aditya777-dev/DNS-Enumeration-Tool

# DNS Enumeration Tool A Python-based DNS reconnaissance tool for collecting comprehensive domain intelligence. Supports subdomain enumeration, DNS record retrieval, reverse DNS lookups, WHOIS queries, SRV record discovery, and zone transfer vulnerability checks — all through an interactive menu. Used in SOC and penetration testing workflows to map the attack surface of a target domain. ## Features - **Subdomain Enumeration** — Discover subdomains using Sublist3r's multi-source engine - **DNS Record Lookup** — Retrieve A, MX, TXT, DNSKEY, CNAME, NS, SOA records - **Reverse DNS Lookup** — Resolve an IP address back to its domain name (PTR record) - **WHOIS Query** — Gather domain registration details (registrar, creation date, expiry, contacts) - **SRV Record Enumeration** — Find service records for SIP, LDAP, SMTP, IMAP, XMPP, FTP, HTTP/S - **Zone Transfer Check** — Test nameservers for AXFR misconfiguration (a critical DNS vulnerability) - **Interactive Menu** — Run individual modules or all at once ## Prerequisites - Python 3.6+ - pip ## Installation git clone https://github.com/aditya777-dev/DNS-Enumeration-Tool.git cd DNS-Enumeration-Tool pip install dnspython python-whois sublist3r ## Usage python dns-enumeration-tool.py You will be prompted for a domain name, then presented with an interactive menu: | Option | Action | |--------|--------| | 1 | Enumerate subdomains | | 2 | Enumerate DNS records | | 3 | Reverse DNS lookup | | 4 | Enumerate SRV records | | 5 | Attempt zone transfer (uses NS records from option 2) | | 6 | WHOIS information | | 7 | Run all modules sequentially | | 8 | Exit | ### Example Session Enter domain name: example.com Select an option: > 2 Enumerating DNS records for example.com: A: ['93.184.216.34'] MX: ['0 .'] NS: ['a.iana-servers.net.', 'b.iana-servers.net.'] SOA: ['ns1.example.com. ...'] > 5 Attempting zone transfer for example.com: Trying nameserver: a.iana-servers.net Zone transfer permission denied for a.iana-servers.net Zone transfer unsuccessful for all nameservers. ## SOC Relevance DNS enumeration is used in the **Reconnaissance** phase of threat intelligence and red team engagements: - Identifying exposed subdomains that may be misconfigured or forgotten - Checking for zone transfer vulnerabilities (AXFR) that leak full DNS zone data - Mapping infrastructure ahead of vulnerability assessments - Verifying DNS record hygiene (SPF, DMARC, DNSKEY) ## Ethical Use This tool must only be used against domains you **own** or have **explicit written authorization** to test. Unauthorized DNS reconnaissance may violate computer crime laws including the CFAA and GDPR. ## Author [aditya777-dev](https://github.com/aditya777-dev)