OSCP+ Notes
  • 📙oscp+ notes
  • Reconnaissance
    • Discovery
      • DNS Hostname
      • Subdomain Discovery
      • Directory Discovery
    • Host Scan
      • Nmap
  • Enumeration
    • Services
      • FTP
      • SSH
  • Misc
    • SSH
    • RDP
    • File Transfer
    • Full Interactive Shell
    • Pivoting and Tunneling
Powered by GitBook
On this page
  • DNSRecon
  • Dig
  • DNSEnum
  1. Reconnaissance
  2. Discovery

DNS Hostname

DNSRecon

dnsrecon -d www.example.com -a 
dnsrecon -d www.example.com -t axfr
dnsrecon -d "startIP-endIP"
dnsrecon -d www.example.com -D "namelist" -t brt

Dig

dig www.example.com + short
dig www.example.com MX
dig www.example.com NS
dig www.example.com> SOA
dig www.example.com ANY +noall +answer
dig -x www.example.com
dig -4 www.example.com (For IPv4)
dig -6 www.example.com (For IPv6)
dig www.example.com mx +noall +answer example.com ns +noall +answer
dig -t AXFR www.example.com

DNSEnum

dnsenum --dnsserver 172.21.0.0 -enum intranet.megacorpone.xx
dnsenum --dnsserver 172.21.0.0 -enum management.megacorpone.xx
dnsenum --dnsserver 172.21.0.0 -enum www.megacorpone.xx
PreviousDiscoveryNextSubdomain Discovery

Last updated 6 months ago