Fess Up is an unintelligent DNS record guesser in Python. It offers both a library and a command-line tool to scan specific domains for (currently) one layer of subdomains. The scan is dictionary-based and it will attempt to avoid superfluous queries by basing subsequent queries off of previously discovered records.
fess_up's scanning wordlist is based on files installed in the
fess_up/dnsnames/ directory. To expand this list, either edit
default.txt
or add another .txt file to the directory and it
will be automatically loaded.
To scan a domain using the fess_up.py
(installed as
fess_up
when using the Debian package) command line tool, simply
provide the domain as an argument:
fess_up nosmo.me
nosmo.me
{'@': {'A': ['92.51.245.61'],
'MX': [('nosmo.me.', 10)],
'TXT': ['v=spf1 mx -all']},
'www': {'A': ['92.51.245.61'],
'CNAME': ['nosmo.me.'],
'MX': [('nosmo.me.', 10)],
'TXT': ['v=spf1 mx -all']}}
fess_up
can also output in a bind-like fashion when using the -B flag.
fess_up.py nosmo.me -B
nosmo.me
@ IN A 92.51.245.61
@ IN TXT v=spf1 mx -all
@ IN MX 10 nosmo.me.
www IN A 92.51.245.61
www IN CNAME nosmo.me.
www IN MX 10 nosmo.me.
www IN TXT v=spf1 mx -all
fess_up
's domain scan can be used as a library:
>>> from fess_up import dnsnames, DomainScan
>>> domain_scanner = DomainScan("nosmo.me", dnsnames.dnsnames)
>>> domain_scanner.runScan()
>>> dict(domain_scanner.data)
{'www': {'A': ['92.51.245.61'], 'CNAME': ['nosmo.me.'], 'MX': [('nosmo.me.', 10)], 'TXT': ['v=spf1 mx -all']}, None: {'A': ['92.51.245.61'], 'TXT': ['v=spf1 mx -all'], 'MX': [('nosmo.me.', 10)]}}