Skip to content
/ altdns-ng Public

High-performance subdomain permutation and DNS resolution tool - A modern Go reimplementation of altdns

License

MIT license
10 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Sicks3c/altdns-ng

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
pkg
pkg
 
 
wordlists
wordlists
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

altdns-ng

A high-performance subdomain permutation and DNS resolution tool written in Go. This is a modern reimplementation of the original altdns by @shubs, built for speed and reliability.

Features

  • Blazing Fast: Parallel DNS resolution with configurable worker pools
  • Smart Wildcard Detection: Automatically detects and filters wildcard DNS records
  • DNS over HTTPS (DoH): Bypass ISP DNS blocking and rate limiting
  • Resolver Health Checking: Automatically detects and skips dead/slow resolvers
  • Custom Resolver Support: Load hundreds of resolvers from a file
  • Multiple Output Formats: Plain text, JSON, and CSV
  • Resume Capability: Checkpoint support for long-running scans
  • Input Deduplication: Automatically removes duplicate domains
  • IP Filtering: Filter out known catch-all/sinkhole IPs

Installation

From Source

git clone https://github.com/YOUR_USERNAME/altdns-ng.git
cd altdns-ng
go build -o altdns-ng .
sudo mv altdns-ng /usr/local/bin/

Requirements

  • Go 1.21 or higher

Usage

altdns-ng [options]

Basic Options

Flag Description
-i, --input Input file with subdomains (use - for stdin)
-o, --output Output file (use - for stdout, default: -)
-w, --wordlist Wordlist for permutations (uses built-in if not set)
-r, --resolve Resolve generated subdomains via DNS
-t, --threads Number of concurrent workers (default: 100)
-q, --quiet Quiet mode (no progress display)
-v, --verbose Verbose output

DNS Resolution Options

Flag Description
-d, --dns DNS servers, comma-separated (default: 8.8.8.8,1.1.1.1,9.9.9.9)
-rf, --resolver-file File containing DNS resolvers (one per line)
--timeout DNS query timeout (default: 3s)
--retries Retry count for failed queries (default: 2)
--rate-limit Max queries per second, 0=unlimited (default: 0)

DNS over HTTPS Options

Flag Description
--doh Use DNS over HTTPS instead of UDP DNS
--doh-server DoH server URL (default: cloudflare-dns.com)

Output Options

Flag Description
-f, --format Output format: plain, json, csv (default: plain)
--show-ip Include resolved IPs in output
--show-cname Include CNAME records in output

Filtering Options

Flag Description
--wildcard-detection Enable wildcard DNS detection (default: true)
--health-check Enable resolver health checking (default: true)
--filter-ip Comma-separated IPs to filter out

Pattern Options

Flag Description
--patterns Comma-separated patterns to use
--no-numbers Disable number suffix patterns
--extended-numbers Use 00-99 instead of 0-9

Available Permutation Patterns

  • insert - Insert word at all positions
  • dash-prefix - Add word with dash prefix (word-subdomain)
  • dash-suffix - Add word with dash suffix (subdomain-word)
  • join-prefix - Join word as prefix (wordsubdomain)
  • join-suffix - Join word as suffix (subdomainword)
  • number-suffix - Add numbers 0-9 as suffix
  • extended-numbers - Add numbers 00-99 as suffix
  • version-prefix - Add version prefixes (v1, v2, etc.)
  • version-suffix - Add version suffixes
  • environment - Add environment words (dev, staging, prod)
  • region - Add region words (us, eu, asia)
  • year - Add year suffixes (2023, 2024, 2025)
  • underscore - Add word with underscore separator

Examples

Generate Permutations Only (No Resolution)

altdns-ng -i subdomains.txt -o permutations.txt

Basic Resolution

altdns-ng -i subdomains.txt -r -o results.txt

Resolution with IP Addresses

altdns-ng -i subdomains.txt -r --show-ip -o results.txt

Using a Custom Wordlist

altdns-ng -i subdomains.txt -w custom_words.txt -r -o results.txt

Using Custom DNS Resolvers from File

# Create a resolver file (one IP per line)
echo "8.8.8.8" > resolvers.txt
echo "1.1.1.1" >> resolvers.txt
echo "9.9.9.9" >> resolvers.txt

# Use the resolver file
altdns-ng -i subdomains.txt -r -rf resolvers.txt -o results.txt

Using DNS over HTTPS

Useful when ISP is rate-limiting or blocking UDP DNS:

altdns-ng -i subdomains.txt -r --doh -o results.txt

Use a different DoH provider:

altdns-ng -i subdomains.txt -r --doh --doh-server "https://dns.google/dns-query" -o results.txt

JSON Output

altdns-ng -i subdomains.txt -r -f json --show-ip --show-cname -o results.json

CSV Output

altdns-ng -i subdomains.txt -r -f csv --show-ip -o results.csv

Filter Known Wildcard/Catch-all IPs

altdns-ng -i subdomains.txt -r --filter-ip "1.2.3.4,5.6.7.8" -o results.txt

High-Performance Scan with Many Resolvers

altdns-ng -i subdomains.txt -r -rf resolvers.txt -t 500 --show-ip -o results.txt

Use Only Specific Patterns

altdns-ng -i subdomains.txt -r --patterns "dash-prefix,dash-suffix" -o results.txt

Pipeline Mode

cat subdomains.txt | altdns-ng -i - -r -q | tee results.txt

Long-Running Scan with Checkpoint

# Start scan with checkpoint
altdns-ng -i large_list.txt -r --checkpoint scan.ckpt -o results.txt

# Resume if interrupted
altdns-ng -i large_list.txt -r --resume scan.ckpt -o results.txt

Rate-Limited Scan

altdns-ng -i subdomains.txt -r --rate-limit 100 -o results.txt

Verbose Mode for Debugging

altdns-ng -i subdomains.txt -r -v --show-ip -o results.txt

Full Featured Scan

altdns-ng -i subdomains.txt \
  -w wordlist.txt \
  -r \
  -rf resolvers.txt \
  -t 300 \
  --show-ip \
  --filter-ip "127.0.0.1,0.0.0.0" \
  -f json \
  -o results.json

Output Formats

Plain Text (default)

admin.example.com
api.example.com : 93.184.216.34
dev.example.com : 93.184.216.35

JSON

{"domain":"api.example.com","ips":["93.184.216.34"],"resolved":true}
{"domain":"dev.example.com","ips":["93.184.216.35"],"cnames":["dev-lb.example.com."],"resolved":true}

CSV

domain,ips,cnames,resolved
api.example.com,93.184.216.34,,true
dev.example.com,93.184.216.35,dev-lb.example.com.,true

Scan Summary

After each scan, altdns-ng displays a detailed summary:

+----------------------------------------------+
|           SCAN COMPLETE - SUMMARY            |
+----------------------------------------------+
|  Total Processed:           150000           |
|  Subdomains Found:            1234           |
+----------------------------------------------+
|  Wildcard Filtered:          50000           |
|  IP Filtered:                 2000           |
|  Errors:                     10000           |
+----------------------------------------------+
|  Duration:                   5m30s           |
|  Avg Rate:                  450 q/s          |
+----------------------------------------------+

Tips for Best Results

  1. Use Multiple Resolvers: Create a file with 50-100 public DNS resolvers for faster scans
  2. Enable DoH: If you're getting rate-limited, use --doh to bypass ISP restrictions
  3. Filter Wildcards: Use --filter-ip to exclude known catch-all IPs
  4. Adjust Threads: Start with -t 100 and increase based on your network
  5. Use Checkpoints: For large scans, always use --checkpoint to enable resume

Credits

This tool is based on the original altdns created by @shubs (infosec-au).

Author

Created by @OriginalSicksec

License

MIT License

About

High-performance subdomain permutation and DNS resolution tool - A modern Go reimplementation of altdns

Resources

Readme

License

MIT license
Activity

Stars

10 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages