Dnsenum
Jump to navigation
Jump to search
dnsenum
dnsenum is an open-source Perl script that performs comprehensive DNS enumeration for penetration testing and security auditing. The tool discovers subdomains, attempts zone transfers, performs reverse lookups, harvests search-engine data, and exports results in multiple formats.
Common Options
Enumeration & Discovery
| Option | Description |
|---|---|
--enum |
Full enumeration: registrar info, DNS records, zone transfer attempt, subdomain brute-force, reverse lookup |
-d [DOMAIN] |
Target domain (required) |
--dnsserver [SERVER] |
Use specific DNS resolver |
-f [FILE] |
Wordlist for subdomain brute-force |
--threads [NUM] |
Number of concurrent threads during brute-force |
-r [CIDR] |
Reverse lookup for an IP range (CIDR) |
-l [FILE] |
List of domains for batch processing |
Output
| Option | Description |
|---|---|
-o [FILE] |
Save results in XML format |
-p [FILE] |
Save results in CSV format |
-u [FILE] |
Save results in plain text |
--xml |
Display output in XML on screen |
-v |
Increase verbosity (stackable: -vv, -vvv)
|
Examples
Basic Enumeration
dnsenum --enum example.comUse Custom DNS Resolver
dnsenum --dnsserver 8.8.8.8 -d example.comSubdomain Brute-Force with Wordlist
dnsenum -d example.com -f subdomains.txt --threads 20Reverse Lookup on /24 Range
dnsenum -r 192.168.1.0/24 -o results.xmlBatch Mode for Multiple Domains
dnsenum -l domains.txt -p report.csvOutput Fields
- A, AAAA, MX, NS, TXT records
- Registrar and Name Server information
- Subdomain list (dictionary and search-engine discovery)
- Zone transfer results
- Reverse lookup hostnames
- Output in CSV, XML, Text for further parsing