|Project Name||Stars||Downloads||Repos Using This||Packages Using This||Most Recent Commit||Total Releases||Latest Release||Open Issues||License||Language|
|Amass||10,139||3||11 days ago||116||June 20, 2023||145||other||Go|
|In-depth attack surface mapping and asset discovery|
|Iodine||5,454||13 days ago||June 16, 2014||13||isc||C|
|Official git repo for iodine dns tunnel|
|Reconftw||4,700||2 days ago||25||mit||HTML|
|reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities|
|Massdns||2,746||2 months ago||1||March 03, 2021||12||gpl-3.0||C|
|A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)|
|Awesome Bugbounty Tools||2,580||5 months ago||2||cc0-1.0|
|A curated list of various bug bounty tools|
|Altdns||1,900||9 months ago||3||September 09, 2021||12||apache-2.0||Python|
|Generates permutations, alterations and mutations of subdomains and then resolves them|
|Xray||1,792||a year ago||May 26, 2021||4||gpl-3.0||Go|
|XRay is a tool for recon, mapping and OSINT gathering from public networks.|
|Acme Dns||1,756||a month ago||5||January 11, 2021||136||mit||Go|
|Limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely.|
|Dnsx||1,727||29||2 days ago||24||April 30, 2023||10||mit||Go|
|dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.|
A fast tool to check missing hosted DNS zones that can lead to subdomain takeover.
DNS takeover vulnerabilities occur when a subdomain (subdomain.example.com) or domain has its authoritative nameserver set to a provider (e.g. AWS Route 53, Akamai, Microsoft Azure, etc.) but the hosted zone has been removed or deleted. Consequently, when making a request for DNS records the server responds with a
SERVFAIL error. This allows an attacker to create the missing hosted zone on the service that was being used and thus control all DNS records for that (sub)domain.¹
The ez way! You can download a pre-built binary from releases page, just unpack and run!
|NOTE: Go 1.16+ compiler should be installed & configured!|
Very quick & clean!
▶ go install github.com/pwnesia/dnstake/cmd/dnstake@latest
Manual building executable from source code:
▶ git clone https://github.com/pwnesia/dnstake ▶ cd dnstake/cmd/dnstake ▶ go build . ▶ (sudo) mv dnstake /usr/local/bin
$ dnstake -h ·▄▄▄▄ ▐ ▄ .▄▄ ·▄▄▄▄▄ ▄▄▄· ▄ •▄ ▄▄▄ . ██▪ ██ •█▌▐█▐█ ▀.•██ ▐█ ▀█ █▌▄▌▪▀▄.▀· ▐█· ▐█▌▐█▐▐▌▄▀▀▀█▄▐█.▪▄█▀▀█ ▐▀▀▄·▐▀▀▪▄ ██. ██ ██▐█▌▐█▄▪▐█▐█▌·▐█ ▪▐▌▐█.█▌▐█▄▄▌ ▀▀▀▀▀• ▀▀ █▪ ▀▀▀▀ ▀▀▀ ▀ ▀ ·▀ ▀ ▀▀▀ (c) pwnesia.org — v0.0.1 Usage: [stdin] | dnstake [options] dnstake -t HOSTNAME [options] Options: -t, --target <HOST/FILE> Define single target host/list to check -c, --concurrent <i> Set the concurrency level (default: 25) -s, --silent Suppress errors and/or clean output -o, --output <FILE> Save vulnerable hosts to FILE -h, --help Display its help Examples: dnstake -t (sub.)domain.tld dnstake -t hosts.txt dnstake -t hosts.txt -o ./dnstake.out cat hosts.txt | dnstake subfinder -silent -d domain.tld | dnstake
DNSTake use RetryableDNS client library to send DNS queries. Initial engagement using Google & Cloudflare DNS as the resolver, then check & fingerprinting the nameservers of target host — if there is one, it will resolving the target host again with its nameserver IPs as resolver, if it gets weird DNS status response (other than
NXDOMAIN), then it's vulnerable to be taken over. More or less like this in form of a diagram.
Currently supported DNS providers, see here.
DNSTake is distributed under MIT. See