Top DNS Enumeration Tool Pre-Installed in Kali Linux

Hey Folks, today in this article we are going to mention all the in-built DNS enumeration tools of kali linux which can take place in your bug bounty hunting tool list. All the tools that we will tell you in this article, some of them are pre-installed and we have to install the rest ourselves, but they are associated with repositories, so we can easily install them using “apt-get” command. can.

So let’s be it 🙂 !!

Dig – DNS Enumeration Tool

Dig is a network administration command-line tool for querying the
DNS nameservers. It can identify IP address records, record the query route as it obtains answers from an authoritative nameserver, diagnose other DNS problems. It comes pre-installed in Kali Linux system so that it is easy to operate.

dig -h

So let’s take some examples now and know whether it really provides accurate results or not? We take any target and put its url here and within a few seconds it successfully dumps all the records as well as the correct IP address of that web address.

Usage 🙂 !! dig < target URL >

dig testphp.vulnweb.com

Grab Exact Output

There are several filters available in this tool, with some of the most useful commands being “short” and “noall”. Both command are very useful for only obtains reverse lookup.

dig testphp.vulnweb.com +short
dig testphp.vulnweb.com +noall +answer

Dot Notation

It’s used for shortcut of reverse lookup and obtains annotated results.

dig -x 18.192.172.30

Nslookup Tool

Nslookup is a network administration command-line tool for querying the Domain Name System to obtain the mapping between domain name and IP address, or other DNS records. As you can see when we enter the web address it automatically shows us the IP address of the web address.

nslookup testphp.vulnweb.com

Dump Records

Also we can get only specific records of any domain with below commands.

nslookup -type=ns testphp.vulnweb.com
nslookup -type=a testphp.vulnweb.com
nslookup -type=mx testphp.vulnweb.com

Dnsrecon and Dnstracer

Both the tools are useful to get DNS records of any domain and even both are very easy to operate. But the bad thing is that we have to install these tools by “apt-get” command as it is not pre-installed so let’s configure it first using below command.

apt install dnsrecon dnstracer

Dnsrecon

DNS reconnaissance is part of the information gathering phase of hacking or penetration testing because sometimes attackers can easily use such tools to grab subdomains of organizations and host their own phishing pages. So we can check all our DNS records at once through this tool to protect us from hackers.

dnsrecon -d secnhack.in

Dnstracer

Dnstracer determines where a given Domain Name Server (DNS) gets its information from for a given hostname, and follows the chain of DNS servers back to the authoritative answer. We can trace dns records vwith the help of this tool.

dnstracer secnhack.in

Dnsdomainname

Dnsdomainname will print the domain part of the FQDN (Fully Qualified Domain Name). This is also known as the YP/NIS domain name of the system. It comes pre-installed so you don’t have to configure it externally.

dnsdomainname -h