dnsenum
dnsenum is an open-source Perl script that performs comprehensive DNS enumeration for penetration testing and security auditing.
The tool discovers subdomains, attempts zone transfers, performs reverse lookups, harvests search-engine data, and exports results in multiple formats.
Common Options
Enumeration & Discovery
| Option |
Description
|
--enum |
Full enumeration: registrar info, DNS records, zone transfer attempt, subdomain brute-force, reverse lookup
|
-d [DOMAIN] |
Target domain (required)
|
--dnsserver [SERVER] |
Use specific DNS resolver
|
-f [FILE] |
Wordlist for subdomain brute-force
|
--threads [NUM] |
Number of concurrent threads during brute-force
|
-r [CIDR] |
Reverse lookup for an IP range (CIDR)
|
-l [FILE] |
List of domains for batch processing
|
Output
| Option |
Description
|
-o [FILE] |
Save results in XML format
|
-p [FILE] |
Save results in CSV format
|
-u [FILE] |
Save results in plain text
|
--xml |
Display output in XML on screen
|
-v |
Increase verbosity (stackable: -vv, -vvv)
|
Examples
Basic Enumeration
dnsenum --enum example.com
↑ Options
Use Custom DNS Resolver
dnsenum --dnsserver 8.8.8.8 -d example.com
↑ Options
Subdomain Brute-Force with Wordlist
dnsenum -d example.com -f subdomains.txt --threads 20
↑ Options
Reverse Lookup on /24 Range
dnsenum -r 192.168.1.0/24 -o results.xml
↑ Options
Batch Mode for Multiple Domains
dnsenum -l domains.txt -p report.csv
↑ Options
Output Fields
- A, AAAA, MX, NS, TXT records
- Registrar and Name Server information
- Subdomain list (dictionary and search-engine discovery)
- Zone transfer results
- Reverse lookup hostnames
- Output in CSV, XML, Text for further parsing
See Also