Provided by: dnsrecon_0.8.12-1_all 
NAME
dnsrecon - DNS Enumueration and Scanning Tool
SYNOPSIS
dnsrecon <options>
OPTION
-h, --help
Show help message and exit
-d, --domain <domain>
Domain to Target for enumeration.
-r, --range <range>
IP Range for reverse look-up brute force in formats (first-last)
or in (range/bitmask).
-n, --name_server <name>
Domain server to use, if none is given the SOA of the
target will be used
-D, --dictionary <file>
Dictionary file of sub-domain and hostnames to use for
brute force.
-f Filter out of Brute Force Domain lookup records that resolve
to the wildcard defined IP Address when saving records.
-t, --type <types>
Specify the type of enumeration to perform (comma separated):
std To Enumerate general record types, enumerates.
SOA, NS, A, AAAA, MX and SRV if AXRF on the
NS Servers fail.
rvl To Reverse Look Up a given CIDR IP range.
brt To Brute force Domains and Hosts using a given
dictionary.
srv To Enumerate common SRV Records for a given
domain.
axfr Test all NS Servers in a domain for misconfigured
zone transfers.
goo Perform Google search for sub-domains and hosts.
bing Perform Bing search for sub-domains and hosts.
snoop To Perform a Cache Snooping against all NS
servers for a given domain, testing all with
file containing the domains, file given with -D
option.
tld Will remove the TLD of given domain and test against
all TLD's registered in IANA
zonewalk Will perform a DNSSEC Zone Walk using NSEC Records.
-a Perform AXFR with the standard enumeration.
-s Perform Reverse Look-up of ipv4 ranges in the
SPF Record of the targeted domain with the
standard enumeration.
-g Perform Google enumeration with the standard
enumeration.
-b Perform Bing enumeration with the standard enumeration.
-w Do deep whois record analysis and
reverse look-up of IP ranges found thru whois
when doing standard query.
-z Performs a DNSSEC Zone Walk with the standard
enumeration.
--threads <number>
Number of threads to use in Range Reverse Look-up,
Forward Look-up Brute force
and SRV Record Enumeration
--lifetime <number>
Time to wait for a server to response to a query.
--db <file> SQLite 3 file to save found records.
--xml <file> XML File to save found records.
--iw Continue brute forcing a domain even if a wildcard
records are discovered.
-c, --csv <file> Comma separated value file.
-j, --json <file> JSON file.
-v Show attempts in the bruteforce modes.
DESCRIPTION
I wrote this tool back in late 2006 and it has been my favorite tool for enumeration thru
DNS, in great part because I wrote it and it gives the output in a way that I can
manipulate it in my own style. One of the features that I used the most and gave me
excellent results is the SRV record enumeration.
The script will perform the following:
Standard Record Enumeration for a given domain (A, NS, SOA and MX). Top Leven Domain
Expansion for a given domain. Zone Transfer against all NS records of a given domain.
Reverse Lookup against a given IP Range given a start and end IP.
SRV Record enumeration, enumerating:
_gc._tcp.
_kerberos._tcp.
_kerberos._udp.
_ldap._tcp.
_test._tcp.
_sips._tcp.
_sip._udp.
_sip._tcp.
_aix._tcp.
_aix._tcp.
_finger._tcp.
_ftp._tcp.
_http._tcp.
_nntp._tcp.
_telnet._tcp.
_whois._tcp.
_h323cs._tcp.
_h323cs._udp.
_h323be._tcp.
_h323be._udp.
_h323ls._tcp.
_h323ls._udp.
Brute force hostnames and subdomains of a given target domain using a wordlist.
AUTHOR
Carlos Perez, Carlos_Perez@darkoperator.com
COPYRIGHT
Copyright (C) 2012 Carlos Perez
This program is free software; you can redistribute it and/or modify it under the terms of
the GNU General Public License as published by the Free Software Foundation; Applies
version 2 of the License.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program;
if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
MA 02110-1301 USA