DNSRecon umożliwia sprawdzenie rekordów NS stref, enumerację ogólnych rekordów DNS dla danej domeny (MX, SOA, NS, A, AAAA, SPF i TXT), enumeracje rekordów SRV oraz domeny najwyższego poziomu (TLD), sprawdzenie rozpoznawania symboli wieloznacznych, wyszukanie brute-force subdomen dla A i AAA, zgodnie z zadanym słownikiem, enumerację rekordów mDNS dla sieci lokalnej, oraz enumerację hostów i subdomen przy użyciu Google.
root@kali:~# dnsrecon -h
usage: dnsrecon.py [-h] [-d DOMAIN] [-n NS_SERVER] [-r RANGE] [-D DICTIONARY]
[-f] [-t TYPE] [-a] [-s] [-g] [-b] [-k] [-w] [-z]
[--threads THREADS] [--lifetime LIFETIME] [--tcp] [--db DB]
[-x XML] [-c CSV] [-j JSON] [--iw] [-v]
optional arguments:
-h, --help show this help message and exit
-d DOMAIN, --domain DOMAIN
Target domain.
-n NS_SERVER, --name_server NS_SERVER
Domain server to use. If none is given, the SOA of the
target will be used.
-r RANGE, --range RANGE
IP range for reverse lookup brute force in formats
(first-last) or in (range/bitmask).
-D DICTIONARY, --dictionary DICTIONARY
Dictionary file of subdomain and hostnames to use for
brute force. Filter out of brute force domain lookup,
records that resolve to the wildcard defined IP
address when saving records.
-f Filter out of brute force domain lookup, records that
resolve to the wildcard defined IP address when saving
records.
-t TYPE, --type TYPE Type of enumeration to perform.
-a Perform AXFR with standard enumeration.
-s Perform a reverse lookup of IPv4 ranges in the SPF
record with standard enumeration.
-g Perform Google enumeration with standard enumeration.
-b Perform Bing enumeration with standard enumeration.
-k Perform crt.sh enumeration with standard enumeration.
-w Perform deep whois record analysis and reverse lookup
of IP ranges found through Whois when doing a standard
enumeration.
-z Performs a DNSSEC zone walk with standard enumeration.
--threads THREADS Number of threads to use in reverse lookups, forward
lookups, brute force and SRV record enumeration.
--lifetime LIFETIME Time to wait for a server to response to a query.
--tcp Use TCP protocol to make queries.
--db DB SQLite 3 file to save found records.
-x XML, --xml XML XML file to save found records.
-c CSV, --csv CSV Comma separated value file.
-j JSON, --json JSON JSON file.
--iw Continue brute forcing a domain even if a wildcard
records are discovered.
-v Enable verbose
W wersji występującej w kali-linux
zobacz: https://tools.kali.org/information-gathering/dnsrecon