adidnsdump

Thiru T
Nov 29, 2024
1 min read

By default any user in Active Directory can enumerate all DNS records in the Domain or Forest DNS zones, similar to a zone transfer.

This tool enables enumeration and exporting of all DNS records in the zone for recon purposes of internal networks.

Install: (Pip)

pip install git+https://github.com/dirkjanm/adidnsdump#egg=adidnsdump

Install: (Git)

git clone https://github.com/dirkjanm/adidnsdump
cd adidnsdump
pip install .

Note: The tool requires impacket and dnspython to function. While the tool works with both Python 2 and 3, Python 3 support requires you to install impacket from GitHub.

Usage:

# Display the zones in the domain where you are currently in
adidnsdump -u icorp\\testuser --print-zones icorp-dc.internal.corp

# Display all zones in the domain
adidnsdump -u icorp\\testuser icorp-dc.internal.corp

# Resolve all unknown records (-r)
adidnsdump -u icorp\\testuser icorp-dc.internal.corp -r

Blog - Getting in the Zone: dumping Active Directory DNS using adidnsdump

IT news & Information Technology Comparison

adidnsdump

Recent Posts

Comments