dnsrecon is a command-line tool for Linux and Unix systems that is used to perform reconnaissance on a target domain. It can be used to perform DNS reconnaissance and enumeration, including tasks such as enumerating DNS records, performing zone transfers, and identifying non-contiguous IP space. It can also be used to perform reverse lookups, brute force subdomains, and perform google enumeration. dnsrecon can be useful for penetration testing, security assessments, and reconnaissance of an organization’s network infrastructure. It can be run on the command line and provide output in the form of various DNS records and information about the target domain.
If you encounter the below error while running the command dnsrecon:
dnsrecon: command not found
you may try installing the below package as per your choice of distribution:
Distribution | Command |
---|---|
Debian | apt-get install dnsrecon |
Ubuntu | apt-get install dnsrecon |
Alpine | apk add dnsrecon |
Kali Linux | apt-get install dnsrecon |
Raspbian | apt-get install dnsrecon |
dnsrecon Command Examples
1. Scan a domain and save the results to a SQLite database:
# dnsrecon --domain example.com --db path/to/database.sqlite
2. Scan a domain, specifying the nameserver and performing a zone transfer:
# dnsrecon --domain example.com --name_server nameserver.example.com --type axfr
3. Scan a domain, using a brute-force attack and a dictionary of subdomains and hostnames:
# dnsrecon --domain example.com --dictionary path/to/dictionary.txt --type brt
4. Scan a domain, performing a reverse lookup of IP ranges from the SPF record and saving the results to a JSON file:
# dnsrecon --domain example.com -s --json
5. Scan a domain, performing a Google enumeration and saving the results to a CSV file:
# dnsrecon --domain example.com -g --csv
6. Scan a domain, performing DNS cache snooping:
# dnsrecon --domain example.com --type snoop --name_server nameserver.example.com --dictionary path/to/dictionary.txt
7. Scan a domain, performing zone walking:
# dnsrecon --domain example.com --type zonewalk