Awesome Open Source
Awesome Open Source

Async DNS Brute

A Python 3.5+ tool that uses asyncio to brute force domain names asynchronously.

aiodnsbrute screenshot


It's fast. Benchmarks on small VPS hosts put around 100k DNS resoultions at 1.5-2mins. An amazon M3 box was used to make 1 mil requests in just over 3 minutes. Your mileage may vary. It's probably best to avoid using Google's resolvers if you're purely interested in speed.


  • Your ISP's and home router's DNS servers probably suck. Stick to a VPS with fast resolvers (or set up your own) if you're after speed.
  • WARNING This tool is capable of sending LARGE amounts of DNS traffic. I am not repsonsible if you DoS someone's DNS servers.


$ pip install aiodnsbrute

Note: using a virtualenv is highly recommended.

Alternate install

Alternately you can install the usual way:

$ git clone
$ cd aiodnsbrute
$ python install .


Get help:

$ aiodnsbrute --help


  aiodnsbrute is a command line tool for brute forcing domain names
  utilizing Python's asyncio module.

  credit: blark (@markbaseggio)

  -w, --wordlist TEXT           Wordlist to use for brute force.
  -t, --max-tasks INTEGER       Maximum number of tasks to run asynchronosly.
  -r, --resolver-file FILENAME  A text file containing a list of DNS resolvers
                                to use, one per line, comments start with #.
                                Default: use system resolvers
  -v, --verbosity               Increase output verbosity
  -o, --output [csv|json|off]   Output results to DOMAIN.csv/json (extension
                                automatically appended when not using -f).
  -f, --outfile FILENAME        Output filename. Use '-f -' to send file
                                output to stdout overriding normal output.
  --query / --gethostbyname     DNS lookup type to use query (default) should
                                be faster, but won't return CNAME information.
  --wildcard / --no-wildcard    Wildcard detection, enabled by default
  --verify / --no-verify        Verify domain name is sane before beginning,
                                enabled by default
  --version                     Show the version and exit.
  --help                        Show this message and exit.


Run a brute force with some custom options:

$ aiodnsbrute -w wordlist.txt -vv -t 1024

Run a brute force, supppess normal output and send only JSON to stdout:

$ aiodnbrute -f - -o json

...for an advanced pattern, use custom resovers and pipe output into the awesome jq:

$ aiodnsbrute -r resolvers.txt -f - -o json | jq '.[] | select(.ip[] | startswith("172."))'

Wildcard detection enabled by default (--no-wildcard turns it off):

$ aiodnsbrute

[*] Brute forcing with a maximum of 512 concurrent tasks...
[*] Using recursive DNS with the following servers: ['', '', '']
[!] Wildcard response detected, ignoring answers containing ['']
[*] Wordlist loaded, proceeding with 1000 DNS requests
[+]               ,
100%|██████████████████████████████████████████████████████████████████████████████| 1000/1000 [00:05<00:00, 140.18records/s]
[*] Completed, 1 subdomains found

NEW use gethostbyname (detects CNAMEs which can be handy for potential subdomain takeover detection)

$ aiodnsbrute --gethostbyname

Supply a list of resolvers from file (ignoring blank lines and starting with #), specify -r - to read list from stdin.

$ aiodnsbrute -r resolvers.txt


  • Wordlists are from bitquark's dnspop repo (except the 10 mil entry one which I created using his tool).
  • Click for making CLI apps so easy.
  • tqdm powers the pretty progress bar!
  • aiodns for providing the Python async interface to pycares which makes this all possible!


  • You might want to do a ulimit -n to see how many open files are allowed. You can also increase that number using the same command, i.e. ulimit -n <2048>
Alternatives To Aiodnsbrute
Select To Compare

Alternative Project Comparisons
Related Awesome Lists
Top Programming Languages
Top Projects

Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
Python (797,356
Security (31,640
Dns (10,194
Pentesting (3,066
Resolver (2,328
Subdomain (1,994
Security Tools (1,864
Vps (1,696
Brute (1,564
Bruteforce (1,395
Osint (1,107
Wildcard (1,039
Recon (883
Bruteforcing (192
Osint Resources (44
Subdomain Takeover (36