No edit summary |
No edit summary |
||
Line 12: | Line 12: | ||
##Subdomain brute forcing. | ##Subdomain brute forcing. | ||
dnsenum --dnsserver <nameserver> --enum -p 0 -s 0 -o found_subdomains.txt -f ~/subdomains.list <domain.tld> | dnsenum --dnsserver <nameserver> --enum -p 0 -s 0 -o found_subdomains.txt -f ~/subdomains.list <domain.tld> | ||
## brute force subdomain | |||
for sub in $(cat /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-110000.txt);do dig $sub.inlanefreight.htb @10.129.97.191| grep -v ';\|SOA' | sed -r '/^\s*$/d' | grep $sub | tee -a subdomains.txt;done | |||
</syntaxhighlight> | </syntaxhighlight> |
Revision as of 13:18, 8 July 2023
COMMAND
##NS request to the specific nameserver.
dig ns <domain.tld> @<nameserver>
##ANY request to the specific nameserver.
dig any <domain.tld> @<nameserver>
##AXFR request to the specific nameserver.
dig axfr <domain.tld> @<nameserver>
##Subdomain brute forcing.
dnsenum --dnsserver <nameserver> --enum -p 0 -s 0 -o found_subdomains.txt -f ~/subdomains.list <domain.tld>
## brute force subdomain
for sub in $(cat /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-110000.txt);do dig $sub.inlanefreight.htb @10.129.97.191| grep -v ';\|SOA' | sed -r '/^\s*$/d' | grep $sub | tee -a subdomains.txt;done