Domain (53)


----------------------------------------------------------------------------------------------------------------
>>>nslookup
> server $IP
>127.0.0.1
>$IP

----------------------------------------------------------------------------------------------------------------

Dig deeper : 
>>> dig axfr cronos.htb @$IP

Find Name Servers : 
>>> host -t ns $IP

Find txt Records : 
>>> host -t txt $IP

Fierce – Domain DNS scanner : 
>>> fierce -dns $domain

Find email servers : 
>>> host -t mx $IP

DNS enumeration script : 
>>> dnsrecon -d $IP -t axfr

Finds nameservers for a given domain : 
>>> dnsenum $IP
>>> host -t ns $IP| cut -d " " -f 4

Finds the domain names for a host : 
>>> whois $ip

PreviousLDapNextNFS

Last updated