Input parameters below and click on the Update button to have commands dynamically updated.

Domain Name System (DNS)

Nmap DNS Enumeration

Brute-force subdomains

nmap -p 53 --script dns-brute $ip

Extract name server details

nmap -p 53 --script dns-nsid $ip

Comprehensive scripts

nmap -n --script "(default and *dns*) or fcrdns or dns-srv-enum or dns-random-txid or dns-random-srcport" $ip

Get all available DNS records

dig $ip ANY

Perform DNS lookup

host -a $ip

Retrieve all DNS records

nslookup -query=ANY $ip

Regular DNS request

dig ANY @$ip $domain

IPv6 DNS request

dig AAAA @$ip $domain

Get TXT Records

dig TXT @$ip $domain

Get MX Records

dig MX @$ip $domain

Asks the DNS server at for the name server (NS) records of the specified $domain

dig NS @$ip $domain

Reverse lookup

dig -x 192.168.0.2 @$ip

Reverse IPv6 lookup

dig -x 2a00:1450:400c:c06::93 @$ip

Try zone transfer without domain

dig axfr @$ip

Try zone transfer guessing the domain

dig axfr @$ip $domain

Will try to perform a zone transfer against every authoritative name server and if this doesn’t work, will launch a dictionary attack

fierce --domain $domain --dns-servers $ip

DNS reverse of all of the addresses

dnsrecon -r 127.0.0.0/24 -n $ip

DNS reverse of all of the addresses

dnsrecon -r 127.0.1.0/24 -n $ip

DNS reverse of all of the addresses

dnsrecon -r $ip/24 -n $ip

Zone transfer

dnsrecon -d $domain -a -n $ip