DNS
Nmap command
Find the IP and authoritative servers.
Dig deeper
Find name servers
Find txt records
Fierce – Domain DNS scanner
Find email servers
Subdomain bruteforcing using common hostname
Reverse dns lookup bruteforcing
The ip is based on subdomain bruteforcing result
Zone transfer request
Bash script for zone transfer
DNS enumeration script
Bruteforce using wordlist
Finds nameservers for a given domain
Nmap zone transfer scan
Finds the domain names for a host.
Finds miss configure DNS entries.
TheHarvester finds subdomains in google, bing, etc
Find DNS (A) records by trying a list of common sub-domains from a wordlist.
Exploitation
Gather version numbers
Searchsploit
Default Creds
Creds previously gathered
Download the software
Last updated