DNSRecon – An Open Source DNS Enumeration Tool

DNSRecon is a python script used for DNS information gathering.  DNS information about a target is an essential requirement for every penetration tester. DNS information helps in mapping the network infrastructure of the target host. DNSRecon is a DNS reconnaissance tool that can perform a variety of enumerations, such as standard record enumeration, Zone transfer, Reverse lookup, Google lookup, Zone walking, cache snooping, and Domain Brute-Forcing. In the standard record enumeration, DNSRecon fetches record like SOA, SRV, DNSSec, and MX record.

DNSRecon Installation

DNSRecon can be cloned from github resources using the following command.

git clone https://github.com/darkoperator/dnsrecon

DNSRecon requires dnspython, netaddr, and lxml packages to function properly. These packages can be installed by using the following command.

pip install –r requirements.txt

DNSRecon Reconnaissance

Once successfully installed, DNSRecon can be executed from the terminal by running the dnsrecon.py file from the DNSRecon directory folder.

The following command can be used to see all the available options that can be used for DNS reconnaissance.

python dnsrecon.py

In order to check the standard record of any domain, run the following command.

./dnsrecon.py –d <target domain>

By running the above command, the tool looks for DNSSec, SOA, SRV, and MX record.  DNSSec is a security extension that is used to secure the information associated with the DNS. DNSRecon finds if DNSSec is configured for the target domain. SOA record provides administrative information like DNS zone information. SRV helps in identifying domain controllers for active directories. Similarly, MX record provides information regarding the mail servers.

To check if the target domain is vulnerable to zone transfer, the following command can be used.

./dnsrecon.py –d <target domain> -t axrf

Reverse IP lookup can be performed by adding the –s flag to the command in the following manner.

./dnsrecon.py –d <target domain> -s

Similarly, we can perform domain brute-forcing, cache snooping, zone walking, and other tasks by adding the appropriate arguments in the respective commands.

What Bunny rating does it get?

DNSrecon is very handy in gaining useful information regarding DNS records of a target web application, brute-forcing for subdomains, zone transfer, and wildcard resolutions. As a result we will be awarding this tool a rating of 4 out of 5 bunnies.

Want to learn more about ethical hacking?

We have a  networking hacking course that is of a similar level to OSCP, get an exclusive 95% discount HERE

Do you know of another GitHub related hacking tool?

Get in touch with us via the contact form if you would like us to look at any other GitHub ethical hacking tools.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients