Usage: dnsrecon [-h] [-d DOMAIN] [-n NS_SERVER] [-r RANGE] [-D DICTIONARY] [-f] [-a] [-s] [-b] [-y] [-k] [-w] [-z] [--threads THREADS] [--lifetime LIFETIME] [--tcp] [--db DB] [-x XML] [-c CSV] [-j JSON] [--iw] [--disable_check_recursion] [--disable_check_bindversion] [-V] [-v] [-t TYPE]
| Options | Description |
|---|---|
| -h, --help | Show this help message and exit. |
| -d, --domain | Target domain. |
| -n, --name_server | Domain server to use (can specify comma-separated list). |
| -r, --range | IP range for reverse lookup brute force (e.g. first-last or range/bitmask). |
| -D, --dictionary | Dictionary file of subdomain and hostnames to use for brute force. |
| -f | Filter out wildcard resolution results when brute-forcing. |
| -a | Perform AXFR (zone transfer) with standard enumeration. |
| -s | Perform reverse lookup of IPv4 ranges in SPF record with standard enumeration. |
| -b | Perform Bing enumeration with standard enumeration. |
| -y | Perform Yandex enumeration with standard enumeration. |
| -k | Perform crt.sh enumeration with standard enumeration. |
| -w | Perform deep whois analysis and reverse lookup of IPs found via whois. |
| -z | Perform DNSSEC zone walk using NSEC records. |
| --threads | Number of threads to use for lookups and enumeration. |
| --lifetime | Time to wait for server response (default is 3.0). |
| --tcp | Use TCP protocol to make queries. |
| --db Disabled | SQLite3 file to save found records. |
| -x, --xml Disabled | XML file to save found records. |
| -c, --csv Disabled | CSV file to save found records. |
| -j, --json Disabled | JSON file to save found records. |
| --iw | Continue brute-forcing even if wildcard records are discovered. |
| --disable_check_recursion | Disable checking for recursion on name servers. |
| --disable_check_bindversion | Disable checking for BIND version on name servers. |
| -V, --version | Show DNSrecon version. |
| -v, --verbose | Enable verbose output. |
| -t, --type | Type of enumeration to perform. Choices: std, rvl, brt, srv, axfr, bing, yand, crt, snoop, tld, zonewalk. |
DNSRecon online
It allows security professionals to perform various DNS enumeration tasks, including zone transfers, brute-forcing subdomains, and gathering DNS records such as A, AAAA, MX, NS, and TXT.
Homepage
v1.2.0