- host
- host google.com
- host -t ns google.com
- host -l google.com ns2.google.com
- nslookup (Name Server Lookup)
- nslookup -query=mx google.com
- nslookup -query=ns google.com
- dig
- dig -h (help)
- dig google.com
- dig axfr @ns1.google.com
- dnsrecon
- dnsrecon -h
- dnsrecon -d google.com
- dnsenum
- dnsenum -h
- dnsenum google.com
- Nmap
- nmap -h
- nmap -sV google.com
- nmap -v -A google.com (to check open port TCP)
- nmap -v -sn 192.168.0.0/16 10.0.0.0/8
- nmap nmap -T4 -A -v google.com
- nmap -p 1-65535 -T4 -A -v google.com (to check open port TCP)
- nmap -sU ns1.google.com (to check UDP)
- nmap -sA ns1.google.com (to check if the remote host is hidden behind a firewall or not)
- nmap -sZ ns1.google.com (
- nmap -v -n -Pn --script http-vuln-cve* google.com
- nmap -v -n -Pn --script http-enum.nse google.com
opcode, query, status, id, flags, authority