dig

dig google.com
dig txt google.com
dig soa google.com
dig ns google.com
dig mx google.com
dig ptr google.com
dig cname google.com
dig a google.com
dig aaaa google.com
dig any google.com
dig CH TXT version.bind 10.129.120.85
dig any inlanefreight.htb @10.129.14.128
dig any google.com @8.8.8.8
dig axfr inlanefreight.htb @10.129.14.128
dig axfr internal.inlanefreight.htb @10.129.14.128

Seclist bruteforcing

for sub in $(cat /opt/useful/SecLists/Discovery/DNS/subdomains-top1million-110000.txt);do dig $sub.inlanefreight.htb @10.129.14.128 | grep -v ';\|SOA' | sed -r '/^\s*$/d' | grep $sub | tee -a subdomains.txt;done

  • PS if axfr is not working and not showing anything, you should bruteforce it with dnsenum

PreviousdnsenumNextnslookup

Last updated