dnsrecon is a command-line tool for Linux and Unix systems that is used to perform reconnaissance on a target domain. It can be used to perform DNS reconnaissance and enumeration, including tasks such as enumerating DNS records, performing zone transfers, and identifying non-contiguous IP space. It can also be used to perform reverse lookups, brute force subdomains, and perform google enumeration. dnsrecon can be useful for penetration testing, security assessments, and reconnaissance of an organization’s network infrastructure. It can be run on the command line and provide output in the form of various DNS records and information about the target domain.
dnsrecon Command Examples
1. Scan a domain and save the results to a SQLite database:
# dnsrecon --domain example.com --db path/to/database.sqlite
2. Scan a domain, specifying the nameserver and performing a zone transfer:
# dnsrecon --domain example.com --name_server nameserver.example.com --type axfr
3. Scan a domain, using a brute-force attack and a dictionary of subdomains and hostnames:
# dnsrecon --domain example.com --dictionary path/to/dictionary.txt --type brt
4. Scan a domain, performing a reverse lookup of IP ranges from the SPF record and saving the results to a JSON file:
# dnsrecon --domain example.com -s --json
5. Scan a domain, performing a Google enumeration and saving the results to a CSV file:
# dnsrecon --domain example.com -g --csv
6. Scan a domain, performing DNS cache snooping:
# dnsrecon --domain example.com --type snoop --name_server nameserver.example.com --dictionary path/to/dictionary.txt
7. Scan a domain, performing zone walking:
# dnsrecon --domain example.com --type zonewalk