root@box:~# dnsrecon -h
–h, —help Show this help message and exit
–d, —domain Domain to Target for enumeration.
–r, —range IP Range for reverse look–up brute force in formats (first–last)
or in (range/bitmask).
–n, —name_server Domain server to use, if none is given the SOA of the
target will be used
–D, —dictionary Dictionary file of sub–domain and hostnames to use for
–f Filter out of Brute Force Domain lookup records that resolve to
the wildcard defined IP Address when saving records.
–t, —type Specify the type of enumeration to perform:
std To Enumerate general record types, enumerates.
SOA, NS, A, AAAA, MX and SRV if AXRF on the
NS Servers fail.
rvl To Reverse Look Up a given CIDR IP range.
brt To Brute force Domains and Hosts using a given
srv To Enumerate common SRV Records for a given
axfr Test all NS Servers in a domain for misconfigured
goo Perform Google search for sub–domains and hosts.
snoop To Perform a Cache Snooping against all NS
servers for a given domain, testing all with
file containing the domains, file given with –D
tld Will remove the TLD of given domain and test against
all TLD‘s registered in IANA
zonewalk Will perform a DNSSEC Zone Walk using NSEC Records.
–a Perform AXFR with the standard enumeration.
–s Perform Reverse Look–up of ipv4 ranges in the SPF Record of the
targeted domain with the standard enumeration.
–g Perform Google enumeration with the standard enumeration.
–w Do deep whois record analysis and reverse look–up of IP
ranges found thru whois when doing standard query.
–z Performs a DNSSEC Zone Walk with the standard enumeration.
—threads Number of threads to use in Range Reverse Look–up, Forward
Look–up Brute force and SRV Record Enumeration
—lifetime Time to wait for a server to response to a query.
—db SQLite 3 file to save found records.
—xml XML File to save found records.
—iw Continua bruteforcing a domain even if a wildcard record resolution is discovered.
–c, —csv Comma separated value file.
–v Show attempts in the bruteforce modes.