dnsenum is a command-line tool used for enumerating DNS information of a domain. It’s particularly useful for gathering domain-related information in penetration testing or reconnaissance efforts.
Common dnsenum Options
--enum: Performs a full enumeration, gathering information such as subdomains, MX records, and zone transfers.--sub: Attempts to retrieve subdomains related to the target domain.--email: Collects email addresses associated with the domain by querying whois information.--threads: Specifies the number of threads to use for faster enumeration.--whoisserver: Specifies the whois server to query for additional domain information.
Additional Options
--dnsserver: Allows specifying a custom DNS server to use for queries.--timeout: Defines the timeout value for DNS queries.--recursion: Checks whether DNS recursion is enabled on the target server.
Examples of dnsenum Commands
Perform a full DNS enumeration on example.com.
> dnsenum example.com --enumRetrieve subdomains associated with example.com.
> dnsenum example.com --subPerform enumeration using 10 threads for faster results.
> dnsenum example.com --threads 10Query a specific DNS server (e.g., 8.8.8.8) for example.com.
> dnsenum example.com --dnsserver 8.8.8.8Specify a custom whois server for additional domain information.
> dnsenum example.com --whoisserver whois.example.com