dnsrecon

Author description - DNSRecon is a Python port of a Ruby script that I wrote to learn the language and about DNS in early 2007. This time I wanted to learn about Python and extend the functionality of the original tool and in the process re-learn how DNS works and how could it be used in the process of a security assessment and network troubleshooting. This tool provides the ability to perform: Check all NS Records for Zone Transfers; Enumerate General DNS Records for a given Domain (MX, SOA, NS, A, AAAA, SPF and TXT); Perform common SRV Record Enumeration; Top Level Domain (TLD) Expansion; Check for Wildcard Resolution; Brute Force subdomain and host A and AAAA records given a domain and a wordlist; Perform a PTR Record lookup for a given IP Range or CIDR; Check a DNS Server Cached records for A, AAAA and CNAME Records provided a list of host records in a text file to check.

Name:dnsrecon

Category:Recon

Publisher:trickest-mhmdiaa

Created:6/7/2022

Container:quay.io/trickest/dnsrecon:e1b742e

Output Type:

License:Unknown

Source:View Source

Parameters

axfr

boolean

-aPerform AXFR with standard enumeration.

domain

string

required

-dTarget domain

filter

boolean

-fFilter out of brute force domain lookup, records that resolve to the wildcard defined IP address when saving records.

threads

string

--threadsNumber of threads to use in reverse lookups, forward lookups, brute force and SRV record enumeration.

timeout

string

--lifetimeTime to wait for a server to respond to a query. Default is 3.

use-tcp

boolean

--tcpUse TCP protocol to make queries.

ip-range

string

required

-rIP range for reverse lookup brute force in formats (first-last) or in (range/bitmask).

name-server

string

-nDomain server to use. If none is given, the SOA of the target will be used. Multiple servers can be using a comma separated list.

enable-verbose

boolean

-vEnable verbose.

whois-analysis

boolean

-wPerform deep whois record analysis and reverse lookup of IP ranges found through Whois when doing a standard enumeration.

crt-enumeration

boolean

-kPerform crt.sh enumeration with standard enumeration.

dictionary-file

file

-DDictionary file of subdomain and hostnames to use for brute force. Filter out of brute force domain lookup, records that resolve to the wildcard defined IP address when saving records.

bing-enumeration

boolean

-bPerform Bing enumeration with standard enumeration.

dnssec-zone-walk

boolean

-zPerforms a DNSSEC zone walk with standard enumeration.

enumeration-type

string

-tType of enumeration to perform. Possible types: std, rvl, srv, axfr, bing, yand, snoop, tld, and zonewalk

yandex-enumeration

boolean

-yPerform Yandex enumeration with standard enumeration.

reverse-ipv4-lookup

boolean

-sPerform a reverse lookup of IPv4 ranges in the SPF record with standard enumeration.

continue-bruteforcing

boolean

--iwContinue brute forcing a domain even if a wildcard record is discovered.

disable-check-recursion

boolean

--disable-check-recursionDisables check for recursion on name servers.

disable-check-bindversion

boolean

--disable-check-bindversionDisables check for BIND version on name servers.

Library

Parameters