projectante / dnsgen Goto Github PK

Generates combination of domain names from the provided input.

License: MIT License

Python 95.74% Makefile 4.26%

recon subdomains domains osint

dnsgen's Introduction

🌀 dnsgen (DNS generator)

This tool generates a combination of domain names from the provided input. Combinations are created based on wordlist. Custom words are extracted per execution. Refer to Techniques section to learn more.

dnsgen is very similar to altdns. It does not contain DNS resolver. You should use massdns for DNS resolution.

Installation

python -m pip install dnsgen

..or from GitHub directly:

git clone https://github.com/AlephNullSK/dnsgen
cd dnsgen/
python -m poetry install

Usage

$ dnsgen domains.txt (domains.txt contains a list of active domain names)

-l / --wordlen: minimum size of custom words to be extracted
-w / --wordlist: path to custom wordlist
-f / --fast: Generate lower amount of domains with most probable words only
-o, --output: Store results to the output file.
filename: required parameter for an input list of domains. The input file should contain domain names separated by newline character (\n). You can also use STDIN as an input method, providing - to this argument.

Combination with massdns:

$ cat domains.txt | dnsgen - | massdns -r /path/to/resolvers.txt -t A -o J --flush 2>/dev/null

Get only resolved domains with massdns:

$ dnsgen hosts.txt >> dnsgen_wordlist.txt
$ massdns -r ~/tools/massdns/lists/resolvers.txt -o S dnsgen_wordlist.txt | grep -e ' A ' | cut -d 'A' -f 1 | rev | cut -d "." -f1 --complement | rev | sort | uniq  > dnsgen_massdns_resolved

these will generate a file with domains without "text polution".

Techniques

(For demo purposes, let's say that wordlist contains just one word: stage)

Insert word on every index — Creates new subdomain levels by inserting the words between existing levels. foo.example.com -> stage.foo.example.com, foo.stage.example.com
Increase/Decrease num found — (In development) If number is found in an existing subdomain, increase/decrease this number without any other alteration. foo01.example.com -> foo02.example.com, foo03.example.com, ...
Prepend word on every index — On every subdomain level, prepend existing content with WORD and WORD-. foo.example.com -> stagefoo.example.com, stage-foo.example.com
Append word on every index — On every subdomain level, append existing content with WORD and WORD-. foo.example.com -> foostage.example.com, foo-stage.example.com
Replace the word with word — If word longer than 3 is found in an existing subdomain, replace it with other words from the wordlist. (If we have more words than one in our wordlist). stage.foo.example.com -> otherword.foo.example.com, anotherword.foo.example.com, ...
Extract custom words — Extend the wordlist based on target's domain naming conventions. Such words are either whole subdomain levels, or - is used for a split on some subdomain level. For instance mapp1-current.datastream.example.com has mapp1, current, datastream words. To prevent the overflow, user-defined word length is used for word extraction. The default value is set to 6. This means that only words strictly longer than 5 characters are included (from the previous example, mapp1 does not satisfy this condition).

Resources

TO DO

Improve README
Tests

Author

Aleph Null s.r.o.

dnsgen's People

Contributors

Stargazers

Watchers

Forkers

gavz h121h j1anfen lonehand c002 ayoub5474 d1pakda5 barunesh ignitionlab security-geeks blacksper shivlondon lewerkun mmillerxyz affilares doktatech amalmurali47 srilakshmish jonathanzhou348 krouser joeldeleep frostnull shahid1996 priamsec 0x43f modulexcite elamaran619 sasqwatch 3xploit2 pentest-tools slooppe thetachan dd404x archyxsec deku-izuku-dotcom dmatrixx drkeinelust arrahmani cyberpwned polling-repo-continua illegal-byte mrseccoder 7rust rsrdesarrollo vasilemarin kodjob abss0x7tbh 0irebrwe dmatrixxlabs jayway007 bbhunter mel-deeb shahad7278 sebastiandugudae mqtt1988 s3r1alsh0ck dibdibdib flaviupopescu silentsoul04 tommalvoriddle kevzim jaikishantulswani okaayfine sleepyeinstein sinsixx ashis-banerjee storenth lijinta1984 excloudx6 taythebot fatihegbatan dinarpay 3as0n michael1026 terrisgo suryatmodulus mild0wl doris49383 mersenibilel snnifer ruevaughn safisec limkokholefork willardjansen walexzzy 0xsojalsec yunus96 santosh-gundimeda gprime31 matitanium readloud afwu 5l1v3r1 doanhnhq-uit devendrasuthar dgutdgut meaebi raoshaab 8mrblank rick-vini

dnsgen's Issues

[Feature Request] write to file/output to file.

1st of all i would like you thank you for this great project @PatrikHudak .
I have one feature request and a minor change to make work on windows as well.

Feature Request

you can add option to write to the file instead of using Mem.
- running dnsgen against 5 to 6k subdomains eats up all the Memory and the process gets killed so in that case writing to file will be helpful and plus point is massdns also accepts file as input to resolve.
this feature will save people using this great project with less RAM

Change to make it platform independent

you can use python's os module to get the path to words.txt the current one is nice but instead of hard coding the path as /words.txt we can use

os.path.join(pathlib.Path(__file__).parent, "words.txt")

Bug : -f option does not provide output

--fast , -f option does not provide any output when the number of input domains are lower.

However, there is not present when the number of input domain is increased.

Developing unit tests for dnsgen

Hello PatrikHudak,

I would like to contribute to dnsgen project by identifying and developing test cases using 'unittest' - python unit testing framework. Is this project still available to contribute?

Thanks,
Sri

Remove Duplicates

Dnsgen outputs a lot of duplicates

Input File

example.com
hey3.example.com
hey2.example.com
hey1.example.com

Command

dnsgen --fast targets.txt

Output

hey3.example.com
hey4.example.com
hey5.example.com
hey1.example.com
hey0.example.com
hey2.example.com
hey3.example.com
hey4.example.com
hey0.example.com
hey4.example.com
hey5.example.com
hey6.example.com
hey2.example.com
hey1.example.com
hey0.example.com

Desired output

hey0.example.com
hey1.example.com
hey2.example.com
hey3.example.com
hey4.example.com
hey5.example.com
hey6.example.com

Tool Usage Tips

It can be used for DNS resolution as follows.

Sample usage

Usage 1(fping)

cat domains.txt | dnsgen - |fping|grep "alive"|cut -d " " -f1>resolvers.txt

Usage 2(httprobe )

cat domains.txt | dnsgen - |httprobe|cut -d "/" -f3|sort -u |tee resolvers.txt

add flag to remove "Extract custom words" technique

Would it be possible to add a flag to not use the "Extract custom words " technique? It generates and absurd amount of combinations and making it impossible to resolve then.

Option to customize # of permutations

The tool should offer more flexibility in terms of permutation. When running on a mid-size wordlist a lot of garbage strings will appear:

lsfk-market-customization-ui-prezlsfk-market-customization-ui-prealsfk-market-customization-ui-prehlsfk-market-customization-ui-prellsfk-market-customization-ui-preulsfk-market-customization-ui-prenlsfk-market-customization-ui-preglsfk-market-customization-ui-preslsfk-market-customization-ui-prerlsfk-market-customization-ui-preelsfk-market-customization-ui-preslsfk-market-customization-ui-preelsfk-market-customization-ui-prerlsfk-market-customization-ui-prevlsfk-market-customization-ui-preilsfk-market-customization-ui-preelsfk-market-customization-ui-prerlsfk-market-customization-ui-preulsfk-market-customization-ui-prenlsfk-market-customization-ui-preglsfk-market-customization-ui-pre
lsfk-market-customization-ui-prezlsfk-market-customization-ui-prealsfk-market-customization-ui-prehlsfk-market-customization-ui-prellsfk-market-customization-ui-preulsfk-market-customization-ui-prenlsfk-market-customization-ui-preglsfk-market-customization-ui-preslsfk-market-customization-ui-prerlsfk-market-customization-ui-preelsfk-market-customization-ui-preslsfk-market-customization-ui-preelsfk-market-customization-ui-prerlsfk-market-customization-ui-prevlsfk-market-customization-ui-preilsfk-market-customization-ui-preelsfk-market-customization-ui-prerlsfk-market-customization-ui-preulsfk-market-customization-ui-prenlsfk-market-customization-ui-preglsfk-market-customization-ui-pre-lsfk-market-customization-ui-preilsfk-market-customization-ui-prenlsfk-market-customization-ui-pretlsfk-market-customization-ui-pre
lsfk-market-customization-ui-prezlsfk-market-customization-ui-prealsfk-market-customization-ui-prehlsfk-market-customization-ui-prellsfk-market-customization-ui-preulsfk-market-customization-ui-prenlsfk-market-customization-ui-preglsfk-market-customization-ui-preslsfk-market-customization-ui-prerlsfk-market-customization-ui-preelsfk-market-customization-ui-preslsfk-market-customization-ui-preelsfk-market-customization-ui-prerlsfk-market-customization-ui-prevlsfk-market-customization-ui-preilsfk-market-customization-ui-preelsfk-market-customization-ui-prerlsfk-market-customization-ui-preulsfk-market-customization-ui-prenlsfk-market-customization-ui-preglsfk-market-customization-ui-pre-lsfk-market-customization-ui-preplsfk-market-customization-ui-prerlsfk-market-customization-ui-preelsfk-market-customization-ui-pre
lsfk-market-customization-ui-prezlsfk-market-customization-ui-preulsfk-market-customization-ui-prehlsfk-market-customization-ui-prealsfk-market-customization-ui-preulsfk-market-customization-ui-preslsfk-market-customization-ui-preelsfk-market-customization-ui-pre

Feature request : do permutation only on one subdomain

Hello,

nice tool and thks for that :)
I would like to know if is possible to add permutation only on subdomain besause i use this tool in my workflow but the scope is wildcard on subdomain (exemple : *.xxx.yyy.com) . When i use this tool to genrate some permutation it generate all permutation on main domain (*.yyy.com) even if all subdomain i provide to it (exemple : eee.xxx.yyy.com or fff.xxx.yyy.com) concerne only one subdomain.

Exiting without showing any error!

Hi, I have installed all the modules correctly but still, it didn't run. It exits silently without showing any error.

I run this command $ python3 dnsgen.py
And it exits back to my directory?

1260 results from root domain

Is it normal to get 1260 generated subdomains when providing root domain? I was getting ~200 in an old vps, so something changed or something was added I think

$ echo "google.com" | dnsgen - | wc -l 1260

Am I the only one? it generates unlikely to exist subdomains, such as -hwcdn.google.com

Feature request

limit dnsgen output file size to specific size so that it do not hang the VPS.
Can we do that?

Base Subdomains are not included.

Hi,
when I run all found subdomain for alteration through dnsgen then some of the base domain are not there in output file.

Suppose I have subdomain named xyx.example.com and many more subdomins of example.com.
When a file containing all these sort of subdomais are given to dnsgen then the altered domains does not include xyx.example.com in the output file.
NOTE: It gives its childrens. (abc.xyx.example.com). But not xyx.example.com. Hence when ran through massdns it affects its results.

No output given

2021-08-18-11-36-14.mp4

Hello ,

the tool doesn't provide any output when using it
although all the libraries/requirements installed and everything is alright (and python3 used)

What am I missing and thanks in advance