Make sure you have rust installed, then run the following command to install dnsresolver.
git clone https://github.com/ethicalhackingplayground/dnsresolver ; cd dnsresolver ; cargo install --path .cat subs.txt | dnsresolverIf you need to resolve hosts with any ports, you can use the --ports flag.
cat subs.txt | dnsresolver -p 443,80,8080,8081First step would be to get all the unresolved hosts from a given domain list using:
cat subs.txt | dnsresolver --show-unresolved | anew unresolved.txtThen, to discover all the virtual hosts from a given domain list,
you can use the --vhost flag followed by the --vhost-file flag.
dnsresolver aims to bypass access restrictions on certain pages. It does so by substituting the host header with unresolved domains and using the sift algorithm. This ensures that the virtual host's response differs from the actual response. Remember to raise the soft limit using the command ulimit -n 10000 to handle more files simultaneously.
cat subs.txt | dnsresolver --vhost --vhost-file unresolved.txtTo validate a finding run this curl command:
curl -v -k thehost.com -H "Host: unresolved-domain.com"You can also use the --vhost flag with the --check-localhost flag to replace the host header with localhost, often times this allows you to access
restricted pages and can lead to some information disclosures and juicy admin panels.
cat subs.txt | dnsresolver --vhost --check-localhostTo validate a finding run this curl command:
curl -v -k thehost.com -H "Host: localhost"
If you have any feedback, please reach out to us at krypt0mux@gmail.com or via twitter https://twitter.com/z0idsec