 |
| DNSCAN |
DNScan is a tool used for searching subdomains on a target domain. Essentially, it performs DNS queries to find subdomains that are associated with the target domain.
DNScan tools have several features such as:
1. It can use various data sources for discovering subdomains including passive discovery, dictionary based discovery, brute-force discovery, etc.
2. It can perform deep scanning of subdomains and check for opened ports, exposed databases, or firewalls.
3. It can identify the different types of DNS records associated with discovered subdomains.
4. It can be customized to filter out irrelevant subdomains and only return the necessary ones.
There are several DNScan tools available such as Recon-ng, Sublist3r, and Amass, etc. These tools can be used by security analysts and penetration testers to enumerate a company's subdomains and gather information that can be used to identify potential vulnerabilities in their networks.
https://github.com/rbsec/dnscan
Usage
dnscan.py (-d <domain> | -l <list>) [OPTIONS]
Mandatory Arguments
-d--domain Target domain; OR
-l --list Newline separated file of domains to scan
Optional Arguments
-w --wordlist <wordlist> Wordlist of subdomains to use
-t --threads <threadcount> Threads (1 - 32), default 8
-6 --ipv6 Scan for IPv6 records (AAAA)
-z --zonetransfer Perform zone transfer and exit
-r --recursive Recursively scan subdomains
--recurse-wildcards Recursively scan wildcards (slow)
-m --maxdepth Maximum levels to scan recursively
-a --alterations Scan for alterations of subdomains (slow)
-R --resolver <resolver> Use the specified resolver instead of the system default
-L --resolver-list <file> Read list of resolvers from a file
-T --tld Scan for the domain in all TLDs
-o --output <filename> Output to a text file
-i --output-ips <filename> Output discovered IP addresses to a text file
-n --nocheck Don't check nameservers before scanning. Useful in airgapped networks
-q --quick Only perform the zone transfer and subdomain scans. Suppresses most file output with -o
-N --no-ip Don't print IP addresses in the output
-v --verbose Verbose output
-h --help Display help text
Custom insertion points can be specified by adding %% in the domain name, such as:
$ dnscan.py -d dev-%%.example.org
Setup
dnscan requires Python 3, and the netaddr (version 0.7.19 or greater) and dnspython (version 2.0.0 or greater) libraries.
Run the following command to install dependencies:
$ pip install -r requirements.txt
0 Comments