lazydns

Script to automate initial domain reconnaissance and subdomain enumeration.

Features

• Passive and Active modes
  • Sonar DNS database (Project Crobat)
  • Amass
  • zdns
  • dnsgen
  • compiled wordlists from several sources
• Auto-updated list of resolvers (updates every day)
  • https://public-dns.info
  • dnsvalidator
  • custom validation using massdns

Info

Usage: lazydns.py [OPTIONS] COMMAND [ARGS]...

Options:
  -c, --config PATH  Lazydns configuration file.
  -d TEXT            Comma-separated domain names.
  -df PATH           Path to file containing domain names.
  --dir PATH         Output directory.  [default: .]
  -f, --prefix TEXT  Filename prefix to name all output files.  [default:
                     lazydns]

  --help             Show this message and exit.

Commands:
  active   Active DNS enumeration.
  passive  Passive DNS enumeration.

Passive mode

Passive mode includes:

• Querying Sonar database from https://sonar.omnisint.io/
• Amass passive enumeration (specify API keys in configuration file)

Usage: lazydns.py passive [OPTIONS]

  Passive DNS enumeration.

Options:
  --amass / --no-amass      Enable Amass passive enumeration.  [default: True]
  --sonar / --no-sonar      SonarSearch enumeration.  [default: True]
  -ac, --amass-config PATH  Amass configuration file.
  --help                    Show this message and exit.

In passive mode script can generate following files:

• {dir}/{base-filename}-amass-passive-{generated date}.log
• {dir}/{base-filename}-{generated date}.passive

Active mode

Active mode includes:

• Brute-forcing subdomains using zdns and Amass
• Alterations generation using dnsgen

Usage: lazydns.py active [OPTIONS]

  Active DNS enumeration.

Options:
  --amass / --no-amass      Enable Amass active enumeration.
  --brute / --no-brute      Enable brute-forcing.
  --alts / --no-alts        Enable alterations.
  -ac, --amass-config PATH  Amass configuration file.
  -w, --wordlist PATH       Subdomains wordlist.  [default:
                            wordlists/normal.txt]

  -ns, --resolvers PATH     List of name servers.  [default:
                            resolvers.txt; required]

  -t, --threads INTEGER     Number of threads passed to tool.  [default: 350]
  -r, --retries INTEGER     Number of retries passed to tool.  [default: 3]
  -p, --processes INTEGER   Number of processes passed to tool.  [default: 4]
  -kf, --known PATH         File with known subdomains (i.e., from "passive"
                            subcommand)

  --tool [zdns]             Subdomains brute-forcing tool.  [default: zdns]
  --help                    Show this message and exit.