NMAP MASTERY SERIES PART 12

DNS enumeration is a crucial process in penetration testing and network reconnaissance. It involves gathering information about a target’s DNS infrastructure. This tutorial will guide you through using Nmap to perform DNS enumeration, focusing on active techniques such as DNS zone transfers and DNS brute force attacks.

Step 1: Listing Available Nmap DNS Scripts

Nmap comes with various scripts for DNS enumeration. To list these scripts, use the following command:

This command will display all DNS-related scripts available in Nmap.

Step 2: Performing a DNS Zone Transfer

A DNS zone transfer can reveal all the records in a DNS zone if the target is misconfigured to allow it. We will use the dns-zone-transfer script for this purpose.

nmap -p 53 — script dns-zone-transfer — script-args dns-zone-transfer.domain=<target_domain> <target_ip>

Replace <target_domain> with the domain you are targeting and <target_ip> with the IP address of the DNS server.