DNSx - A Fast And Multi-Purpose DNS Toolkit Allow To Run Multiple DNS Queries Of Your Choice With A List Of User-Supplied Resolvers

DNSx - A Fast And Multi-Purpose DNS Toolkit Allow To Run Multiple DNS Queries Of Your Choice With A List Of User-Supplied Resolvers
2020-11-28 05:30:00 Author: www.blogger.com(查看原文) 阅读量:173 收藏

tag:blogger.com,1999:blog-8317222231133660547.post-38965841651050588642020-11-27T17:30:00.001-03:002020-11-27T17:30:01.359-03:00DNSx - A Fast And Multi-Purpose DNS Toolkit Allow To Run Multiple DNS Queries Of Your Choice With A List Of User-Supplied Resolvers<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-ska1w3EhqF4/X8Dc4q8NmkI/AAAAAAAAUe8/5NAkpTLayJg44rUxxukF2yob452wZs7NACNcBGAsYHQ/s1750/dnsx_8_dnsx-run.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1200" data-original-width="1750" height="438" src="https://1.bp.blogspot.com/-ska1w3EhqF4/X8Dc4q8NmkI/AAAAAAAAUe8/5NAkpTLayJg44rUxxukF2yob452wZs7NACNcBGAsYHQ/w640-h438/dnsx_8_dnsx-run.png" width="640" /></a></div> dnsx is a fast and multi-purpose DNS <a href="https://www.kitploit.com/search/label/Toolkit" target="_blank" title="toolkit">toolkit</a> allow to run multiple probers using <a href="https://github.com/projectdiscovery/retryabledns" rel="nofollow" target="_blank" title="retryabledns">retryabledns</a> library, that allows you to perform multiple DNS queries of your choice with a list of user supplied resolvers. dnsx is successor of <a href="https://github.com/projectdiscovery/dnsprobe" rel="nofollow" target="_blank" title="dnsprobe">dnsprobe</a> that includes new features, multiple bugs fixes, and tailored for better user experience, few notable flags are <code>resp</code> and <code>resp-only</code> that allows to control and print the exact information you are looking for. We also ported DNS wildcard filtering feature to dnsx from <a href="https://github.com/projectdiscovery/shuffledns" rel="nofollow" target="_blank" title="shuffledns">shuffledns</a> as a standalone support. <a name='more'></a><div> </div>Features   <ul> <li>Simple and Handy utility to query DNS records.</li> <li>Supports A, AAAA, CNAME, PTR, NS, MX, TXT, SOA</li> <li>Handles wildcard subdomains in <a href="https://www.kitploit.com/search/label/Automated" target="_blank" title="automated">automated</a> way.</li> <li>Optimized for ease of use.</li> <li>Stdin and stdout support to work with other tools.</li> </ul> Usage <div><pre><code>dnsx -h</code></pre></div> This will display help for the tool. Here are all the switches it supports. <table> <tbody><tr> <th>Flag</th> <th>Description</th> <th>Example</th> </tr> <tr> <td>a</td> <td>Query A record</td> <td>dnsx -a</td> </tr> <tr> <td>aaaa</td> <td>Query AAAA record</td> <td>dnsx -aaaa</td> </tr> <tr> <td>cname</td> <td>Query CNAME record</td> <td>dnsx -cname</td> </tr> <tr> <td>ns</td> <td>Query NS record</td> <td>dnsx -ns</td> </tr> <tr> <td>ptr</td> <td>Query PTR record</td> <td>dnsx -ptr</td> </tr> <tr> <td>txt</td> <td>Query TXT record</td> <td>dnsx -txt</td> </tr> <tr> <td>mx</td> <td>Query MX record</td> <td>dnsx -mx</td> </tr> <tr> <td>soa</td> <td>Query SOA record</td> <td>dnsx -soa</td> </tr> <tr> <td>raw</td> <td>Operates like dig</td> <td>dnsx -raw</td> </tr> <tr> <td>l</td> <td>File input list of subdomains/host</td> <td>dnsx -l list.txt</td> </tr> <tr> <td>json</td> <td>JSON output</td> <td>dnsx -json</td> </tr> <tr> <td>r</td> <td>File or comma separated resolvers</td> <td>dnsx -r 1.1.1.1</td> </tr> <tr> <td>rl</td> <td>Limit of DNS request/second</td> <td>dnsx -rl 100</td> </tr> <tr> <td>resp</td> <td>Display response data</td> <td>dnsx -cname -resp</td> </tr> <tr> <td>resp-only</td> <td>Display only response data</td> <td>dnsx -cname resp-only</td> </tr> <tr> <td>retry</td> <td>Number of DNS retries</td> <td>dnsx -retry 1</td> </tr> <tr> <td>silent</td> <td>Show only results in the output</td> <td>dnsx -silent</td> </tr> <tr> <td>o</td> <td>File to write output to (optional)</td> <td>dnsx -o output.txt</td> </tr> <tr> <td>t</td> <td>Concurrent threads to make</td> <td>dnsx -t 250</td> </tr> <tr> <td>verbose</td> <td>Verbose output</td> <td>dnsx -verbose</td> </tr> <tr> <td>version</td> <td>Show version of dnsx</td> <td>dnsx -version</td> </tr> <tr> <td>wd</td> <td>Wildcard domain name for filtering</td> <td>dnsx -wd example.com</td> </tr> <tr> <td>wt</td> <td>Wildcard Filter Threshold</td> <td>dnsx -wt 5</td> </tr> </tbody></table> Installation Instructions From Source The installation is easy. You can download the pre-built binaries for your platform from the <a href="https://github.com/projectdiscovery/dnsx/releases/" rel="nofollow" target="_blank" title="Releases">Releases</a> page. Extract them using tar, move it to your <code>$PATH</code>and you're ready to go. <div><pre><code>Download latest <a href="https://www.kitploit.com/search/label/Binary" target="_blank" title="binary">binary</a> from https://github.com/projectdiscovery/dnsx/releases ▶ tar -xvf dnsx-linux-amd64.tar ▶ mv dnsx-linux-amd64 /usr/local/bin/dnsx ▶ dnsx -h</code></pre></div> From Source dnsx requires go1.14+ to install successfully. Run the following command to get the repo - <div><pre><code>▶ GO111MODULE=on go get -u -v github.com/projectdiscovery/dnsx/cmd/dnsx</code></pre></div> From Github <div><pre><code>▶ git clone https://github.com/projectdiscovery/dnsx.git; cd dnsx/cmd/dnsx; go build; mv dnsx /usr/local/bin/; dnsx -version</code></pre></div> Running dnsx dnsx can be used to filter dead records from the list of passive subdomains obtained from various sources, for example:- <div><pre><code>▶ <a href="https://www.kitploit.com/search/label/Subfinder" target="_blank" title="subfinder">subfinder</a> -silent -d hackerone.com | dnsx _ __ __ __| | _ __ ___ \ \/ / / _' || '_ \ / __| \ / | (_| || | | |\__ \ / \ \__,_||_| |_||___//_/\_\ v1.0 projectdiscovery.io [WRN] Use with caution. You are responsible for your actions [WRN] Developers assume no liability and are not responsible for any misuse or damage. a.ns.hackerone.com www.hackerone.com api.hackerone.com docs.hackerone.com mta-sts.managed.hackerone.com mta-sts.hackerone.com resources.hackerone.com b.ns.hackerone.com mta-sts.forwarding.hackerone.com events.hackerone.com support.hackerone.com</code></pre></div> dnsx can be used to extract A records for the given list of subdomains, for example:- <div><pre><code>▶ subfinder -silent -d hackerone.com | dnsx -silent -A -resp a.ns.hackerone.com [162.159.0.31] b.ns.hackerone.com [162.159.1.31] mta-sts.hackerone.com [185.199.108.153] events.hackerone.com [208.100.11.134] mta-sts.managed.hackerone.com [185.199.108.153] resources.hackerone.com [52.60.160.16] resources.hackerone.com [52.60.165.183] www.hackerone.com [104.16.100.52] support.hackerone.com [104.16.53.111]</code></pre></div> dnsx can be used to extract CNAME records for the given list of subdomains, for example:- <div><pre><code>▶ subfinder -silent -d hackerone.com | dnsx -silent -cname -resp support.hackerone.com [hackerone.zendesk.com] resources.hackerone.com [read.uberflip.com] mta-sts.hackerone.com [hacker0x01.github.io] mta-sts.forwarding.hackerone.com [hacker0x01.github.io] events.hackerone.com [whitelabel.bigmarker.com]</code></pre></div> dnsx can be used to extract subdomains from given network range using <code>PTR</code> query, for example:- <div><pre><code>mapcidr -cidr 173.0.84.0/24 -silent | dnsx -silent -resp-only -ptr cors.api.paypal.com trinityadminauth.paypal.com cld-edge-origin-api.paypal.com appmanagement.paypal.com svcs.paypal.com trinitypie-serv.paypal.com ppn.paypal.com pointofsale-new.paypal.com pointofsale.paypal.com slc-a-origin-pointofsale.paypal.com fpdbs.paypal.com</code></pre></div> Wildcard filtering A special feature of dnsx is its ability to handle multi-level DNS based wildcards and do it so with very less number of DNS requests. Sometimes all the subdomains will resolve which will lead to lots of garbage in the results. The way dnsx handles this is it will keep track of how many subdomains point to an IP and if the count of the <a href="https://www.kitploit.com/search/label/Subdomains" target="_blank" title="Subdomains">Subdomains</a> increase beyond a certain small threshold, it will check for wildcard on all the levels of the hosts for that IP iteratively. <div><pre><code>dnsx -l airbnb-subs.txt -wd airbnb.com -o output.txt</code></pre></div> <div>Notes</div> <ul> <li>As default, dnsx checks for A record.</li> <li>As default dnsx uses Google, Cloudflare, Quad9 <a href="https://github.com/projectdiscovery/dnsx/blob/43af78839e237ea8cbafe571df1ab0d6cbe7f445/libs/dnsx/dnsx.go#L31" rel="nofollow" target="_blank" title="resolver">resolver</a>.</li> <li>Domain name input is mandatory for wildcard elimination.</li> <li>DNS record flag can not be used when using wildcard filtering.</li> </ul> dnsx is made with <div></div> by the <a href="https://projectdiscovery.io" rel="nofollow" target="_blank" title="projectdiscovery">projectdiscovery</a> team. <div style="text-align: center;"><a class="kiploit-download" href="https://github.com/projectdiscovery/dnsx" rel="nofollow" target="_blank" title="Download Dnsx">Download Dnsx</a></div>Zion3R[email protected]

文章来源: http://www.blogger.com/feeds/8317222231133660547/posts/default/3896584165105058864
如有侵权请联系:admin#unsafe.sh