NMAP MASTERY SERIES PART 12
DNS enumeration is a crucial process in penetration testing and network reconnaissance. It involves gathering information about a target’s DNS infrastructure. This tutorial will guide you through using Nmap to perform DNS enumeration, focusing on active techniques such as DNS zone transfers and DNS brute force attacks.
3 min readJun 25, 2024
Step 1: Listing Available Nmap DNS Scripts
Nmap comes with various scripts for DNS enumeration. To list these scripts, use the following command:
This command will display all DNS-related scripts available in Nmap.
Step 2: Performing a DNS Zone Transfer
A DNS zone transfer can reveal all the records in a DNS zone if the target is misconfigured to allow it. We will use the dns-zone-transfer
script for this purpose.
nmap -p 53 — script dns-zone-transfer — script-args dns-zone-transfer.domain=<target_domain> <target_ip>
Replace <target_domain>
with the domain you are targeting and <target_ip>
with the IP address of the DNS server.