DNS - TCP/UDP 53
Find IP address of a website
host <domain>Search for different types of DNS records
host -t <record type e.g. mx> <domain>Bruteforce forward lookup zones
for ip in $(seq 50 100); do host 38.100.193.$ip; done | grep -v "not found"Test for zone transfers
host -l <domain> ns.<domain>
dig axfr @<ip address> <FQDN>Enumerate nameservers for a domain
host -t ns <domain> | cut -d " " -f 4Last updated