DNS Reconnaissance

Syntax: dnsrecon -d [DOMAIN]

dnsrecon -d h4cker.org

nslookup [DOMAIN]

nslookup [DOMAIN] [DNS_SERVER]

nslookup [IP]

nslookup
set type=AAAA #set type=[RECORD_TYPE]
server 8.8.8.8 #server [DNS_SERVER]
cisco.com #[DOMAIN]

dig [DOMAIN]

# dig [DOMAIN] [RECORD_TYPE]
dig cisco.com AAAA #IPv6 records
dig cisco.com MX #MX (Mail Server) records
dig cisco.com NS #Name Server records

# dig [DOMAIN] @[DNS_SERVER]
dig cisco.com AAAA @8.8.8.8
dig cisco.com TXT @8.8.8.8

# dig -x [IP]
dig -x 72.163.5.201

whois cisco.com
whois cisco.com | grep '@cisco.com' #Showing Technical and Administrative Email Contacts

# host [ip address or hostname]
host 72.163.10.1
host hsrp-72-163-10-1.cisco.com

Last updated 7 months ago