Dnsrecon is a tool for performing reconnaissance on DNS servers and domains. It can be used for subdomain enumeration, zone transfers, and other types of reconnaissance.

Here are the steps to install Dnsrecon on a Linux or macOS system:

  1. Install Python, if you don't have it already installed:

sudo apt-get install python
  1. Install Dnsrecon:

pip install dnsrecon
  1. Once the installation is complete, you can run Dnsrecon from the terminal by typing:


To install Dnsrecon on a Windows system, you will need to follow a similar process, but some of the commands and steps may be different.

Once Dnsrecon is installed, you can use it to perform subdomain enumeration and reconnaissance on a target domain. For example, to enumerate subdomains for the domain "example.com", you can run the following command:

dnsrecon -d example.com -t brt

This will perform a brute force subdomain enumeration for the domain "example.com" and display the results in the terminal.

You can also perform a zone transfer for the target domain to gather additional information about the subdomains and DNS server configuration. For example:

dnsrecon -d example.com -t zt

These are the basic steps for installing and using Dnsrecon for subdomain enumeration and DNS reconnaissance. You can find more information on the options available with Dnsrecon by running the following command:

dnsrecon -h

This will display the help information for the tool, which includes a description of each option and how to use it.

Last updated