- Kali Linux:An Ethical Hacker's Cookbook(Second Edition)
- Himanshu Sharma
- 157字
- 2025-02-18 00:26:50
How to do it...
- To view the help, we type the following:
dnsrecon -h
The following screenshot shows the output of the preceding command:
- To do a simple recon of name servers, A records, SOA records, MX records, and so on, we can run the following command:
dnsrecon -d packtpub.com -n 8.8.8.8
The following screenshot shows the output of the preceding command:
- Now let's take an example of a domain that has NSEC records. To do a zone walk, we can simply run the following command:
dnsrecon -z -d icann.org -n 8.8.8.8
The following screenshot shows the output of the preceding command:
- We can do this manually by using the dig command along with dig +short NSEC domainname.com.
- The previous dig command will throw us one subdomain, and then we can rerun the same command with the subdomain we got in previous step to find the next subdomain: dig +short NSEC a.domain.com.