Cheatsheets

DNSRecon Tool Cheatsheet

by n8n admin

๐Ÿ›  Security Tool Cheatsheet

Alex Morgan — Senior Penetration Tester

What is DNSRecon?

DNSRecon is a powerful tool for performing DNS enumeration and reconnaissance. It is essential for security analysts and penetration testers in discovering subdomains, DNS records, and vulnerabilities associated with domain configurations.

Installation

DNSRecon can be easily installed on various platforms. To install it using GitHub, use the following commands:

git clone https://github.com/darkarnium/dnsrecon.git
cd dnsrecon
pip install -r requirements.txt

Basic Syntax

dnsrecon -d example.com

Discovery

Performing Zone Transfers

dnsrecon -d example.com -t AXFR

Use the command above to attempt a zone transfer on DNS servers. This may reveal all records if successful.

Common DNS Queries

dnsrecon -d example.com -t A

Replace A with other types (MX, NS, CNAME) to query different records.

Scanning

Subdomain Enumeration

dnsrecon -d example.com -t brt

This command uses various brute-force techniques to find subdomains.

Checking for SPF Records

dnsrecon -d example.com -t SPF

To validate email security configurations by fetching SPF records.

Exploitation

Exploiting Open Resolvers

dnsrecon -d example.com -t open

This checks if the domain uses open DNS resolvers, which may lead to exploits.

Analysis

Content Enumeration

dnsrecon -d example.com -t CNAME

Examine any CNAME records for internal and external mappings.

Evasion

Multiple Threads for Faster Results

dnsrecon -d example.com -t brt -j 5

The -j flag allows setting the number of concurrent jobs.

Reporting

Output Formats

dnsrecon -d example.com -o report.json

Save your findings in a JSON format suitable for integration into reporting tools.

Quick Reference Table

Flag Description
-d Specify the target domain.
-t Select the type of enumeration (e.g., A, MX, AXFR).
-o Output to a specified file format.
-j Set the number of threads for faster processing.

Pro Tips

  • Always check for multiple records: Use different query types to uncover hidden information.
  • Chain your commands: Combine output with tools like jq for easier analysis of JSON results.
  • Use discovery mode: The -t all flag allows full exploration of many record types.

Real-World Examples

In practice, DNSRecon has been instrumental in identifying misconfigured DNS records that lead to vulnerabilities. Consider the following scenario: by performing a zone transfer on an organizationโ€™s DNS server and enumerating subdomains, a security analyst discovered unprotected APIs that were not intended for public access.

Related Posts

Nmap Security Tool Cheatsheet

๐Ÿ›  Security Tool Cheatsheet Alex Morgan — Senior Penetration Tester What is Nmap? Nmap (Network Mapper) is an open-source tool used for network discovery and security auditing. It can be used to discover hosts and…