Skip to content

Latest commit

 

History

History
executable file
·
241 lines (183 loc) · 5.59 KB

README.md

File metadata and controls

executable file
·
241 lines (183 loc) · 5.59 KB

DNSCewl

License Twitter

A DNS Bruteforcing Wordlist Generator.

Argument Description
(stdin) Specify a list of targets
-t Specify a single target.
-tL Specify a list of targets.
-sL Specify a list of sets to substitue with
-eL Specify a list of targets to exclude
-eX Specify a list of domain extensions to substitute with
-a Specify a file of words to append to a host
-p Specify a file of words to prepend to a host
-v If set then verbose output will be displayed in the terminal
-i If set, original domains (from source files) are included in the output.
--range Set a higher range for integer permutations.
--subs If set then only subdomains will be generated.
--no-color If set then any foreground or background colours will be stripped out
--limit Specify a fixed word limit to output.
--level Specify the level of results to output.
--no-repeats Prevent repeated structures such as one.one.com

Level

There are multiple levels of changes that can be performed, specified by "-level". A level of "1" or above modifies the results to use a - as well as everything else. A level of 0 wouldn't use -. Level defaults to level 1.

At level 2 integer substituions start to take place, using a set range.

Append

Append works by adding a new subdomain, as well as the word with a - and without (unless level is 0). So, for example:

A target list of:

example.com
help.example.com

With an append list of:

dev
test

With command line as:

DNSCewl -tL targets.txt -a append.txt

Would provide the output:

example-dev.com
example-test.com
help-dev.example.com
help-test.example.com
example.dev.com
example.test.com
help.dev.example.com
help.test.example.com

If the flag --subs was passed then this would limit results to new subdomains only, and output the following:

dev.example.com
devhelp.example.com
dev-help.example.com
dev.help.example.com
test.example.com
testhelp.example.com
test-help.example.com
test.help.example.com

Prepend

Prepend is the same as append, but at the beginning of a domain (or subdomain).

Using as:

DNSCewl -tL targets.txt -p append.txt

Would result in:

devexample.com
dev-example.com
dev.example.com
devhelp.example.com
dev-help.example.com
dev.help.example.com
testexample.com
test-example.com
test.example.com
testhelp.example.com
test-help.example.com
test.help.example.com

Level Usage Example

If level 1 was spefied, results with - wouldn't be used. For example:

DNSCewl -tL targets.txt -p append.txt --level=0

Would result in:

devexample.com
dev.example.com
devhelp.example.com
dev.help.example.com
testexample.com
test.example.com
testhelp.example.com
test-help.example.com
test.help.example.com

Subs Usage Example

Subs limits results to subdomains only. For example:

DNSCewl -tL targets.txt -p append.txt --level=0 --subs

Would result in:

dev.example.com
dev.help.example.com
test.example.com
test-help.example.com
test.help.example.com

No repeats example

No repeats prevents the same term being used twice in a domain.

For example, using test.example.com with an prepended list of:

test

With the following:

DNSCewl -tL targets.txt -p append.txt --no-repeats

Would result in:

test.example.com
test.testexample.com

Note that test.test.example.com isn't included, as it's a repeated subdomain. It's important to note that test.testexample.com is still possible here, as --no-repeats shouldn't prevent a subdomain and a top level domain from repeating.

Set List (-sL) Example

A set list is a series of words to perform a replacement on when one word in a set is discovered.

For example, an input of:

one.example.com
b.example.com

When provided a set list of:

one
two
three

Would output:

two.example.com
three.example.com

Include originals (-i)

If set than the original domains, from source lists are included in outputted results. If not then they will be excluded.

Range Example

By default if level=2 is set then any integers in a domain would be incremented and decremented by 100. For example,

101.example.com

Would generate domains from 1.example.com to 200.example.com as output.

Range allows you to override this setting. By default range will adjust to be both negative and positive. For example:

--range=10

Would generate domians from 91.example.com to 111.example.com. You can however specify + or - on range. So for example,

--range=+10

Would only generate domains from 101.example.com to 111.example.com as our output.

Domain Extensions (-eX)

Takes a list of domain extensions and replaces extensions on final results with them.

For example,

example.com
sub.example.com

When combined with a list of extentions that includes:

.com.au
.co.uk

Would result in a list of domains:

example.com.au
example.co.uk
sub.example.com.au
sub.example.co.uk