5. DNS Enumeration ( Zone Transfer)

1. DNS Enumeration using zone transfer

dig ns example.com
dig axfr example.com @nameserver

2. DNS Enumeration using NMAP

  1. DNS Service Discovery

nmap --script=broadcast-dns-service-discovery example.com

  1. DNS brute forcing

nmap -T5 -p 53 --script dns-brute example.com

  1. common service records

nmap --script dns-srv-enum --script-args "dns-srv-enum.domain='example.com'"
Previous4. NFS EnumerationNext6. SMTP Enumeration

Last updated