dig

dig google.com
dig txt google.com
dig soa google.com
dig ns google.com
dig mx google.com
dig ptr google.com
dig cname google.com
dig a google.com
dig aaaa google.com
dig any google.com

dig CH TXT version.bind 10.129.120.85

dig any inlanefreight.htb @10.129.14.128
dig any google.com @8.8.8.8

dig axfr inlanefreight.htb @10.129.14.128

dig axfr internal.inlanefreight.htb @10.129.14.128

Seclist bruteforcing

for sub in $(cat /opt/useful/SecLists/Discovery/DNS/subdomains-top1million-110000.txt);do dig $sub.inlanefreight.htb @10.129.14.128 | grep -v ';\|SOA' | sed -r '/^\s*$/d' | grep $sub | tee -a subdomains.txt;done

PS if axfr is not working and not showing anything, you should bruteforce it with dnsenum

Previousdnsenum Nextnslookup

Last updated 11 months ago

dig

dig google.com
dig txt google.com
dig soa google.com
dig ns google.com
dig mx google.com
dig ptr google.com
dig cname google.com
dig a google.com
dig aaaa google.com
dig any google.com

dig CH TXT version.bind 10.129.120.85

dig any inlanefreight.htb @10.129.14.128
dig any google.com @8.8.8.8

dig axfr inlanefreight.htb @10.129.14.128

dig axfr internal.inlanefreight.htb @10.129.14.128

Seclist bruteforcing

for sub in $(cat /opt/useful/SecLists/Discovery/DNS/subdomains-top1million-110000.txt);do dig $sub.inlanefreight.htb @10.129.14.128 | grep -v ';\|SOA' | sed -r '/^\s*$/d' | grep $sub | tee -a subdomains.txt;done

PS if axfr is not working and not showing anything, you should bruteforce it with dnsenum

Previousdnsenum Nextnslookup

Last updated 11 months ago