DNSTake — A fast tool to check missing hosted DNS zones that can lead to subdomain takeover
Alternatives To Dnstake
Project NameStarsDownloadsRepos Using ThisPackages Using ThisMost Recent CommitTotal ReleasesLatest ReleaseOpen IssuesLicenseLanguage
Amass10,139311 days ago116June 20, 2023145otherGo
In-depth attack surface mapping and asset discovery
13 days agoJune 16, 201413iscC
Official git repo for iodine dns tunnel
2 days agoJavaScript
Dedicated to JavaScript and its awesome community since 2015
2 days ago25mitHTML
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
2 months ago1March 03, 202112gpl-3.0C
A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
Awesome Bugbounty Tools2,580
5 months ago2cc0-1.0
A curated list of various bug bounty tools
9 months ago3September 09, 202112apache-2.0Python
Generates permutations, alterations and mutations of subdomains and then resolves them
a year agoMay 26, 20214gpl-3.0Go
XRay is a tool for recon, mapping and OSINT gathering from public networks.
Acme Dns1,756
a month ago5January 11, 2021136mitGo
Limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely.
Dnsx1,727292 days ago24April 30, 202310mitGo
dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.
Alternatives To Dnstake
Select To Compare

Alternative Project Comparisons



A fast tool to check missing hosted DNS zones that can lead to subdomain takeover.

What is a DNS takeover?

DNS takeover vulnerabilities occur when a subdomain (subdomain.example.com) or domain has its authoritative nameserver set to a provider (e.g. AWS Route 53, Akamai, Microsoft Azure, etc.) but the hosted zone has been removed or deleted. Consequently, when making a request for DNS records the server responds with a SERVFAIL error. This allows an attacker to create the missing hosted zone on the service that was being used and thus control all DNS records for that (sub)domain.¹


from Binary

The ez way! You can download a pre-built binary from releases page, just unpack and run!

from Source

NOTE: Go 1.16+ compiler should be installed & configured!

Very quick & clean!

▶ go install github.com/pwnesia/dnstake/cmd/dnstake@latest

— or

Manual building executable from source code:

▶ git clone https://github.com/pwnesia/dnstake
▶ cd dnstake/cmd/dnstake
▶ go build .
▶ (sudo) mv dnstake /usr/local/bin


$ dnstake -h

  ·▄▄▄▄   ▐ ▄ .▄▄ ·▄▄▄▄▄ ▄▄▄· ▄ •▄ ▄▄▄ .
  ██▪ ██ •█▌▐█▐█ ▀.•██  ▐█ ▀█ █▌▄▌▪▀▄.▀·
  ▐█· ▐█▌▐█▐▐▌▄▀▀▀█▄▐█.▪▄█▀▀█ ▐▀▀▄·▐▀▀▪▄
  ██. ██ ██▐█▌▐█▄▪▐█▐█▌·▐█ ▪▐▌▐█.█▌▐█▄▄▌
  ▀▀▀▀▀• ▀▀ █▪ ▀▀▀▀ ▀▀▀  ▀  ▀ ·▀  ▀ ▀▀▀

        (c) pwnesia.org — v0.0.1

  [stdin] | dnstake [options]
  dnstake -t HOSTNAME [options]

  -t, --target <HOST/FILE>    Define single target host/list to check
  -c, --concurrent <i>        Set the concurrency level (default: 25)
  -s, --silent                Suppress errors and/or clean output
  -o, --output <FILE>         Save vulnerable hosts to FILE
  -h, --help                  Display its help

  dnstake -t (sub.)domain.tld
  dnstake -t hosts.txt
  dnstake -t hosts.txt -o ./dnstake.out
  cat hosts.txt | dnstake
  subfinder -silent -d domain.tld | dnstake


DNSTake use RetryableDNS client library to send DNS queries. Initial engagement using Google & Cloudflare DNS as the resolver, then check & fingerprinting the nameservers of target host — if there is one, it will resolving the target host again with its nameserver IPs as resolver, if it gets weird DNS status response (other than NOERROR/NXDOMAIN), then it's vulnerable to be taken over. More or less like this in form of a diagram.

Currently supported DNS providers, see here.



DNSTake is distributed under MIT. See LICENSE.

Popular Subdomain Projects
Popular Dns Projects
Popular Networking Categories
Related Searches

Get A Weekly Email With Trending Projects For These Categories
No Spam. Unsubscribe easily at any time.