Dnsrecon is an osint tool, and this tool is pre-installed on Linux. This tool is designed to get the DNS information of a website.
The uniqueness of this tool is that all DNS information can be found through this dnsrecon tool. This tool is very easy to use. If you need to use this tool on termux you can install it using the command given below.
git clone https://github.com/darkoperator/dnsrecon
- Check all NS Records for Zone Transfers.
- Enumerate General DNS Records for a given Domain (MX, SOA, NS, A, AAAA, SPF and TXT).
- Perform common SRV Record Enumeration.
- Top Level Domain (TLD) Expansion.
- Check for Wildcard Resolution.
- Brute Force subdomain and host A and AAAA records given a domain and a wordlist.
- Perform a PTR Record lookup for a given IP Range or CIDR.
- Check a DNS Server Cached records for A, AAAA and CNAME Records provided a list of host records in a text file to check.
How to use Dnsrecon tool
First, you need to type the following command in your terminal to run the dnsrecon tool.
1. Simple search
With this simple search, you can gather the overall information of a website. To start this simple search, run the following command on your terminal.
d – Domain name
a – Perform AXFR with standard enumeration.
dnsrecon -d -a
Now you have all the DNS information available and run the following command to see if you can zone transfer the name server of that website.
d – Domain name
t – Type of enumeration to perform
axfr – Test all NS servers for a zone transfer
dnsrecon.py -d -t axfr
2. Reverse lookup
DNSRecon can perform a reverse lookup for PTR (Pointer) records against IPv4 and IPv6 address ranges.To run reverse lookup enumeration the command:
dnsrecon.py -r -
Also reverse lookup can be performed against all ranges in SPF records with the command
dnsrecon.py -d -s
And if you need any information you can find out by enabling the help option. I hope you learned how to use the dnsrecon tool through this post. If you have any doubts let me know by the command.