Dnsenum

From HackOps
Jump to navigation Jump to search

dnsenum[edit | edit source]

dnsenum is an open-source Perl script that performs comprehensive DNS enumeration for penetration testing and security auditing. The tool discovers subdomains, attempts zone transfers, performs reverse lookups, harvests search-engine data, and exports results in multiple formats.

Common Options[edit | edit source]

Enumeration & Discovery[edit | edit source]

Option Description
--enum Full enumeration: registrar info, DNS records, zone transfer attempt, subdomain brute-force, reverse lookup
-d [DOMAIN] Target domain (required)
--dnsserver [SERVER] Use specific DNS resolver
-f [FILE] Wordlist for subdomain brute-force
--threads [NUM] Number of concurrent threads during brute-force
-r [CIDR] Reverse lookup for an IP range (CIDR)
-l [FILE] List of domains for batch processing

Output[edit | edit source]

Option Description
-o [FILE] Save results in XML format
-p [FILE] Save results in CSV format
-u [FILE] Save results in plain text
--xml Display output in XML on screen
-v Increase verbosity (stackable: -vv, -vvv)

Examples[edit | edit source]

Basic Enumeration[edit | edit source]

dnsenum --enum example.com

↑ Options

Use Custom DNS Resolver[edit | edit source]

dnsenum --dnsserver 8.8.8.8 -d example.com

↑ Options

Subdomain Brute-Force with Wordlist[edit | edit source]

dnsenum -d example.com -f subdomains.txt --threads 20

↑ Options

Reverse Lookup on /24 Range[edit | edit source]

dnsenum -r 192.168.1.0/24 -o results.xml

↑ Options

Batch Mode for Multiple Domains[edit | edit source]

dnsenum -l domains.txt -p report.csv

↑ Options

Output Fields[edit | edit source]

  • A, AAAA, MX, NS, TXT records
  • Registrar and Name Server information
  • Subdomain list (dictionary and search-engine discovery)
  • Zone transfer results
  • Reverse lookup hostnames
  • Output in CSV, XML, Text for further parsing

See Also[edit | edit source]

Retrieved from "https://hackops.wiki/index.php?title=Dnsenum&oldid=101"