GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → teknogeek → fresh.py

teknogeek / fresh.py

Licence: other
An efficient multi-threaded DNS resolver validator

Programming Languages

python
139335 projects - #7 most used programming language
shell
77523 projects

Labels

dnsbugbounty

Projects that are alternatives of or similar to fresh.py

Sonarsearch
A MongoDB importer and API for Project Sonars DNS datasets
Stars: ✭ 297 (+271.25%)
Mutual labels:  dns, bugbounty
Dns Discovery
DNS-Discovery is a multithreaded subdomain bruteforcer.
Stars: ✭ 114 (+42.5%)
Mutual labels:  dns, bugbounty
Dictionary Of Pentesting
Dictionary collection project such as Pentesing, Fuzzing, Bruteforce and BugBounty. 渗透测试、SRC漏洞挖掘、爆破、Fuzzing等字典收集项目。
Stars: ✭ 492 (+515%)
Mutual labels:  dns, bugbounty
Pdlist
A passive subdomain finder
Stars: ✭ 204 (+155%)
Mutual labels:  dns, bugbounty
Cazador unr
Hacking tools
Stars: ✭ 95 (+18.75%)
Mutual labels:  dns, bugbounty
Dnsprobe
DNSProb is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.
Stars: ✭ 221 (+176.25%)
Mutual labels:  dns, bugbounty
hack-pet
🐰 Managing command snippets for hackers/bug bounty hunters. with pet.
Stars: ✭ 77 (-3.75%)
Mutual labels:  bugbounty
ldapconsole
The ldapconsole script allows you to perform custom LDAP requests to a Windows domain.
Stars: ✭ 25 (-68.75%)
Mutual labels:  bugbounty
CVE-2021-44228-PoC-log4j-bypass-words
🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks
Stars: ✭ 760 (+850%)
Mutual labels:  bugbounty
DnsTube
Access your computer from anywhere. DnsTube is a Windows .NET dynamic DNS client for Cloudflare.
Stars: ✭ 137 (+71.25%)
Mutual labels:  dns
BugHunter
No description or website provided.
Stars: ✭ 23 (-71.25%)
Mutual labels:  bugbounty
T1tl3
A simple python script which can check HTTP status of branch of URLs/Subdomains and grab URLs/Subdomain title
Stars: ✭ 14 (-82.5%)
Mutual labels:  bugbounty
AmpliSpy
Check local or remote list of DNS servers for suitability in DNS Amplification DoS.
Stars: ✭ 39 (-51.25%)
Mutual labels:  dns
sender policy flattener
Compact large SPF chains into flat blocks of IP addresses
Stars: ✭ 25 (-68.75%)
Mutual labels:  dns
osmedeus-workflow
Community Workflow for the Osmedeus Engine that describes basic reconnaissance methodology for you to build your own
Stars: ✭ 26 (-67.5%)
Mutual labels:  bugbounty
Payloads
Payload Arsenal for Pentration Tester and Bug Bounty Hunters
Stars: ✭ 421 (+426.25%)
Mutual labels:  bugbounty
Alfis
Alternative Free Identity System
Stars: ✭ 162 (+102.5%)
Mutual labels:  dns
dnsbin2
I have literally no idea why I did that - Pastebin over DNS
Stars: ✭ 36 (-55%)
Mutual labels:  dns
email-checker
Provides email verification on the go.
Stars: ✭ 116 (+45%)
Mutual labels:  dns
HolyTips
A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
Stars: ✭ 1,210 (+1412.5%)
Mutual labels:  bugbounty
View All Similar Projects ➔

fresh.py

A remix of fresh.sh with threading and some lots of added benefits :)

Installation

Tested on Python 3.5+

$ git clone https://github.com/teknogeek/fresh.py && cd fresh.py
$ pip3 install -r requirements.txt
$ python3 fresh.py

Usage

usage: fresh.py [-h] [-q QUERY_DOMAIN] [-f FALSE_POSITIVE_DOMAIN]
                [-b BASELINE_SERVER] [-o OUTPUT_FILE] [-t TIMEOUT]
                [-r RETRIES] [-j JOB_COUNT] [-k] [-v] [--clean CLEAN_REGEX]
                [--noclean]

optional arguments:
  -h, --help            show this help message and exit
  -q QUERY_DOMAIN, --query QUERY_DOMAIN
                        Valid domain to query each resolver for, e.g.
                        example.com, images.google.com (default: example.com)
  -f FALSE_POSITIVE_DOMAIN, --fpdomain FALSE_POSITIVE_DOMAIN
                        Invalid domain to test as a false positive for each
                        resolver, e.g. ygsfdhauysuh.example.com,
                        www.thisisnotarealdomain.google.com (default:
                        www.workshop.netscape.com)
  -b BASELINE_SERVER, --baseline BASELINE_SERVER
                        DNS server IP to use for baseline sanity check to
                        compare all other resolver results against, e.g.
                        1.1.1.1, 8.8.8.8 (default: 1.1.1.1)
  -o OUTPUT_FILE, --output OUTPUT_FILE
                        Output file for valid resolvers (default:
                        resolvers.txt)
  -t TIMEOUT, --timeout TIMEOUT
                        DNS query timeout for each resolver (in seconds)
                        (default: 3)
  -r RETRIES, --retries RETRIES
                        Number of times to retry querying each resolver
                        (default: 1)
  -j JOB_COUNT, --jobs JOB_COUNT
                        Number concurrent threads to use (default: 50)
  -k, --keep            Keep and rename the output file if it already exists
                        (default: False)
  -v, --verbose         Increase verbosity to show each resolver being testing
                        (disables progress bar) (default: False)
  --clean CLEAN_REGEX   File containing a list of regex patterns used to match
                        and clean bad results and resolvers (default:
                        clean_regex.txt)
  --noclean             Force fresh.py not to pre-clean the resolver list with
                        patterns from the the --clean file (default: False)

Cleaning Outputs

No matter how good your resolver list is, there's a pretty good chance you're gonna get false positives. While this script attempts to mitigate as much of that as it can before doing DNS lookups (by checking the resolvers), it's not perfect. As a resuslt, I Massdns The clean.sh and clean_regex.txt files are used to clean and sanitize both the resolver addresses themselves and any DNS lookup results.

Massdns example:

$ python3 fresh.py -o resolvers.txt
$ massdns -r resolvers.txt -t A -o S -w massdns_output.txt domain_list.txt
$ bash clean.sh massdns_output.txt > massdns_clean.txt

clean.sh is really just a egrep -vf that uses the clean_regex.txt patterns by default. You can optionally provide your own regex pattern file as a second argument:

$ ~/fresh.py/clean.sh
Usage: clean.sh <input_file> [regex_pattern_file]

This will usually end up outputting a very clean resulting file.

I would love more regex contributions! These regex patterns come from my own personal observations and testing.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].