DNS Enumeration


host

#host command
host

# search record
host -t txt
host -t mx

# use hostnames.txt
for ip in $(cat hostnames.txt); do host $ip.domain.com; done

dnsrecon

# standard recon (main record types)
dnsrecon -d domain.com -t std

# subdomain bruteforce from list
dnsrecon -d domain.com -D list.txt -t brt

dnsenum

dnsenum domain.com

nslookup

(powershell)

nslookup domain.com
nslookup -type=TXT info.domain.com