dnsrecon

Author description - DNSRecon is a Python port of a Ruby script that I wrote to learn the language and about DNS in early 2007. This time I wanted to learn about Python and extend the functionality of the original tool and in the process re-learn how DNS works and how could it be used in the process of a security assessment and network troubleshooting. This tool provides the ability to perform: Check all NS Records for Zone Transfers; Enumerate General DNS Records for a given Domain (MX, SOA, NS, A, AAAA, SPF and TXT); Perform common SRV Record Enumeration; Top Level Domain (TLD) Expansion; Check for Wildcard Resolution; Brute Force subdomain and host A and AAAA records given a domain and a wordlist; Perform a PTR Record lookup for a given IP Range or CIDR; Check a DNS Server Cached records for A, AAAA and CNAME Records provided a list of host records in a text file to check.

Details

Category: Recon

Publisher: trickest-mhmdiaa

Created Date: 6/7/2022

Container: quay.io/trickest/dnsrecon:e1b742e

Source URL: https://github.com/darkoperator/dnsrecon

Parameters

axfr

boolean

Command: -a - Perform AXFR with standard enumeration.

domain

string

required

Command: -d - Target domain

filter

boolean

Command: -f - Filter out of brute force domain lookup, records that resolve to the wildcard defined IP address when saving records.

threads

string

Command: --threads - Number of threads to use in reverse lookups, forward lookups, brute force and SRV record enumeration.

timeout

string

Command: --lifetime - Time to wait for a server to respond to a query. Default is 3.

use-tcp

boolean

Command: --tcp - Use TCP protocol to make queries.

ip-range

string

required

Command: -r - IP range for reverse lookup brute force in formats (first-last) or in (range/bitmask).

name-server

string

Command: -n - Domain server to use. If none is given, the SOA of the target will be used. Multiple servers can be using a comma separated list.

enable-verbose

boolean

Command: -v - Enable verbose.

whois-analysis

boolean

Command: -w - Perform deep whois record analysis and reverse lookup of IP ranges found through Whois when doing a standard enumeration.

crt-enumeration

boolean

Command: -k - Perform crt.sh enumeration with standard enumeration.

dictionary-file

file

Command: -D - Dictionary file of subdomain and hostnames to use for brute force. Filter out of brute force domain lookup, records that resolve to the wildcard defined IP address when saving records.

bing-enumeration

boolean

Command: -b - Perform Bing enumeration with standard enumeration.

dnssec-zone-walk

boolean

Command: -z - Performs a DNSSEC zone walk with standard enumeration.

enumeration-type

string

Command: -t - Type of enumeration to perform. Possible types: std, rvl, srv, axfr, bing, yand, snoop, tld, and zonewalk

yandex-enumeration

boolean

Command: -y - Perform Yandex enumeration with standard enumeration.

reverse-ipv4-lookup

boolean

Command: -s - Perform a reverse lookup of IPv4 ranges in the SPF record with standard enumeration.

continue-bruteforcing

boolean

Command: --iw - Continue brute forcing a domain even if a wildcard record is discovered.

disable-check-recursion

boolean

Command: --disable-check-recursion - Disables check for recursion on name servers.

disable-check-bindversion

boolean

Command: --disable-check-bindversion - Disables check for BIND version on name servers.

Library

Details

Parameters