GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → ProjectAnte → Dnsgen

ProjectAnte / Dnsgen

Licence: mit
Generates combination of domain names from the provided input.

Programming Languages

python
139335 projects - #7 most used programming language

Labels

bugbountyrecondomains

Projects that are alternatives of or similar to Dnsgen

ICU
An Extended, Modulair, Host Discovery Framework
Stars: ✭ 40 (-89.72%)
Mutual labels:  domains, recon, bugbounty
osmedeus-workflow
Community Workflow for the Osmedeus Engine that describes basic reconnaissance methodology for you to build your own
Stars: ✭ 26 (-93.32%)
Mutual labels:  recon, bugbounty
SubWalker
Simultaneously execute various subdomain enumeration tools and aggregate results.
Stars: ✭ 26 (-93.32%)
Mutual labels:  recon, bugbounty
targets
A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.
Stars: ✭ 85 (-78.15%)
Mutual labels:  recon, bugbounty
Sub-Drill
A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.
Stars: ✭ 70 (-82.01%)
Mutual labels:  recon, bugbounty
Reconky-Automated Bash Script
Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.
Stars: ✭ 167 (-57.07%)
Mutual labels:  recon, bugbounty
reconness-agents
Reconness Agents Script
Stars: ✭ 25 (-93.57%)
Mutual labels:  recon, bugbounty
apkizer
apkizer is a mass downloader for android applications for all available versions.
Stars: ✭ 40 (-89.72%)
Mutual labels:  recon, bugbounty
Priest
Extract server and IP address information from Browser SSRF
Stars: ✭ 13 (-96.66%)
Mutual labels:  recon, bugbounty
Megplus
Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]
Stars: ✭ 268 (-31.11%)
Mutual labels:  recon, bugbounty
Recon My Way
This repository created for personal use and added tools from my latest blog post.
Stars: ✭ 271 (-30.33%)
Mutual labels:  recon, bugbounty
goverview
goverview - Get an overview of the list of URLs
Stars: ✭ 93 (-76.09%)
Mutual labels:  recon, bugbounty
ShadowClone
Unleash the power of cloud
Stars: ✭ 224 (-42.42%)
Mutual labels:  recon, bugbounty
OffensiveCloudDistribution
Leverage the ability of Terraform and AWS or GCP to distribute large security scans across numerous cloud instances.
Stars: ✭ 86 (-77.89%)
Mutual labels:  recon, bugbounty
WhoEnum
Mass querying whois records
Stars: ✭ 24 (-93.83%)
Mutual labels:  recon, bugbounty
nuubi
Nuubi Tools (Information-ghatering|Scanner|Recon.)
Stars: ✭ 76 (-80.46%)
Mutual labels:  recon, bugbounty
flydns
Related subdomains finder
Stars: ✭ 29 (-92.54%)
Mutual labels:  recon, bugbounty
Lazyrecon
An automated approach to performing recon for bug bounty hunting and penetration testing.
Stars: ✭ 282 (-27.51%)
Mutual labels:  recon, bugbounty
leaky-paths
A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
Stars: ✭ 507 (+30.33%)
Mutual labels:  recon, bugbounty
Recon Pipeline
An automated target reconnaissance pipeline.
Stars: ✭ 278 (-28.53%)
Mutual labels:  recon, bugbounty
View All Similar Projects ➔

🌀 dnsgen (DNS generator)

This tool generates a combination of domain names from the provided input. Combinations are created based on wordlist. Custom words are extracted per execution. Refer to Techniques section to learn more.

dnsgen is very similar to altdns. It does not contain DNS resolver. You should use massdns for DNS resolution.

dnsgen

Installation

pip3 install dnsgen

..or from GitHub directly:

git clone https://github.com/ProjectAnte/dnsgen
cd dnsgen
pip3 install -r requirements.txt
python3 setup.py install

Usage

$ dnsgen domains.txt (domains.txt contains a list of active domain names)

  • -l / --wordlen: minimum size of custom words to be extracted
  • -w / --wordlist: path to custom wordlist
  • -f / --fast: Generate lower amount of domains with most probable words only
  • filename: required parameter for an input list of domains. The input file should contain domain names separated by newline character (\n). You can also use STDIN as an input method, providing - to this argument.

Combination with massdns:

$ cat domains.txt | dnsgen - | massdns -r /path/to/resolvers.txt -t A -o J --flush 2>/dev/null

Techniques

(For demo purposes, let's say that wordlist contains just one word: stage)

  • Insert word on every index — Creates new subdomain levels by inserting the words between existing levels. foo.example.com -> stage.foo.example.com, foo.stage.example.com

  • Increase/Decrease num found(In development) If number is found in an existing subdomain, increase/decrease this number without any other alteration. foo01.example.com -> foo02.example.com, foo03.example.com, ...

  • Prepend word on every index — On every subdomain level, prepend existing content with WORD and WORD-. foo.example.com -> stagefoo.example.com, stage-foo.example.com

  • Append word on every index — On every subdomain level, append existing content with WORD and WORD-. foo.example.com -> foostage.example.com, foo-stage.example.com

  • Replace the word with word — If word longer than 3 is found in an existing subdomain, replace it with other words from the wordlist. (If we have more words than one in our wordlist). stage.foo.example.com -> otherword.foo.example.com, anotherword.foo.example.com, ...

  • Extract custom words — Extend the wordlist based on target's domain naming conventions. Such words are either whole subdomain levels, or - is used for a split on some subdomain level. For instance mapp1-current.datastream.example.com has mapp1, current, datastream words. To prevent the overflow, user-defined word length is used for word extraction. The default value is set to 6. This means that only words strictly longer than 5 characters are included (from the previous example, mapp1 does not satisfy this condition).

Resources

TO DO

  • Improve README
  • Tests
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].