Files from activity: Link

Nmap can be used to generate a list of targets for scanning or further analysis by using the -sL (list targets) flag. This list can then be used for additional enumeration. Additionally, the --dns-servers flag can be used in combination with this to specify a DNS server. In this scenario, Nmap will attempt to perform a reverse lookup of each IP address using the specified DNS server.

The following dig command can be used to discover the nameservers for a domain:

dig @<DNS Server> +short NS <Domain>

The syntax for attempting a zone transfer using dig is as follows:

dig axfr @<nameserver> <domain>

This will try to perform a zone transfer on the given using the provided .

I struggled a bit with this lab as I'm not all that familiar with grep and awk options. I utilized several resources to aid in my creation of scripts and one-liners.