Skip to content
Generates combination of domain names from the provided input.
Python
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
dnsgen prepare dnsgen for inPython use Oct 17, 2019
.gitignore release ready Sep 29, 2019
LICENSE release ready Sep 29, 2019
MANIFEST.in release ready Sep 29, 2019
README.md prepare dnsgen for inPython use Oct 17, 2019
requirements.txt release ready Sep 29, 2019
setup.py version increment Sep 30, 2019

README.md

🌀 dnsgen (DNS generator)

This tool generates a combination of domain names from the provided input. Combinations are created based on wordlist. Custom words are extracted per execution. Refer to Techniques section to learn more.

dnsgen is very similar to altdns. It does not contain DNS resolver. You should use massdns for DNS resolution.

dnsgen

Installation

pip3 install dnsgen

..or from GitHub directly:

git clone https://github.com/ProjectAnte/dnsgen
cd dnsgen
pip3 install -r requirements.txt
python3 setup.py install

Usage

$ dnsgen domains.txt (domains.txt contains a list of active domain names)

  • -l / --wordlen: minimum size of custom words to be extracted
  • -w / --wordlist: path to custom wordlist
  • filename: required parameter for an input list of domains. The input file should contain domain names separated by newline character (\n). You can also use STDIN as an input method, providing - to this argument.

Combination with massdns:

$ cat domains.txt | dnsgen - | massdns -r /path/to/resolvers.txt -t A -o J --flush 2>/dev/null

Techniques

(For demo purposes, let's say that wordlist contains just one word: stage)

  • Insert word on every index — Creates new subdomain levels by inserting the words between existing levels. foo.example.com -> stage.foo.example.com, foo.stage.example.com

  • Insert num on every index — Creates new subdomain levels by inserting the numbers between existing levels. foo.bar.example.com -> 1.foo.bar.example.com, foo.1.bar.example.com, 01.foo.bar.example.com, ...

  • Increase/Decrease num found(In development) If number is found in an existing subdomain, increase/decrease this number without any other alteration. foo01.example.com -> foo02.example.com, foo03.example.com, ...

  • Prepend word on every index — On every subdomain level, prepend existing content with WORD and WORD-. foo.example.com -> stagefoo.example.com, stage-foo.example.com

  • Append word on every index — On every subdomain level, append existing content with WORD and WORD-. foo.example.com -> foostage.example.com, foo-stage.example.com

  • Replace the word with word — If word longer than 3 is found in an existing subdomain, replace it with other words from the wordlist. (If we have more words than one in our wordlist). stage.foo.example.com -> otherword.foo.example.com, anotherword.foo.example.com, ...

  • Extract custom words — Extend the wordlist based on target's domain naming conventions. Such words are either whole subdomain levels, or - is used for a split on some subdomain level. For instance mapp1-current.datastream.example.com has mapp1, current, datastream words. To prevent the overflow, user-defined word length is used for word extraction. The default value is set to 6. This means that only words strictly longer than 5 characters are included (from the previous example, mapp1 does not satisfy this condition).

Resources

TO DO

  • Improve README
  • Tests
You can’t perform that action at this time.