Interacting with a DNS Server
kali@kali:~$ host -t mx megacorpone.com
megacorpone.com mail is handled by 10 fb.mail.gandi.net.
megacorpone.com mail is handled by 50 mail.megacorpone.com.
megacorpone.com mail is handled by 60 mail2.megacorpone.com.
megacorpone.com mail is handled by 20 spool.mail.gandi.net.
kali@kali:~$ host -t txt megacorpone.com
megacorpone.com descriptive text "Try Harder"
Forward Lookup Brute Force
kali@kali:~$ for ip in $(cat list.txt); do host $ip.megacorpone.com; done
www.megacorpone.com has address 38.100.193.76
Host ftp.megacorpone.com not found: 3(NXDOMAIN)
mail.megacorpone.com has address 38.100.193.84
Host owa.megacorpone.com not found: 3(NXDOMAIN)
Host proxy.megacorpone.com not found: 3(NXDOMAIN)
router.megacorpone.com has address 38.100.193.71
Reverse Lookup Brute Force
kali@kali:~$ for ip in $(seq 50 100); do host 38.100.193.$ip; done | grep -v "not found"
69.193.100.38.in-addr.arpa domain name pointer beta.megacorpone.com.
70.193.100.38.in-addr.arpa domain name pointer ns1.megacorpone.com.
72.193.100.38.in-addr.arpa domain name pointer admin.megacorpone.com.
73.193.100.38.in-addr.arpa domain name pointer mail2.megacorpone.com.
76.193.100.38.in-addr.arpa domain name pointer www.megacorpone.com.
77.193.100.38.in-addr.arpa domain name pointer vpn.megacorpone.com.
...
DNS Zone Transfers
dig axfr <url> @<name-server>
host -l <domain name> <dns server address>
Relevant Tools in Kali Linux
dnsrecon -d megacorpone.com -t axfr
dnsenum zonetransfer.me
TCP Scanning
nmap -sS -p- -Pn -n --top-ports -sCV --min-rate 5000 10.10.10.10
UDP Scanning
nmap -sU -n -Pn --top-ports 100 10.10.10.10
Network Sweeping
nmap -sn 10.11.1.1-254