GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → pwnesia → dnstake

pwnesia / dnstake

Licence: MIT license
DNSTake — A fast tool to check missing hosted DNS zones that can lead to subdomain takeover

Programming Languages

go
31211 projects - #10 most used programming language

Labels

dnssubdomainnameservervulnerabilitytakeover

Projects that are alternatives of or similar to dnstake

Aspnetcoresubdomain
Simple usage lib for subdomain routing in ASP.NET Core/Framework MVC
Stars: ✭ 157 (-78.28%)
Mutual labels:  subdomain
cve-2016-1764
Extraction of iMessage Data via XSS
Stars: ✭ 52 (-92.81%)
Mutual labels:  vulnerability
npm-audit-action
GitHub Action to run `npm audit`
Stars: ✭ 30 (-95.85%)
Mutual labels:  vulnerability
Can I Take Over Xyz
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Stars: ✭ 2,808 (+288.38%)
Mutual labels:  subdomain
FIDL
A sane API for IDA Pro's decompiler. Useful for malware RE and vulnerability research
Stars: ✭ 421 (-41.77%)
Mutual labels:  vulnerability
dheater
D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange.
Stars: ✭ 142 (-80.36%)
Mutual labels:  vulnerability
Massdns
A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
Stars: ✭ 2,093 (+189.49%)
Mutual labels:  subdomain
rsGen
rsGen is a Reverse Shell Payload Generator for hacking.
Stars: ✭ 71 (-90.18%)
Mutual labels:  vulnerability
gvm-tools
Remote control your Greenbone Community Edition or Greenbone Enterprise Appliance
Stars: ✭ 143 (-80.22%)
Mutual labels:  vulnerability
vrt-ruby
Ruby library for interacting with Bugcrowd's VRT
Stars: ✭ 15 (-97.93%)
Mutual labels:  vulnerability
Tldextract
[DEPRECATED] Library for extraction of domain parts e.g. TLD. Domain parser that uses Public Suffix List
Stars: ✭ 218 (-69.85%)
Mutual labels:  subdomain
Aggressor
Ladon for Cobalt Strike, Large Network Penetration Scanner, vulnerability / exploit / detection / MS17010 / password/brute-force/psexec/atexec/sshexec/webshell/smbexec/netcat/osscan/netscan/struts2Poc/weblogicExp
Stars: ✭ 228 (-68.46%)
Mutual labels:  subdomain
aemscan
Adobe Experience Manager Vulnerability Scanner
Stars: ✭ 161 (-77.73%)
Mutual labels:  vulnerability
Multi Domain Laravel
An example of multi-domain/subdomain app in Laravel.
Stars: ✭ 171 (-76.35%)
Mutual labels:  subdomain
Vulnogram
Vulnogram is a tool for creating and editing CVE information in CVE JSON format
Stars: ✭ 103 (-85.75%)
Mutual labels:  vulnerability
Gsdf
A domain searcher named GoogleSSLdomainFinder - 基于谷歌SSL透明证书的子域名查询工具
Stars: ✭ 155 (-78.56%)
Mutual labels:  subdomain
astam-correlator
Vulnerability consolidation and management tool, enhances scan results by merging different findings of the same weakness across multiple static/dynamic scans
Stars: ✭ 22 (-96.96%)
Mutual labels:  vulnerability
gradejs
GradeJS analyzes production Webpack bundles without having access to the source code of a website. Instantly see vulnerabilities, outdated packages, and more just by entering a web application URL.
Stars: ✭ 362 (-49.93%)
Mutual labels:  vulnerability
ras-fuzzer
RAS(RAndom Subdomain) Fuzzer
Stars: ✭ 42 (-94.19%)
Mutual labels:  subdomain
koa-subdomain
Simple and lightweight Koa middleware to handle multilevel and wildcard subdomains
Stars: ✭ 23 (-96.82%)
Mutual labels:  subdomain
View All Similar Projects ➔

DNSTake

DNSTake

A fast tool to check missing hosted DNS zones that can lead to subdomain takeover.

What is a DNS takeover?

DNS takeover vulnerabilities occur when a subdomain (subdomain.example.com) or domain has its authoritative nameserver set to a provider (e.g. AWS Route 53, Akamai, Microsoft Azure, etc.) but the hosted zone has been removed or deleted. Consequently, when making a request for DNS records the server responds with a SERVFAIL error. This allows an attacker to create the missing hosted zone on the service that was being used and thus control all DNS records for that (sub)domain.¹

Installation

from Binary

The ez way! You can download a pre-built binary from releases page, just unpack and run!

from Source

NOTE: Go 1.16+ compiler should be installed & configured!

Very quick & clean!

▶ go install github.com/pwnesia/dnstake/cmd/dnstake@latest

— or

Manual building executable from source code:

▶ git clone https://github.com/pwnesia/dnstake
▶ cd dnstake/cmd/dnstake
▶ go build .
▶ (sudo) mv dnstake /usr/local/bin

Usage

$ dnstake -h

  ·▄▄▄▄   ▐ ▄ .▄▄ ·▄▄▄▄▄ ▄▄▄· ▄ •▄ ▄▄▄ .
  ██▪ ██ •█▌▐█▐█ ▀.•██  ▐█ ▀█ █▌▄▌▪▀▄.▀·
  ▐█· ▐█▌▐█▐▐▌▄▀▀▀█▄▐█.▪▄█▀▀█ ▐▀▀▄·▐▀▀▪▄
  ██. ██ ██▐█▌▐█▄▪▐█▐█▌·▐█ ▪▐▌▐█.█▌▐█▄▄▌
  ▀▀▀▀▀• ▀▀ █▪ ▀▀▀▀ ▀▀▀  ▀  ▀ ·▀  ▀ ▀▀▀

        (c) pwnesia.org — v0.0.1

Usage:
  [stdin] | dnstake [options]
  dnstake -t HOSTNAME [options]

Options:
  -t, --target <HOST/FILE>    Define single target host/list to check
  -c, --concurrent <i>        Set the concurrency level (default: 25)
  -s, --silent                Suppress errors and/or clean output
  -o, --output <FILE>         Save vulnerable hosts to FILE
  -h, --help                  Display its help

Examples:
  dnstake -t (sub.)domain.tld
  dnstake -t hosts.txt
  dnstake -t hosts.txt -o ./dnstake.out
  cat hosts.txt | dnstake
  subfinder -silent -d domain.tld | dnstake

Workflow

DNSTake use RetryableDNS client library to send DNS queries. Initial engagement using Google & Cloudflare DNS as the resolver, then check & fingerprinting the nameservers of target host — if there is one, it will resolving the target host again with its nameserver IPs as resolver, if it gets weird DNS status response (other than NOERROR/NXDOMAIN), then it's vulnerable to be taken over. More or less like this in form of a diagram.

Currently supported DNS providers, see here.

References

License

DNSTake is distributed under MIT. See LICENSE.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].