Programmerboy Pentesting Stuff
  • Welcome
  • Web Pentesting Stuff
    • Pentesting Port 80,443
      • FFUF Commands
      • Virtual Host Scanning
      • Javascript DeObfuscation
      • Pentesting JWT (JSON Web Tokens)
      • Pentesting Graphql
      • Pentesting Redis 6379
  • CMS Pentesting
    • Wordpress Pentesting
    • Jenkins
    • Grafana
  • Network Penetration Testing
    • Nmap Commands
    • 53 - Pentesting DNS
    • 88 - Pentesting Kerberos
    • 111 - Pentesting RPC
    • 389 - Pentesting LDAP
    • 445 - Pentesting SMB
    • 873 - Pentesting Rsync
    • 1433 - Pentesting MSSQL
    • 2049 - Pentesting NFS
    • 3389 Pentesting RDP
    • 3306 - Pentesting Mysql
    • 5000 - Pentesting Docker Registry
  • Active Directory Pentesting
    • Methodology
  • Password and Bruteforce Attacks
    • Hydra
    • Cewl
    • Making Custom Wordlists (Usernames)
    • JSON to txt Wordlist
  • Linux Privilege Escalation
    • Getting a Fully Interactive TTY Shell
    • Docker Container Escape
  • Windows Privilege Escalation
    • Tunneling and Pivoting
    • Methodology
  • Bug Bounty
    • Bug Bounty Methodology
    • XSS
    • SQL Injection
    • Command Injection
    • File Upload Pentesting
    • Local and Remote File Inclusion
    • Broken Authentication
    • Server Side Request Forgery (SSRF)
    • XML External Entity (XXE)
    • Server Side Template Injection (SSTI)
    • ReconFTW (six2dez)
    • JS Files
    • SignUp Page
  • CTFs
    • WEB
    • Regex Bypass
    • Grep & Regex & Find strings
  • Python Programs for Pentesting
    • Python Code Snippets
  • Certifications-Notes
    • CRTO & Cobalt Strike
  • Phishing and Real World Stuff
    • Email Spoofing
    • Attacking Office 365 & Exchange
  • Cloud Pentesting
    • Enumeration
Powered by GitBook
On this page
  • DNS Zone Transfer Online
  • Zone Transfer using NSLookup
  • Zone Transfer using DIG
  • DNScan
  1. Network Penetration Testing

53 - Pentesting DNS

PreviousNmap CommandsNext88 - Pentesting Kerberos

Last updated 8 months ago

DNS Zone Transfer Online

We can use the following website to do DNS Zone Transfer

We can get a lot of interesting information doing Zone Transfer below we can see that i did a zone transfer zonetransfer.me

Zone Transfer using NSLookup

We can use nslookup as well to do zone transfer Manually

nslookup -type=NS zonetransfer.me // Nameservers

nslookup -type=any -query=AXFR zonetransfer.me nsztm1.digi.ninja //any and axfr

Sometimes you might not get anything using zone transfer so you need to check that wether the IP address is actually the DNS for Domain or not, by using Below command

nslookup -type=ns inlanefreight.htb 10.129.121.23

Zone Transfer using DIG

dig <Domain Name>
dig <Domain Name> @<IP Address>

#Example
dig inlanefreight.htb
dig axfr inlanefreight.htb @10.129.121.23

DNScan

We can use dnscan to find out some more valuable information like subdomains, DNScan comes with its own wordlists which we can use

  1. -d -------> Domain

  2. -w ------> wordlist

LogoZone Transfer Test Online | HackerTarget.comHackerTarget.com