Code Monkey home page Code Monkey logo

dns-analyzer's Introduction

DNS Analyzer

A Burp Suite extension for discovering DNS vulnerabilities in web applications!
An in-depth guide for the DNS Analyzer can be found here.

Install (Coming soon!)

The DNS Analyzer extension can be installed directly from the BApp Store in Burp Suite!
Extensions > BApp Store > DNS Analyzer

Compile & Install

You can download the precompiled JAR from releases.
Or, you can build this project via the fatJar gradle task:

  • Linux: ./gradlew fatJar
  • Windows: gradlew.bat fatJar

The compiled JAR can then be found under build/libs/.

To load the extension via Burp Suite Professional, navigate to Extensions > Installed > Add and select DNSAnalyzer-all-1.0.jar as .jar file.

Howto

The basic usage boils down to the following steps:

  1. Click "Copy to Clipboard" to generate and copy a Burp Collaborator domain
  2. Get something to resolve the generated domain via DNS. For example, by using it:
    • as an e-mail domain (e.g., test@[collaborator domain])
      • Use it at registrations
      • Use it at password resets
      • Use it for news-letters
      • ...
    • via SSRF
    • anywhere, where the collaborator domain gets resolved via DNS
  3. Analyze the DNS name resolution by selecting DNS messages in the table
  4. ...
  5. Profit

Here's an example overview of this process:
DNS Analyzer Overview_small
Advanced usage and more can be found here.

Bug Bounty Tips

Should you be looking for DNS vulnerabilities in bug bounty domains?
YES! However, only report a DNS vulnerability if:

  1. infrastructure is in the scope of the bug bounty program
  2. you've confirmed the vulnerability via in-depth DNS analysis (e.g., via the DNS Analysis Server)

Essentially, don't flood bug bounty programs with DNS vulnerability reports without doing proper research first!

Further Info

As already mentioned, you can find a full DNS Analyzer guide here.
Also, you can find further information about DNS analysis and DNS vulnerabilities in the following blog posts:

Also, the Collaborator server has it's limits. For in-depth DNS analysis you can use the DNS Analysis Server.

dns-analyzer's People

Contributors

the-login avatar

Stargazers

Goverdhan Kumar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.