blark / Aiodnsbrute
Licence: gpl-3.0
Python 3.5+ DNS asynchronous brute force utility
Stars: ✭ 370
Programming Languages
python
139335 projects - #7 most used programming language
Labels
Projects that are alternatives of or similar to Aiodnsbrute
Bugcrowd Levelup Subdomain Enumeration
This repository contains all the material from the talk "Esoteric sub-domain enumeration techniques" given at Bugcrowd LevelUp 2017 virtual conference
Stars: ✭ 513 (+38.65%)
Mutual labels: osint, dns, subdomain, pentesting, enumeration
Amass
In-depth Attack Surface Mapping and Asset Discovery
Stars: ✭ 6,284 (+1598.38%)
Mutual labels: osint, dns, subdomain, recon, enumeration
Intrec Pack
Intelligence and Reconnaissance Package/Bundle installer.
Stars: ✭ 177 (-52.16%)
Mutual labels: osint, security-tools, pentesting, recon, enumeration
Ksubdomain
无状态子域名爆破工具
Stars: ✭ 976 (+163.78%)
Mutual labels: subdomain, security-tools, pentesting, enumeration
Sonarsearch
A MongoDB importer and API for Project Sonars DNS datasets
Stars: ✭ 297 (-19.73%)
Mutual labels: osint, dns, subdomain, enumeration
Rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…
Stars: ✭ 3,439 (+829.46%)
Mutual labels: osint, security-tools, recon, pentesting
Amass
In-depth Attack Surface Mapping and Asset Discovery
Stars: ✭ 1,693 (+357.57%)
Mutual labels: dns, subdomain, recon, enumeration
Hosthunter
HostHunter a recon tool for discovering hostnames using OSINT techniques.
Stars: ✭ 427 (+15.41%)
Mutual labels: osint, security-tools, pentesting, recon
Scilla
🏴☠️ Information Gathering tool 🏴☠️ DNS / Subdomains / Ports / Directories enumeration
Stars: ✭ 116 (-68.65%)
Mutual labels: security-tools, pentesting, recon, enumeration
Bigbountyrecon
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
Stars: ✭ 541 (+46.22%)
Mutual labels: osint, pentesting, recon, red-team
Vajra
Vajra is a highly customizable target and scope based automated web hacking framework to automate boring recon tasks and same scans for multiple target during web applications penetration testing.
Stars: ✭ 269 (-27.3%)
Mutual labels: osint, pentesting, recon
Pulsar
Network footprint scanner platform. Discover domains and run your custom checks periodically.
Stars: ✭ 314 (-15.14%)
Mutual labels: osint, dns, recon
Raccoon
A high performance offensive security tool for reconnaissance and vulnerability scanning
Stars: ✭ 2,312 (+524.86%)
Mutual labels: osint, pentesting, enumeration
Spaces Finder
A tool to hunt for publicly accessible DigitalOcean Spaces
Stars: ✭ 122 (-67.03%)
Mutual labels: osint, pentesting, recon
Getaltname
Extract subdomains from SSL certificates in HTTPS sites.
Stars: ✭ 320 (-13.51%)
Mutual labels: dns, subdomain, pentesting
Discover
Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.
Stars: ✭ 2,548 (+588.65%)
Mutual labels: osint, recon, red-team
Ntlmrecon
Enumerate information from NTLM authentication enabled web endpoints 🔎
Stars: ✭ 252 (-31.89%)
Mutual labels: osint, recon, enumeration
Reconky-Automated Bash Script
Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.
Stars: ✭ 167 (-54.86%)
Mutual labels: osint, enumeration, recon
Async DNS Brute
A Python 3.5+ tool that uses asyncio to brute force domain names asynchronously.
Speed
It's fast. Benchmarks on small VPS hosts put around 100k DNS resoultions at 1.5-2mins. An amazon M3 box was used to make 1 mil requests in just over 3 minutes. Your mileage may vary. It's probably best to avoid using Google's resolvers if you're purely interested in speed.
DISCLAIMER
- Your ISP's and home router's DNS servers probably suck. Stick to a VPS with fast resolvers (or set up your own) if you're after speed.
- WARNING This tool is capable of sending LARGE amounts of DNS traffic. I am not repsonsible if you DoS someone's DNS servers.
Installation
$ pip install aiodnsbrute
Note: using a virtualenv is highly recommended.
Alternate install
Alternately you can install the usual way:
$ git clone https://github.com/blark/aiodnsbrute.git
$ cd aiodnsbrute
$ python setup.py install .
Usage
Get help:
$ aiodnsbrute --help
Usage: cli.py [OPTIONS] DOMAIN
aiodnsbrute is a command line tool for brute forcing domain names
utilizing Python's asyncio module.
credit: blark (@markbaseggio)
Options:
-w, --wordlist TEXT Wordlist to use for brute force.
-t, --max-tasks INTEGER Maximum number of tasks to run asynchronosly.
-r, --resolver-file FILENAME A text file containing a list of DNS resolvers
to use, one per line, comments start with #.
Default: use system resolvers
-v, --verbosity Increase output verbosity
-o, --output [csv|json|off] Output results to DOMAIN.csv/json (extension
automatically appended when not using -f).
-f, --outfile FILENAME Output filename. Use '-f -' to send file
output to stdout overriding normal output.
--query / --gethostbyname DNS lookup type to use query (default) should
be faster, but won't return CNAME information.
--wildcard / --no-wildcard Wildcard detection, enabled by default
--verify / --no-verify Verify domain name is sane before beginning,
enabled by default
--version Show the version and exit.
--help Show this message and exit.
Examples
Run a brute force with some custom options:
$ aiodnsbrute -w wordlist.txt -vv -t 1024 domain.com
Run a brute force, supppess normal output and send only JSON to stdout:
$ aiodnbrute -f - -o json domain.com
...for an advanced pattern, use custom resovers and pipe output into the awesome jq:
$ aiodnsbrute -r resolvers.txt -f - -o json google.com | jq '.[] | select(.ip[] | startswith("172."))'
Wildcard detection enabled by default (--no-wildcard turns it off):
$ aiodnsbrute foo.com
[*] Brute forcing foo.com with a maximum of 512 concurrent tasks...
[*] Using recursive DNS with the following servers: ['50.116.53.5', '50.116.58.5', '50.116.61.5']
[!] Wildcard response detected, ignoring answers containing ['23.23.86.44']
[*] Wordlist loaded, proceeding with 1000 DNS requests
[+] www.foo.com 52.73.176.251, 52.4.225.20
100%|██████████████████████████████████████████████████████████████████████████████| 1000/1000 [00:05<00:00, 140.18records/s]
[*] Completed, 1 subdomains found
NEW use gethostbyname (detects CNAMEs which can be handy for potential subdomain takeover detection)
$ aiodnsbrute --gethostbyname domain.com
Supply a list of resolvers from file (ignoring blank lines and starting with #), specify -r - to read list from stdin.
$ aiodnsbrute -r resolvers.txt domain.com
Thanks
- Wordlists are from bitquark's dnspop repo (except the 10 mil entry one which I created using his tool).
- Creds to Sublist3r for pointing me there.
- Click for making CLI apps so easy.
- tqdm powers the pretty progress bar!
- aiodns for providing the Python async interface to pycares which makes this all possible!
Notes
- You might want to do a
ulimit -nto see how many open files are allowed. You can also increase that number using the same command, i.e.ulimit -n <2048>
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].