{"id":50464394,"url":"https://github.com/bl4ckstack/dnx","last_synced_at":"2026-06-01T06:31:49.110Z","repository":{"id":325216824,"uuid":"1100034538","full_name":"bl4ckstack/dnx","owner":"bl4ckstack","description":"DNX - Domain Explorer A fast Perl tool for subdomain discovery and reconnaissance. Uses passive/active techniques to find and validate subdomains for security testing.","archived":false,"fork":false,"pushed_at":"2025-11-20T05:41:50.000Z","size":575,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-11-20T07:17:16.652Z","etag":null,"topics":["bugbounty","cli","ctf","cybersecurity","domain-scanning","information-gathering","network-security","osint","passive-recon","pentesting","perl","reconnaissance","security-tools","subdomain-enumeration"],"latest_commit_sha":null,"homepage":"","language":"Perl","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bl4ckstack.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-11-19T18:51:47.000Z","updated_at":"2025-11-20T05:41:54.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/bl4ckstack/dnx","commit_stats":null,"previous_names":["bl4ckstack/dnx"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/bl4ckstack/dnx","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bl4ckstack%2Fdnx","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bl4ckstack%2Fdnx/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bl4ckstack%2Fdnx/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bl4ckstack%2Fdnx/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bl4ckstack","download_url":"https://codeload.github.com/bl4ckstack/dnx/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bl4ckstack%2Fdnx/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33763648,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-01T02:00:06.963Z","response_time":115,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","cli","ctf","cybersecurity","domain-scanning","information-gathering","network-security","osint","passive-recon","pentesting","perl","reconnaissance","security-tools","subdomain-enumeration"],"created_at":"2026-06-01T06:31:47.316Z","updated_at":"2026-06-01T06:31:49.065Z","avatar_url":"https://github.com/bl4ckstack.png","language":"Perl","funding_links":[],"categories":[],"sub_categories":[],"readme":"# DNX: Domain Explorer\n\n[![Perl](https://img.shields.io/badge/Perl-5.10%2B-39457E?style=flat\u0026logo=perl)](https://www.perl.org/)\n[![License](https://img.shields.io/badge/License-MIT-00A98F?style=flat)](LICENSE)\n[![Version](https://img.shields.io/badge/Version-1.0.0-FF6B6B?style=flat)](dnx)\n[![Security](https://img.shields.io/badge/Security-Penetration%20Testing-red?style=flat\u0026logo=hackaday)](dnx)\n\n\u003e Production-ready subdomain enumeration for security researchers. Fast, intelligent, and respectful of rate limits.\n\n![DNX Logo](logo.png)\n\n\n## Why DNX?\n\nStop cobbling together multiple tools. DNX combines passive reconnaissance with active brute-forcing in one clean package. Written in Perl for speed and portability.\n\n**10 API sources + parallel DNS resolution + wildcard detection + takeover checks = Complete subdomain discovery**\n\n## Quick Start\n```bash\n# Install dependencies and run\nmake deps\n./dnx --domain target.com\n\n# Full scan with all features\n./dnx -d target.com --wordlist subdomains.txt --threads 50 \\\n  --recursive --http-probe --takeover-check\n\n# Passive only (zero packets to target)\n./dnx -d target.com --passive\n```\n\n## Installation\n\n### One-Line Install\n```bash\nmake deps \u0026\u0026 sudo make install\n```\n\n### Manual Setup\n```bash\n# Install Perl modules\ncpanm LWP::UserAgent JSON Net::DNS Term::ANSIColor\n\n# Make executable\nchmod +x dnx\n\n# Optional: Install system-wide\nsudo cp dnx /usr/local/bin/\n```\n\n### Makefile Commands\n```bash\nmake              # Syntax check\nmake deps         # Install dependencies\nmake install      # Install to /usr/local/bin\nmake uninstall    # Remove from system\nmake test         # Run tests\nmake clean        # Clean cache and outputs\nmake help         # Show all commands\n```\n\n## Features\n\n**Passive Enumeration** • Query 10 sources without touching the target  \n**Active Brute-Force** • Parallel DNS resolution with custom wordlists  \n**Wildcard Detection** • Automatically filter false positives  \n**Smart Caching** • 24-hour cache reduces API load  \n**Multi-Format Output** • Text, JSON, CSV exports  \n**Progress Tracking** • Real-time progress bars and ETA  \n**Graceful Exit** • Ctrl+C saves partial results  \n**DNS Rotation** • Distribute queries across multiple resolvers  \n**Record Type Support** • A, AAAA, CNAME, MX, NS, TXT, SOA  \n**Recursive Discovery** • Find subdomains of subdomains  \n**Zone Transfer** • Attempt AXFR on misconfigured servers  \n**HTTP Probing** • Test service availability and extract titles  \n**Takeover Detection** • Identify vulnerable subdomains\n\n## Data Sources\n\n### Free APIs (No Key Required)\n\n**crt.sh** • Certificate Transparency logs  \n**HackerTarget** • DNS and threat intelligence  \n**ThreatCrowd** • Crowdsourced threat data  \n**AlienVault OTX** • Open Threat Exchange  \n**Riddler.io** • Comprehensive DNS database  \n**BufferOver** • DNS enumeration service  \n**URLScan** • URL scanning and analysis\n\n### Premium APIs (Optional)\n\n**VirusTotal** • Enhanced subdomain discovery  \n**Shodan** • Internet-wide scanning data  \n**SecurityTrails** • Historical DNS data\n\n## Usage\n\n### Basic Scans\n```bash\n# Quick passive scan\n./dnx -d github.com\n\n# Passive + brute-force\n./dnx -d stripe.com --wordlist subdomains.txt\n\n# High-speed mode (50 threads)\n./dnx -d target.com -w large-list.txt --threads 50\n\n# Save results\n./dnx -d target.com -o results.json --format json\n```\n\n### Advanced Techniques\n```bash\n# Custom DNS resolvers\n./dnx -d target.com --resolvers 1.1.1.1,8.8.8.8,9.9.9.9\n\n# Multiple record types\n./dnx -d target.com --record-types A,AAAA,MX,NS,TXT\n\n# Recursive discovery\n./dnx -d target.com --recursive --recursion-depth 2\n\n# Zone transfer attempt\n./dnx -d target.com --zone-transfer\n\n# HTTP probing with takeover detection\n./dnx -d target.com --http-probe --takeover-check\n\n# Slow and stealthy\n./dnx -d target.com --threads 5 --rate-limit 3\n\n# With API keys for maximum coverage\n./dnx -d target.com \\\n  --shodan-key YOUR_SHODAN_KEY \\\n  --virustotal-key YOUR_VT_KEY \\\n  --securitytrails-key YOUR_ST_KEY\n\n# Quiet mode for scripting\n./dnx -d target.com -q -o subdomains.txt\n\n# Verbose debugging\n./dnx -d target.com -v --wordlist test.txt\n```\n\n### Input Flexibility\n\nDNX handles various input formats automatically:\n```bash\n# All of these work:\n./dnx -d example.com\n./dnx -d https://example.com\n./dnx -d http://example.com/path\n./dnx -d example.com:443\n```\n\n## Command-Line Options\n\n| Option | Description | Default |\n|--------|-------------|---------|\n| `-d, --domain` | Target domain (required) | - |\n| `-w, --wordlist` | Brute-force wordlist | - |\n| `-t, --threads` | Concurrent threads | 20 |\n| `--timeout` | DNS timeout (seconds) | 5 |\n| `-o, --output` | Output file | stdout |\n| `-f, --format` | text, json, csv | text |\n| `-p, --passive` | Passive only (no DNS) | false |\n| `--no-bruteforce` | Skip brute-force | false |\n| `-q, --quiet` | Minimal output | false |\n| `-v, --verbose` | Detailed logging | false |\n| `-r, --recursive` | Recursive discovery | false |\n| `--recursion-depth` | Recursion depth | 3 |\n| `-z, --zone-transfer` | Attempt AXFR | false |\n| `--http-probe` | Probe HTTP services | false |\n| `--takeover-check` | Check for takeovers | false |\n| `--resolvers` | DNS servers (comma-separated) | 8.8.8.8,1.1.1.1 |\n| `--rate-limit` | API requests/second | 10 |\n| `--record-types` | DNS types to query | A |\n| `--shodan-key` | Shodan API key | - |\n| `--virustotal-key` | VirusTotal API key | - |\n| `--securitytrails-key` | SecurityTrails API key | - |\n| `-h, --help` | Show help | - |\n| `--version` | Show version | - |\n\n## Configuration File\n\nCreate `~/.dnx/config.ini` for persistent settings:\n```ini\n# Performance\nthreads = 30\ntimeout = 5\nrate_limit = 10\n\n# Output\nformat = text\n\n# DNS Resolvers\nresolvers = 8.8.8.8,1.1.1.1,9.9.9.9\n\n# API Keys (optional)\nshodan_api_key = YOUR_KEY_HERE\nvirustotal_api_key = YOUR_KEY_HERE\nsecuritytrails_api_key = YOUR_KEY_HERE\n```\n\n## API Keys Setup\n\n### VirusTotal\n\n1. Sign up: https://www.virustotal.com/\n2. Get key: https://www.virustotal.com/gui/my-apikey\n3. Use it:\n```bash\nexport VIRUSTOTAL_API_KEY=\"your_key\"\n./dnx -d target.com --virustotal-key \"your_key\"\n```\n\n### Shodan\n\n1. Sign up: https://account.shodan.io/register\n2. Get key: https://account.shodan.io/\n3. Use it:\n```bash\nexport SHODAN_API_KEY=\"your_key\"\n./dnx -d target.com --shodan-key \"your_key\"\n```\n\n### SecurityTrails\n\n1. Sign up: https://securitytrails.com/\n2. Get key: https://securitytrails.com/app/account/credentials\n3. Use it:\n```bash\nexport SECURITYTRAILS_API_KEY=\"your_key\"\n./dnx -d target.com --securitytrails-key \"your_key\"\n```\n\n## Output Formats\n\n### Text (Default)\n\nClean, colorized terminal output:\n```\nwww.github.com                                     140.82.121.4\napi.github.com                                     140.82.121.6\ndocs.github.com                                    185.199.108.153\n```\n\n### JSON\n\nStructured data for automation:\n```json\n{\n  \"domain\": \"github.com\",\n  \"timestamp\": \"2025-11-19 12:34:56\",\n  \"count\": 157,\n  \"subdomains\": [\n    {\n      \"subdomain\": \"www.github.com\",\n      \"ip\": \"140.82.121.4\"\n    }\n  ]\n}\n```\n\n### CSV\n\nImport into spreadsheets:\n```csv\nsubdomain,ip\nwww.github.com,140.82.121.4\napi.github.com,140.82.121.6\n```\n\n## Performance\n\n### Benchmarks\n\n**Passive Scan:** 5-15 seconds (network dependent)  \n**1K wordlist @ 20 threads:** 30-60 seconds  \n**10K wordlist @ 50 threads:** 5-10 minutes  \n**100K wordlist @ 100 threads:** 30-45 minutes\n\n### Optimization Tips\n```bash\n# Maximum speed (use with caution)\n./dnx -d target.com -w huge.txt --threads 100 --timeout 3\n\n# Balanced approach\n./dnx -d target.com -w medium.txt --threads 30 --timeout 5\n\n# Stealth mode\n./dnx -d target.com -w small.txt --threads 5 --rate-limit 3\n```\n\n**Pro Tips:**\n- Start with passive enumeration\n- Use targeted wordlists (quality over quantity)\n- Increase threads only if your network can handle it\n- Custom resolvers can dramatically improve speed\n- Cache is your friend (24-hour retention)\n\n## DNS Record Types\n\nQuery multiple record types simultaneously:\n```bash\n./dnx -d target.com --record-types A,AAAA,MX,NS,TXT\n```\n\n| Type | Purpose |\n|------|---------|\n| **A** | IPv4 addresses |\n| **AAAA** | IPv6 addresses |\n| **CNAME** | Canonical name aliases |\n| **MX** | Mail exchange servers |\n| **NS** | Name servers |\n| **TXT** | Text records (SPF, DKIM, etc.) |\n| **SOA** | Start of authority |\n\n## Advanced Features\n\n### Recursive Discovery\n\nFind subdomains of discovered subdomains:\n```bash\n./dnx -d target.com --recursive --recursion-depth 2\n```\n\nAutomatically tries common patterns on found subdomains:\n- www, dev, staging, test, api, admin, portal\n\n### Zone Transfer (AXFR)\n\nAttempt DNS zone transfer on misconfigured servers:\n```bash\n./dnx -d target.com --zone-transfer\n```\n\nQueries all nameservers and attempts AXFR. Rarely successful on modern infrastructure, but worth trying.\n\n### HTTP Probing\n\nTest if discovered subdomains have active HTTP/HTTPS services:\n```bash\n./dnx -d target.com --http-probe\n```\n\nFeatures:\n- Tests both HTTP and HTTPS\n- Extracts page titles\n- Records HTTP status codes\n- Follows redirects\n\n### Subdomain Takeover Detection\n\nCheck for vulnerable CNAME records pointing to:\n```bash\n./dnx -d target.com --takeover-check\n```\n\n**Detects:**\n- GitHub Pages (github.io)\n- Heroku (herokuapp.com)\n- AWS S3 (amazonaws.com)\n- Azure (azurewebsites.net)\n- CloudFront (cloudfront.net)\n\nIdentifies dangling DNS records that could be exploited.\n\n## Real-World Examples\n\n### Bug Bounty Reconnaissance\n```bash\n# Full enumeration with all sources\n./dnx -d target.com \\\n  --wordlist /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt \\\n  --threads 50 \\\n  --record-types A,AAAA,CNAME \\\n  --recursive \\\n  --http-probe \\\n  --takeover-check \\\n  --output target-subdomains.json \\\n  --format json\n```\n\n### Red Team Engagement\n```bash\n# Passive only (zero footprint)\n./dnx -d target.com --passive --no-bruteforce -o recon.txt\n\n# Review results, then targeted brute-force\n./dnx -d target.com -w custom-wordlist.txt --threads 10\n```\n\n### Continuous Monitoring\n```bash\n# Daily cron job\n0 2 * * * /usr/local/bin/dnx -d mycompany.com -q -o /var/log/subdomains-$(date +\\%Y\\%m\\%d).json -f json\n\n# Compare changes\ndiff /var/log/subdomains-20250119.json /var/log/subdomains-20250120.json\n```\n\n### Mass Scanning\n```bash\n# Scan multiple domains\nfor domain in $(cat domains.txt); do\n  ./dnx -d $domain -p -o results/$domain.json -f json\n  sleep 5\ndone\n```\n\n### Comprehensive Security Assessment\n```bash\n# Kitchen sink approach\n./dnx -d target.com \\\n  --wordlist huge-list.txt \\\n  --threads 50 \\\n  --passive \\\n  --recursive --recursion-depth 2 \\\n  --zone-transfer \\\n  --http-probe \\\n  --takeover-check \\\n  --record-types A,AAAA,CNAME,MX,NS,TXT \\\n  --shodan-key $SHODAN_KEY \\\n  --virustotal-key $VT_KEY \\\n  --securitytrails-key $ST_KEY \\\n  --output full-assessment.json \\\n  --format json\n```\n\n## Wordlists\n\nDNX includes a basic wordlist. For comprehensive scanning:\n\n**SecLists (Recommended)**\n```bash\ngit clone https://github.com/danielmiessler/SecLists.git\n./dnx -d target.com -w SecLists/Discovery/DNS/subdomains-top1million-110000.txt\n```\n\n**Other Quality Lists:**\n- https://github.com/rbsec/dnscan\n- https://gist.github.com/jhaddix/86a06c5dc309d08580a018c66354a056\n- https://github.com/danielmiessler/SecLists/tree/master/Discovery/DNS\n\n## Smart Features\n\n### Graceful Exit\n\nPress `Ctrl+C` anytime:\n- Saves all discovered subdomains\n- Shows elapsed time and statistics\n- Cleans up temporary files\n- No data loss\n\n### Wildcard Detection\n\nAutomatically filters false positives:\n```\n[!] Wildcard DNS detected for *.target.com → 1.2.3.4\n[*] Filtering wildcard responses...\n```\n\n### Smart Caching\n\nResults cached for 24 hours:\n- Reduces API load\n- Faster repeated scans\n- Respects public services\n- Automatic cache expiry\n\n## Integration\n\n### Pipe to Other Tools\n```bash\n# Feed to httpx for live host detection\n./dnx -d target.com -q | httpx -silent\n\n# Check with nuclei\n./dnx -d target.com -q | nuclei -t vulnerabilities/\n\n# Resolve with massdns\n./dnx -d target.com -q \u003e subs.txt\nmassdns -r resolvers.txt -t A -o S subs.txt\n\n# Screenshots with aquatone\n./dnx -d target.com -q | aquatone\n```\n\n### JSON Processing\n```bash\n# Extract subdomains with jq\n./dnx -d target.com -f json | jq -r '.subdomains[].subdomain'\n\n# Filter by IP range\n./dnx -d target.com -f json | jq '.subdomains[] | select(.ip | startswith(\"192.168\"))'\n\n# Count results\n./dnx -d target.com -f json | jq '.count'\n```\n\n### Automation Scripts\n```bash\n#!/bin/bash\n# Full reconnaissance pipeline\n\nDOMAIN=$1\n\n# Subdomain enumeration\n./dnx -d $DOMAIN --passive -o ${DOMAIN}_subs.txt\n\n# Port scanning\ncat ${DOMAIN}_subs.txt | naabu -silent -o ${DOMAIN}_ports.txt\n\n# HTTP probing\ncat ${DOMAIN}_ports.txt | httpx -silent -o ${DOMAIN}_http.txt\n\n# Vulnerability scanning\ncat ${DOMAIN}_http.txt | nuclei -silent -o ${DOMAIN}_vulns.txt\n\necho \"Complete! Results in ${DOMAIN}_*.txt\"\n```\n\n### Tool Chaining\n\nCombine tools for maximum effectiveness:\n```bash\n# Passive from multiple tools\nsubfinder -d target.com -all -silent \u003e subs1.txt\n./dnx -d target.com --passive --no-bruteforce -q \u003e subs2.txt\ncat subs1.txt subs2.txt | sort -u \u003e all_passive.txt\n\n# Verify with DNX brute-force\n./dnx -d target.com -w all_passive.txt --threads 50 -o verified.txt\n\n# Probe services\ncat verified.txt | httpx -silent -status-code -title -tech-detect\n\n# Check for vulnerabilities\ncat verified.txt | nuclei -t cves/ -t vulnerabilities/\n```\n\n## Troubleshooting\n\n### Missing Dependencies\n```bash\n# Error: Cannot locate Net/DNS.pm\ncpanm Net::DNS\n\n# Or install all at once\nmake deps\n```\n\n### Slow Performance\n```bash\n# Use faster DNS resolvers\n./dnx -d target.com --resolvers 1.1.1.1,8.8.8.8\n\n# Increase threads\n./dnx -d target.com --threads 50\n\n# Reduce timeout for dead hosts\n./dnx -d target.com --timeout 3\n```\n\n### API Rate Limits\n```bash\n# Reduce request rate\n./dnx -d target.com --rate-limit 5\n\n# Use API keys for higher limits\n./dnx -d target.com --virustotal-key YOUR_KEY\n```\n\n### Too Many False Positives\n```bash\n# Verbose mode shows wildcard detection\n./dnx -d target.com -v\n\n# Manual wildcard check\ndig randomstring123.target.com\n```\n\n### Permission Errors\n```bash\n# Cache directory permissions\nchmod 755 ~/.dnx\nchmod 644 ~/.dnx/cache/*\n\n# Output file permissions\n./dnx -d target.com -o results.txt\nchmod 644 results.txt\n```\n\n## Security \u0026 Ethics\n\n### Responsible Use\n\n**DO:**\n- Scan your own domains\n- Get written permission before testing\n- Respect rate limits and ToS\n- Use for authorized security assessments\n\n**DON'T:**\n- Scan without permission\n- Abuse public APIs\n- Ignore rate limits\n- Use for malicious purposes\n\n### Legal Notice\n\nThis tool is for **authorized security testing only**. Users are responsible for complying with all applicable laws. Unauthorized scanning may be illegal in your jurisdiction.\n\n## Contributing\n\nPull requests welcome for:\n\n- Additional passive sources\n- Performance improvements\n- Bug fixes\n- Documentation improvements\n- New features (discuss first in issues)\n\n**Coding Standards:**\n- Follow existing Perl style\n- Add tests for new features\n- Update documentation\n- Keep dependencies minimal\n\n## FAQ\n\n**Q: Why Perl instead of Go/Python/Rust?**  \nA: Perl is ubiquitous, fast for text processing, and the entire tool is a single self-contained script. No compilation needed.\n\n**Q: How many API keys do I need?**  \nA: None required! 27 sources work without keys. Add keys for VirusTotal, Shodan, and SecurityTrails to access 3 more premium sources.\n\n**Q: Is DNX better than Amass?**  \nA: Different tools for different needs. Amass has 10x more sources and enterprise features. DNX is simpler, lighter, and includes active enumeration + takeover checks in one tool.\n\n**Q: Can I use DNX in bug bounties?**  \nA: Yes! Many researchers use DNX for initial reconnaissance. Combine with Subfinder for passive, then DNX for active verification.\n\n**Q: Does DNX work on Windows?**  \nA: Yes, with Strawberry Perl or WSL. Best experience on Linux/macOS.\n\n**Q: How do I add a new API source?**  \nA: Edit the script and add a function like `query_newsource()`. Follow existing patterns. PRs welcome!\n\n## Roadmap\n\n- [ ] AXFR improvements and better error handling\n- [ ] Certificate transparency stream monitoring\n- [ ] Subdomain takeover auto-exploitation (ethical mode)\n- [ ] Integration with Metasploit/Cobalt Strike\n- [ ] Web interface for teams\n- [ ] Machine learning for wordlist optimization\n- [ ] IPv6 support improvements\n- [ ] Database export (SQLite, PostgreSQL)\n\n## Credits\n\n**Author:** bl4ckstack  \n**License:** MIT  \n**Version:** 1.0.0\n\n**Built for security researchers who value speed, accuracy, and respect for infrastructure.**\n\n## Resources\n\n**Project:** https://github.com/blackstack/dnx  \n**Issues:** https://github.com/blackstack/dnx/issues  \n**Wordlists:** https://github.com/danielmiessler/SecLists  \n**OWASP Testing:** https://owasp.org/www-project-web-security-testing-guide/\n\n---\n\n**Star it if DNX helped you find something interesting** • Contributions welcome!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbl4ckstack%2Fdnx","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbl4ckstack%2Fdnx","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbl4ckstack%2Fdnx/lists"}