DNSRecon is a Python based DNS enumeration script designed to help you audit your DNS security and configuration as part of information gathering stage of a pen-test. DNS reconnaissance is an important step when mapping out domain resources, sub-domains, e-mail servers and so on and can often lead to you finding an old DNS entry pointing to an unmaintained, insecure server.
It’s also considered passive information gathering, as it’s a way to gather a map of company/target resources without alerting IDS/IPS systems by doing active probes/scans.
DNSRecon provides the ability to perform:
Check all NS Records for Zone Transfers
Enumerate General DNS Records for a given Domain (MX, SOA, NS, A, AAAA, SPF and TXT)
Perform common SRV Record Enumeration. Top Level Domain (TLD) Expansion
Check for Wildcard Resolution
Brute Force subdomain and host A and AAAA records given a domain and a wordlist
Perform a PTR Record lookup for a given IP Range or CIDR
Check a DNS Server Cached records for A, AAAA and CNAME Records provided a list of host records in a text file to check
Enumerate Common mDNS records in the Local Network Enumerate Hosts and Subdomains using Google
root@root:~# dnsrecon -h
–h,—help Show thishelp message andexit
–d,—domain Domain toTarget forenumeration.
–r,—range IP Range forreverse look–up brute force informats(first–last)
–n,—name_server Domain server touse,ifnone isgiven the SOA of the
target will be used
–D,—dictionary Dictionary file of sub–domain andhostnames tousefor brute force.
–fFilter out of Brute Force Domain lookup records that resolve to the wildcard defined IP Address when saving records.
–t,—type Specify the type of enumeration toperform:
std ToEnumerate general record types,enumerates.
SOA,NS,A,AAAA,MX andSRV ifAXRF on the
NS Servers fail.
rvl ToReverse Look Upagiven CIDR IP range.
brt ToBrute force Domains andHosts usingagiven
srv ToEnumerate common SRV Records foragiven
axfr Test all NS Servers inadomain formisconfigured
goo Perform Google search forsub–domains andhosts.
snoop ToPerformaCache Snooping against all NS
servers foragiven domain,testing all with
file containing the domains,file given with–D
tld Will remove the TLD of given domain andtest against
zonewalk Will performaDNSSEC Zone Walk using NSEC Records.
–aPerform AXFR with the standard enumeration.
–sPerform Reverse Look–up of ipv4 ranges inthe SPF Record of the targeted domain with the standard enumeration.
–gPerform Google enumeration with the standard enumeration.
–wDodeep whois record analysis andreverse look–up of IP ranges found thru whois when doing standard query.
–zPerformsaDNSSEC Zone Walk with the standard enumeration.
—threads Number of threads touseinRange Reverse Look–up,Forward Look–up Brute force andSRV Record Enumeration
—lifetime Time towait foraserver toresponse toaquery.
—db SQLite3file tosave found records.
—xml XML File tosave found records.
—iw Continua bruteforcingadomain even ifawildcard record resolution isdiscovered.
–c,—csv Comma separated value file.
–vShow attempts inthe bruteforce modes.
DOWNLOAD LINK FOR DNSRecon: https://github.com/darkoperator/dnsrecon