DNS Records Enumeration Tool

A comprehensive Python tool for DNS reconnaissance and enumeration, designed for cybersecurity professionals, penetration testers, and bug bounty hunters.

Features

🔍 DNS Record Enumeration

• A Records: IPv4 addresses
• AAAA Records: IPv6 addresses
• CNAME Records: Canonical name records
• MX Records: Mail exchange records
• NS Records: Name server records
• TXT Records: Text records (SPF, DKIM, etc.)
• SOA Records: Start of authority records
• PTR Records: Pointer records
• SRV Records: Service records
• CAA Records: Certificate authority authorization
• DNSKEY Records: DNS key records
• DS Records: Delegation signer records
• NSEC/NSEC3 Records: Next secure records

🌐 Subdomain Enumeration

• Brute Force: Comprehensive wordlist with 500+ common subdomains
• Multi-threaded: Configurable thread count for faster enumeration
• Concurrent Processing: Efficient parallel subdomain checking

🔒 Advanced Features

• Zone Transfer: Attempts DNS zone transfer from name servers
• Port Scanning: Checks common ports on discovered IPs
• Reverse DNS: Performs reverse DNS lookups
• Multiple Output Formats: JSON, CSV, and TXT reports

📊 Reporting

• JSON Output: Structured data for programmatic use
• CSV Output: Spreadsheet-compatible format
• TXT Output: Human-readable report
• Timestamped Reports: Automatic filename generation

Installation

Prerequisites

• Python 3.7+
• Kali Linux (recommended) or any Linux distribution

Dependencies

# Install required packages
sudo apt install python3-dnspython python3-requests

# Or install via pip (in virtual environment)
pip install dnspython requests

Setup

# Clone or download the tool
git clone <repository-url>
cd dns-enum-tool

# Make executable
chmod +x dns_enum_tool.py

Usage

Basic Usage

# Full enumeration
python3 dns_enum_tool.py example.com

# Verbose output
python3 dns_enum_tool.py example.com -v

# Custom thread count
python3 dns_enum_tool.py example.com -t 20

Advanced Usage

# Only DNS records enumeration
python3 dns_enum_tool.py example.com --records-only

# Only subdomain enumeration
python3 dns_enum_tool.py example.com --subdomains-only

# Specific output format
python3 dns_enum_tool.py example.com -o json
python3 dns_enum_tool.py example.com -o csv
python3 dns_enum_tool.py example.com -o txt

Command Line Options

positional arguments:
  domain                Target domain to enumerate

options:
  -h, --help            show this help message and exit
  -v, --verbose         Verbose output
  -t, --threads THREADS Number of threads (default: 10)
  -o, --output {json,csv,txt,all}
                        Output format (default: all)
  --subdomains-only     Only enumerate subdomains
  --records-only        Only enumerate DNS records

Examples

Example 1: Basic DNS Enumeration

python3 dns_enum_tool.py google.com -v

Output:

[11:36:58] [INFO] Starting DNS record enumeration for google.com
[11:36:58] [INFO] Checking A records...
[11:36:58] [INFO] Found 1 A record(s): 142.250.74.174
[11:36:58] [INFO] Checking AAAA records...
[11:36:58] [INFO] Found 1 AAAA record(s): 2a00:1450:400f:805::200e
[11:36:58] [INFO] Checking MX records...
[11:36:58] [INFO] Found 1 MX record(s): 10 smtp.google.com.
[11:36:58] [INFO] Checking NS records...
[11:36:58] [INFO] Found 4 NS record(s): ns1.google.com., ns2.google.com., ns3.google.com., ns4.google.com.

Example 2: Subdomain Enumeration

python3 dns_enum_tool.py example.com --subdomains-only -t 15

Example 3: Generate Specific Report Format

python3 dns_enum_tool.py target.com -o json

Output Files

The tool generates timestamped reports in the current directory:

• dns_enum_report_[domain]_[timestamp].json - JSON format
• dns_enum_report_[domain]_[timestamp].csv - CSV format
• dns_enum_report_[domain]_[timestamp].txt - Text format

JSON Output Structure

{
  "domain": "example.com",
  "timestamp": "2025-01-24T11:36:58.123456",
  "records": {
    "A": ["192.168.1.1"],
    "MX": ["10 mail.example.com."],
    "NS": ["ns1.example.com.", "ns2.example.com."]
  },
  "subdomains": [
    {
      "subdomain": "www.example.com",
      "ip": "192.168.1.1",
      "timestamp": "2025-01-24T11:36:58.123456",
      "open_ports": [80, 443]
    }
  ],
  "errors": []
}

Security Considerations

⚠️ Important: This tool is designed for:

• Authorized penetration testing
• Bug bounty hunting (with proper authorization)
• Security research on your own infrastructure
• Educational purposes

Legal Notice

• Always obtain proper authorization before testing
• Respect robots.txt and rate limiting
• Use responsibly and ethically
• The author is not responsible for misuse

Performance Tips

1. Thread Count: Adjust -t parameter based on your system and target
2. Network Speed: Faster connections allow higher thread counts
3. Target Limits: Some DNS servers may rate limit requests
4. Timeout Settings: Built-in timeouts prevent hanging

Troubleshooting

Common Issues

Permission Denied

chmod +x dns_enum_tool.py

Module Not Found

sudo apt install python3-dnspython python3-requests

Timeout Errors

• Reduce thread count with -t 5
• Check network connectivity
• Verify target domain exists

No Results Found

• Check if domain exists
• Verify DNS resolution
• Try with -v for verbose output

Contributing

Contributions are welcome! Please feel free to submit:

• Bug reports
• Feature requests
• Code improvements
• Documentation updates

License

This project is licensed under the MIT License - see the LICENSE file for details.

Author

Sergios9494 - Cybersecurity Professional

• GitHub: @Sergios9494

Acknowledgments

• Inspired by various DNS enumeration techniques
• Built for the cybersecurity community
• Designed for educational and professional use

---

Happy Hunting! 🎯