Hit-The-Dns is a modern open-source DNS recon tool written in bash which will help you during the DNS recon similar to tools like subfinder or dnsenum.
wget https://raw.githubusercontent.com/juanbelin/Hit-The-Dns/refs/heads/main/hit-the-dns.sh
chmod +x hit-the-dns.sh
Note
This example was done using Attacking DNS Lab from HTB Academy.
./hit-the-dns -d inlanefreight.htb -i 10.129.203.6 -w ~/seclists/Discovery/DNS/subdomains-top1million-110000.txt
poc2edited.mp4
-v or --verbose in order to view fuzzing attempts.
./hit-the-dns -d test.com -i 10.129.203.6 -w ~/seclists/Discovery/DNS/subdomains-top1million-110000.txt -v
The dns.logs file will give you the next step in the recon (zone transfer attack) according with the subdmains that the tool has found during the fuzzing.
poc3edited.mp4
./hit-the-dns -d domain.com -i 10.10.2.15 -w /path/to/wordlist.txt <-v>
./hit-the-dns.sh
█████ █████ ███ █████
░░███ ░░███ ░░░ ░░███
░███ ░███ ████ ███████
░███████████ ░░███ ░░░███░
░███░░░░░███ ░███ ░███
░███ ░███ ░███ ░███ ███
█████ █████ █████ ░░█████
░░░░░ ░░░░░ ░░░░░ ░░░░░
█████ █████ ██████████ ██████ █████ █████████
░░███ ░░███ ░░███░░░░███ ░░██████ ░░███ ███░░░░░███
███████ ░███████ ██████ ░███ ░░███ ░███░███ ░███ ░███ ░░░
░░░███░ ░███░░███ ███░░███ ░███ ░███ ░███░░███░███ ░░█████████
░███ ░███ ░███ ░███████ ░███ ░███ ░███ ░░██████ ░░░░░░░░███
░███ ███ ░███ ░███ ░███░░░ ░███ ███ ░███ ░░█████ ███ ░███
░░█████ ████ █████░░██████ ██████████ █████ ░░█████░░█████████
░░░░░ ░░░░ ░░░░░ ░░░░░░ ░░░░░░░░░░ ░░░░░ ░░░░░ ░░░░░░░░░
[+] Usage:
-d/--domain <domain> -w/--wordlist </path/to/wordlist> -i/--ip <IP>
-v/--verbose = Verbose mode
-h --> Show help panel
Important
Do not forget adding the domain to the /etc/hosts file
nano /etc/hosts and add a new line which contains '10.10.2.1 domain.com'
Some tools such as dnsemun does not always find the subdomains even if they exist in the DNS because of the way it implements threads and filters.
poc1edited.mp4
© 2025 juanbelin. All rights reserved.