DNS, Enumeration, Network

Dnsenum in Windows

Let’s see how can we collect the same information about a domain manually in Windows without using tools like dnsenum.

Open a command line window.

1) Get the host address

nslookup -q=a <domain name>

2) Get the nameservers

nslookup -q=ns <domain name>

3) Get the MX record

nslookup -q=mx <domain name>

4) Zone transfer
4.1) Enter nslookup with no arguments to enter interactive mode


4.2) Choose your nameserver

server ns1.mynameserver.com

4.3) Choose for query type any

set type=any

4.4) Transfer

ls -d <target domain>

5) Get extra names via google
5.1) Open your browser and navigate to Google search page to search for the following string

allinurl: -www site:<domain name>

6) Perform whois queries
6.1) Download Whois for Windows – http://technet.microsoft.com/en-us/sysinternals/bb897435.aspx
6.2) In comand line window change your current directory to whois folder and execute the following command:

whois <domain name>