DNSProbe is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.

(60 views)

DNSProbe is a tool built on top of retryabledns that allows you to perform multiple DNS queries of your choice with a list of user-supplied resolvers.

Features

  • Simple and Handy utility to query DNS records.

Usage

dnsprobe -h

This will display help for the tool. Here are all the switches it supports.

Flag Description Example
-c Max dns retries (default 1) dnsprobe -c 5
-l List of dns domains (optional) dnsprobe -l domains.txt
-r Request Type A, NS, CNAME, SOA, PTR, MX, TXT, AAAA (default "A") dnsprobe -r A
-s List of resolvers (optional) dnsprobe -s resolvers.txt
-t Number of concurrent requests to make (default 250) dnsprobe -t 500
-f Output type: ip, domain, response, simple (domain + ip, default), full (domain + response), json (domain + raw response) dnsprobe -f json
-o Output file (optional) dnsprobe -o result.txt

Installation Instructions

From Source

dnsprobe requires go1.13+ to install successfully. Run the following command to get the repo -

GO111MODULE=on go get -u -v github.com/projectdiscovery/dnsprobe

In order to update the tool, you can use -u flag with go get command.

Querying host for a record

To query a list of domains, you can pass the list via stdin.

> cat domains.txt | dnsprobe

root@test:~# cat bc.txt | dnsprobe
bounce.bugcrowd.com 192.28.152.174
blog.bugcrowd.com 104.20.4.239
blog.bugcrowd.com 104.20.5.239
www.bugcrowd.com 104.20.5.239
www.bugcrowd.com 104.20.4.239
events.bugcrowd.com 54.84.134.174

Querying host for CNAME record

> dnsprobe -l domains.txt -r CNAME

root@test:~# dnsprobe -l bc.txt -r CNAME
forum.bugcrowd.com bugcrowd.hosted-by-discourse.com.
collateral.bugcrowd.com bugcrowd.outrch.com.
go.bugcrowd.com mkto-ab270028.com.
ww2.bugcrowd.com bugcrowdinc.mktoweb.com.
researcherdocs.bugcrowd.com ssl.readmessl.com.
docs.bugcrowd.com ssl.readmessl.com.

This will run the tool against domains in domains.txt and returns the results. The tool uses the resolvers specified with -s option to perform the queries or default system resolvers.

Querying CNAME records on the Subfinder output

> subfinder -d bugcrowd.com -silent | dnsprobe -r cname

[email protected]:~# subfinder -d bugcrowd.com -silent | dnsprobe -r cname
forum.bugcrowd.com bugcrowd.hosted-by-discourse.com.
docs.bugcrowd.com ssl.readmessl.com.
go.bugcrowd.com mkto-ab270028.com.
ww2.bugcrowd.com bugcrowdinc.mktoweb.com.
researcherdocs.bugcrowd.com ssl.readmessl.com.
collateral.bugcrowd.com bugcrowd.outrch.com.
proxilate.bugcrowd.com proxilate.a.bugcrowd.com.

License

DNSProbe is made with ???? by the projectdiscovery team.


More: https://github.com/projectdiscovery/dnsprobe

April 17, 2020

Author

Hakin9 TEAM
Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023