Marx's CPT Notes

⌘Ctrlk

Active Subdomain Enumeration

Zone Transfers

how a secondary DNS server receives information from the primary DNS server and updates it
https://hackertarget.com/zone-transfer/ for web

$ nslookup -type=NS zonetransfer.me
$ nslookup -type=any -query=AXFR zonetransfer.me nsztm1.digi.ninja

If we manage to perform a successful zone transfer for a domain, there is no need to continue enumerating this particular domain as this will extract all the available information

GoBuster

$ export TARGET="facebook.com"
$ export NS="d.ns.facebook.com"
$ export WORDLIST="numbers.txt"
$ gobuster dns -q -r "${NS}" -d "${TARGET}" -w "${WORDLIST}" -p ./patterns.txt -o "gobuster_${TARGET}.txt"

dns: Launch the DNS module
-q: Don't print the banner and other noise.
-r: Use custom DNS server
-d: A target domain name
-p: Path to the patterns file
-w: Path to the wordlist
-o: Output file

PreviousActive Infrastructure Identification NextVirtual Hosts

Last updated 2 years ago