Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.bytejmp.com/llms.txt

Use this file to discover all available pages before exploring further.

Install

pip install adidnsdump

Usage

adidnsdump -u 'DOMAIN\user' -p 'password' DC_IP
adidnsdump -u 'DOMAIN\user' -p 'password' DC_IP -r    # Resolve unknown records

Include Tombstoned Records

adidnsdump -u 'DOMAIN\user' -p 'password' DC_IP --include-tombstoned

Output

Creates records.csv with all DNS records from AD-integrated DNS zones. 
cat records.csv
Columns: zone, name, type, value.

With LDAP (Manual)

ldapsearch -x -H ldap://DC_IP -b "DC=domain.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=domain,DC=local" -D "[email protected]" -w 'pass'

Why Use It

  • Discover internal hosts not in ping sweep
  • Find hidden services, dev servers, legacy systems
  • Map internal infrastructure via DNS
  • Works with any domain user (low privilege)

Quick Reference

TaskCommand
Dump DNSadidnsdump -u 'DOM\user' -p 'pass' DC_IP
ResolveAdd -r flag
TombstonedAdd --include-tombstoned
Outputrecords.csv