Port 53 | DNS
nslookup -query=mx '<Domain>' -server '<DNS-IP>'
nslookup -query=ns '<Domain>' -server '<DNS-IP>'
nslookup -query=any '<Domain>' -server '<DNS-IP>'
dig '<Domain>'
dig '<Domain>' A
dig '<Domain>' AAAA
dig '<Domain>' PTR
dig '<Domain>' NS
dig '<Domain>' MX
nmap --script dns-brute --script-args dns-brute.threads=12 '<Domain>'
fierce -dns '<Domain>'
fierce -dns '<Domain>' -dnsserver '<DNS>'
dnsenum --dnsserver '<IP>' --enum '<Domain>'Resolve DNS IP to Domain name.
dig '@172.16.5.10' -x '172.16.5.10' +nocookieBrute force
fierce --domain '<Domain>' --range <Range> --dns-servers '<IP>' --subdomain-file '<wordlist>'Brute force with Bash
for name in $(cat /usr/share/seclists/Discovery/DNS/subdomains-top1million-20000.txt); do host $name.sportsfoo.com '172.16.5.10' -W 2; done | grep 'has address'Zone Transfer
dig '@<IP>' -t AXFR '<Domain>' +nocookieLast updated