It is a powerful tool for gathering information about a domain’s DNS infrastructure and can be used in security assessments or for general DNS exploration.

Use case 1: Scan a domain and save the results to a SQLite database

Code:

dnsrecon --domain example.com --db path/to/database.sqlite

Motivation: Saving the results of a DNS scan to a SQLite database can be useful for further analysis and comparisons. It allows for easy organization and manipulation of the obtained data.

Explanation:

  • --domain example.com: Specifies the target domain to scan.
  • --db path/to/database.sqlite: Specifies the path and name of the SQLite database file to save the results.

Example output: The command will initiate a DNS scan on the domain ’example.com’ and save the results to the specified SQLite database file.

Use case 2: Scan a domain, specifying the nameserver and performing a zone transfer

Code:

dnsrecon --domain example.com --name_server nameserver.example.com --type axfr

Motivation: When performing a DNS scan, it may be necessary to specify a specific nameserver to query. Additionally, performing a zone transfer can provide more detailed information about the domain’s DNS configuration.

Explanation:

  • --domain example.com: Specifies the target domain to scan.
  • --name_server nameserver.example.com: Specifies the nameserver to query for DNS information.
  • --type axfr: Specifies the type of scan to perform, in this case, a zone transfer.

Example output: The command will perform a DNS scan on the domain ’example.com’, querying the specified nameserver and performing a zone transfer. The output will include detailed DNS zone information.

Use case 3: Scan a domain, using a brute-force attack and a dictionary of subdomains and hostnames

Code:

dnsrecon --domain example.com --dictionary path/to/dictionary.txt --type brt

Motivation: Brute-force attacks can be used to discover hidden or unknown subdomains and hostnames belonging to a domain. By providing a dictionary of potential subdomains and hostnames, this scan can reveal additional targets for further investigation.

Explanation:

  • --domain example.com: Specifies the target domain to scan.
  • --dictionary path/to/dictionary.txt: Specifies the path and name of the dictionary file containing potential subdomains and hostnames.
  • --type brt: Specifies the type of scan to perform, in this case, a brute-force attack.

Example output: The command will perform a DNS scan on the domain ’example.com’, using a brute-force attack with the provided dictionary. The output will include discovered subdomains and hostnames.

Use case 4: Scan a domain, performing a reverse lookup of IP ranges from the SPF record and saving the results to a JSON file

Code:

dnsrecon --domain example.com -s --json

Motivation: Reverse lookups of IP ranges from the SPF record can reveal additional domains associated with a particular IP range. Saving the results to a JSON file allows for easy parsing and processing of the obtained data.

Explanation:

  • --domain example.com: Specifies the target domain to scan.
  • -s: Enables the reverse lookup of IP ranges from the SPF record.
  • --json: Specifies the format to save the results in, in this case, JSON.

Example output: The command will perform a DNS scan on the domain ’example.com’, performing a reverse lookup of IP ranges from the SPF record. The results will be saved in a JSON file.

Use case 5: Scan a domain, performing a Google enumeration and saving the results to a CSV file

Code:

dnsrecon --domain example.com -g --csv

Motivation: Performing a Google enumeration can reveal subdomains and hostnames that may not be included in the domain’s DNS records. Saving the results to a CSV file allows for easy analysis and manipulation of the obtained data.

Explanation:

  • --domain example.com: Specifies the target domain to scan.
  • -g: Enables the Google enumeration.
  • --csv: Specifies the format to save the results in, in this case, CSV.

Example output: The command will perform a DNS scan on the domain ’example.com’, performing a Google enumeration. The results will be saved in a CSV file.

Use case 6: Scan a domain, performing DNS cache snooping

Code:

dnsrecon --domain example.com --type snoop --name_server nameserver.example.com --dictionary path/to/dictionary.txt

Motivation: DNS cache snooping can be used to gather information from caching DNS resolvers. It can reveal cached records and provide insights into a domain’s DNS infrastructure and configuration.

Explanation:

  • --domain example.com: Specifies the target domain to scan.
  • --type snoop: Specifies the type of scan to perform, in this case, DNS cache snooping.
  • --name_server nameserver.example.com: Specifies the nameserver to query for DNS information.
  • --dictionary path/to/dictionary.txt: Specifies the path and name of the dictionary file containing potential subdomains and hostnames.

Example output: The command will perform a DNS scan on the domain ’example.com’, performing a DNS cache snooping using the specified nameserver and dictionary file. The output will include any cached DNS records found.

Use case 7: Scan a domain, performing zone walking

Code:

dnsrecon --domain example.com --type zonewalk

Motivation: Zone walking can be used to gather information about a domain’s DNS zone. It can reveal detailed information about subdomains and hostnames and help identify potential security risks.

Explanation:

  • --domain example.com: Specifies the target domain to scan.
  • --type zonewalk: Specifies the type of scan to perform, in this case, zone walking.

Example output: The command will perform a DNS scan on the domain ’example.com’, performing a zone walking scan. The output will include detailed DNS zone information.

Conclusion:

The ‘dnsrecon’ command is a versatile DNS enumeration tool that allows users to perform various types of scans on a domain. By utilizing its different options and arguments, users can gain valuable insights into a domain’s DNS infrastructure and configuration. Whether for security assessments or DNS exploration, ‘dnsrecon’ provides a range of features to assist in obtaining detailed information about a target domain.

Tags :

Related Posts

8 Different Use Cases of the "date" Command (with examples)

8 Different Use Cases of the "date" Command (with examples)

1. Display the current system date and prompt to enter a new date Code: date

Read More
How to use the command 'swaylock' (with examples)

How to use the command 'swaylock' (with examples)

The ‘swaylock’ command is a screen locking utility specifically designed for Wayland compositors.

Read More
How to use the command 'wsl' (with examples)

How to use the command 'wsl' (with examples)

The ‘wsl’ command is used to manage the Windows Subsystem for Linux (WSL), which allows running a Linux environment natively on Windows.

Read More