rbsec / dnscan Goto Github PK
View Code? Open in Web Editor NEWLicense: GNU General Public License v3.0
License: GNU General Public License v3.0
I have noticed that when using dnscan with a DNS provider that redirects bad requests to a search page, the current approach doesn't always work to detect wildcard. For example, my ISP (CableOne) will fail and not redirect for a domain like 12345.twitter.com. But if I add an 'a' to the beginning (a12345.twitter.com) it works as expected and redirects, thus detecting the wildcard behavior. Otherwise, all non existent domains are redirected to the "failed DNS query search page" thus giving a ton of false positives.
# Use current unix time as a test subdomain
epochtime = 'a' + str(int(time.time()))
Changing the above code in the get_wildcard() method to include a prefixed alpha character worked for me.
Hello,
Thank you for your work.
I am testing dnscan to find some valid domains with all existing tlds.
But for domains that I checked by hand for which I found several hundred matches dnsscan found me only 16 with the command.
./dnscan.py -d example -R 1.1.1.1 -T --output example_domains.txt
then
with my DNS server (DNSSEC active)
python3 dnscan.py -d google -R 127.0.0.1 -T --output google_domains.txt
python3 dnscan.py -d google -R 1.1.1.1 -T --output google_domains.txt
I have 286 domains on the screen but the google_domains.txt file contains:
[] Processing domain google
[] Using specified resolvers: 1.1.1.1
[+] TLD Scan
With the command
python3 dnscan.py -d google -R 1.1.1.1 -T > google_domains.txt
My file is well populated but with several line breaks like this
...
google.ac - ns1.google.com
google.af - ns1.google.com
google.aero - ns1.101domain.com
google.ad - ns1.google.com
...
NS outputs are not useful to me and will generate a workload.
What are the tips to understand to help me?
Thank you for your help.
__
Hi,
i have error, looking for help
Thanks.
C:\Users\nng\Desktop\dnscan-master>dnscan.py -d dev-%%.example.org
usage: dnscan.py [-h] (-d DOMAIN | -l DOMAIN_LIST) [-w WORDLIST] [-t THREADS] [-6] [-z] [-r] [-m MAXDEPTH] [-a]
[-R RESOLVERS] [-L RESOLVER_LIST] [-T] [-o OUTPUT_FILENAME] [-i OUTPUT_IPS] [-D] [-N] [-v] [-n] [-q]
dnscan.py: error: one of the arguments -d/--domain -l/--list is required
It is possible to add support for module like import to be used in conjunction with other Modules
for example
import dnscan
or
from dnscan import finder
So that it can be used like
results = finder.subdomainfinder("example.com") # return dict
The reason am asking for this is because I have intergrated this module here at
https://www.nmmapper.com/sys/tools/subdomainfinder/
But I just use the hard way not module like import.
Thank you.
Can we have stdout silent feature to show only output like :
$python3 dnscan.py -d example.com -R 8.8.8.8 -silent
13.126.128.222 - example.com
13.126.119.83 - api.example.com
13.235.126.49 - api.example.com
13.35.191.126 - assets.example.com
Hi @rbsec!
I really enjoy using dnscan and it is really helpful during the recon process.
However, when using the output with other tools the format becomes a major challenge. Any chance of including an option to get plaintext output.
Thanks in advance.
Best,
sumgr0
Would be cool if output was:
mail.somedomain.com - 127.0.0.1
Instead of
127.0.0.1 - mail.somedomain.com
So that the list can be sorted easily with tools like sort -u
If the input is given as www.example.com
dnscan still tries to enumerate domains,with the prefix www.
Can we have step in dnscan.py to clean/filter the input.
i was providing list of subdomains from which a subdomain was missing to list down though it was available .
like was scanning abc.com and from list there was keyword analytic but tool bypass this subdomain
but actually analytics.abc.com is available . when I retried it, the tool identified that particular sub domain . so is there any extensive setting which i should implement to scan all list thoroughly. other wise how can we rely on tool .
Hello,
I got this error when trying to bruteforce subdomains:
Traceback (most recent call last):
File "dnscan.py", line 499, in
get_dnssec(target, nsip)
File "dnscan.py", line 263, in get_dnssec
dns.dnssec.validate(answer[0],answer[1],{name:answer[0]})
File "/usr/local/lib/python3.8/dist-packages/dns/dnssec.py", line 490, in _validate
_validate_rrsig(rrset, rrsig, keys, origin, now)
File "/usr/local/lib/python3.8/dist-packages/dns/dnssec.py", line 287, in _validate_rrsig
candidate_keys = _find_candidate_keys(keys, rrsig)
File "/usr/local/lib/python3.8/dist-packages/dns/dnssec.py", line 170, in _find_candidate_keys
value = keys.get(rrsig.signer)
AttributeError: 'DNSKEY' object has no attribute 'signer'
Regards
Hello, there is a bug inside dnscan.py at line 114: add_target(domain) # Recursively scan subdomains
This function must be run only when wildcard = get_wildcard(domain) is empty, so it is needed to add a condition if not wildcard:
, or wildcard domain will be added to recursive subdomain scan.
Allow passing a file with a list of domains to scan.
hi,
when i try to use dnscan with option -l to bruteforce multiple domains, this bug appear
Traceback (most recent call last): File "/usr/bin/dnscan", line 386, in <module> if not '%%' in args.domain: TypeError: argument of type 'NoneType' is not iterable
Hi,
I'm no longer able to run dnscan due to the following error:
:~/dnscan$ python3 dnscan.py -d test.com
Traceback (most recent call last):
File "dnscan.py", line 349, in <module>
resolver.resolve('.', 'NS')
AttributeError: 'Resolver' object has no attribute 'resolve'
I tried to update dnspython and install dsnpython3, but I still have the same error, with python2 and python3.
I googled a lot to find a potential fix, without success.
Write stdout to a file. Maybe also CSV?
The tool adds noise in the output file even verbose
flag is not set. It's ok to print verbose output to console, but not in file.
I run dnscan with the following args:
dnscan -d example.com -D -o sds.txt
The content of sds.txt:
[*] Processing domain example.com
[*] Using system resolvers ['127.0.0.53']
[+] Getting nameservers
199.43.133.53 - b.iana-servers.net
199.43.135.53 - a.iana-servers.net
[-] Zone transfer failed
[+] IPv6 (AAAA) records found. Try running dnscan with the -6 option.
2606:2800:220:1:248:1893:25c8:1946
[+] TXT records found
"v=spf1 -all"
"8j5nfqld20zpcyr8xjw0ydcfq9rk8hgm"
[-] Invalid DNSKEY record length
[+] MX records found, added to target list
0 .
[*] Scanning example.com for A records
example.com - 93.184.216.34
www.example.com - 93.184.216.34
If you agree with this change, I'll be happy to create a PR.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.