{"id":13574261,"url":"https://github.com/d3mondev/puredns","last_synced_at":"2025-04-10T10:44:46.745Z","repository":{"id":37414792,"uuid":"283619347","full_name":"d3mondev/puredns","owner":"d3mondev","description":"Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.","archived":false,"fork":false,"pushed_at":"2024-11-18T20:17:45.000Z","size":753,"stargazers_count":1848,"open_issues_count":13,"forks_count":165,"subscribers_count":25,"default_branch":"master","last_synced_at":"2025-04-03T05:32:19.626Z","etag":null,"topics":["bugbounty","dns","dns-bruteforcer","dns-lookup","dns-resolution","dns-resolver","hacking","massdns","recon","subdomain","subdomain-bruteforcing"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/d3mondev.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"d3mondev"}},"created_at":"2020-07-29T23:02:14.000Z","updated_at":"2025-04-02T21:36:32.000Z","dependencies_parsed_at":"2024-01-14T03:51:39.662Z","dependency_job_id":"ba4774ff-992a-48b9-a926-ba59939e14ba","html_url":"https://github.com/d3mondev/puredns","commit_stats":{"total_commits":77,"total_committers":2,"mean_commits":38.5,"dds":"0.012987012987012991","last_synced_commit":"9d94e508feaefe228d1958419520807810fca654"},"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/d3mondev%2Fpuredns","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/d3mondev%2Fpuredns/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/d3mondev%2Fpuredns/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/d3mondev%2Fpuredns/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/d3mondev","download_url":"https://codeload.github.com/d3mondev/puredns/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248200812,"owners_count":21063982,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","dns","dns-bruteforcer","dns-lookup","dns-resolution","dns-resolver","hacking","massdns","recon","subdomain","subdomain-bruteforcing"],"created_at":"2024-08-01T15:00:49.028Z","updated_at":"2025-04-10T10:44:46.709Z","avatar_url":"https://github.com/d3mondev.png","language":"Go","funding_links":["https://github.com/sponsors/d3mondev"],"categories":["Go","Weapons","扫描器、资产收集、子域名","Recon"],"sub_categories":["Tools","网络服务_其他","Subdomain Enumeration"],"readme":"\u003cp align=\"center\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/go-mod/go-version/d3mondev/puredns?style=for-the-badge\"\u003e\n    \u003ca href=\"https://pkg.go.dev/github.com/d3mondev/puredns/v2\"\u003e\u003cimg src=\"https://img.shields.io/static/v1?label=doc\u0026message=reference\u0026color=teal\u0026style=for-the-badge\u0026logo=go\"\u003e\u003c/a\u003e\n    \u003cimg src=\"https://img.shields.io/github/actions/workflow/status/d3mondev/puredns/build.yml?branch=master\u0026style=for-the-badge\"\u003e\n    \u003ca href=\"https://codecov.io/gh/d3mondev/puredns\"\u003e\u003cimg src=\"https://img.shields.io/codecov/c/github/d3mondev/puredns?style=for-the-badge\u0026token=DHUSMB9I46\"\u003e\u003c/a\u003e\n    \u003ca href=\"https://twitter.com/d3mondev\"\u003e\u003cimg src=\"https://img.shields.io/twitter/follow/d3mondev?logo=twitter\u0026style=for-the-badge\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\u003cimg src=\"assets/puredns-logo.png\" width=\"500\"\u003e\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n    Fast domain resolver and subdomain bruteforcing with accurate wildcard filtering\n    \u003cbr /\u003e\n    \u003ca href=\"#getting-started\"\u003e\u003cstrong\u003eGetting Started »\u003c/strong\u003e\u003c/a\u003e\n    \u003cbr /\u003e\n    \u003cbr /\u003e\n    \u003ca href=\"#usage\"\u003eUsage\u003c/a\u003e\n    ·\n    \u003ca href=\"#how-it-works\"\u003eHow it works\u003c/a\u003e\n    ·\n    \u003ca href=\"#sponsorship\"\u003eSponsorship\u003c/a\u003e\n    ·\n    \u003ca href=\"#faq\"\u003eFAQ\u003c/a\u003e\n\u003c/p\u003e\n\n# About\n\n**puredns** is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.\n\nIt uses [massdns](https://github.com/blechschmidt/massdns), a powerful stub DNS resolver, to perform bulk lookups. With the proper bandwidth and a good list of public resolvers, it can resolve millions of queries in just a few minutes. Unfortunately, the results from massdns are only as good as the answers provided by the public resolvers. The results are often polluted by wrong DNS answers and false positives from wildcard subdomains.\n\n**puredns** solves this with its wildcard detection algorithm. It can filter out wildcards based on the DNS answers obtained from a set of trusted resolvers. It also attempts to work around DNS poisoning by validating the answers obtained using those trusted resolvers.\n\nThink this is useful? :star: Star us on GitHub — it helps!\n\n![puredns terminal](assets/puredns-terminal.png)\n\n## Features\n\n* Resolve thousands of DNS queries per second using massdns and a list of public DNS resolvers\n* Bruteforce subdomains using a wordlist and root domains\n* Clean wildcards and detect wildcard roots using the minimal number of queries to ensure precise results\n* Circumvent DNS load-balancing during wildcard detection\n* Validate that the results are free of DNS poisoning by running against a list of known, trusted resolvers\n* Save a list of valid domains, wildcard subdomain roots, and a clean massdns output containing only the valid entries\n* Read a list of domains or words from stdin and enable quiet mode for easy integration into custom automation pipelines\n\n# Sponsorship\n\u003cp align=\"center\"\u003e\u003ca href=\"https://github.com/sponsors/d3mondev\"\u003e\u003cimg src=\"assets/become-sponsor.jpg\" width=\"300\"\u003e\u003c/a\u003e\u003c/p\u003e\n\u003ctable\u003e\n    \u003ctr\u003e\n        \u003ctd\u003e\n            \u003cp\u003eIf my work is earning you money, \u003ca href=\"https://github.com/sponsors/d3mondev\"\u003econsider becoming a sponsor\u003c/a\u003e! You can earn some unique perks!\u003c/p\u003e\n            \u003cp\u003eIt would also mean A WHOLE LOT ❤️ as it would allow me to continue working for free for the community. But no matter what you do, rest assured that my software will remain free and open-source for you to use.\u003c/p\u003e\n        \u003c/td\u003e\n    \u003c/tr\u003e\n\u003c/table\u003e\n\n# Getting Started\n\n## Prerequisites\n\n### massdns\nPuredns requires massdns on the host machine. If the path to the massdns binary is present in the PATH environment variable, puredns will work out of the box. A good place to copy the massdns executable is `/usr/local/bin` on most systems. Otherwise, you will need to specify the path to the massdns binary file using the `--bin` command-line argument.\n\nThe following should work on most Debian based systems. [Follow the official instructions](https://github.com/blechschmidt/massdns#compilation) for more information.\n```\ngit clone https://github.com/blechschmidt/massdns.git\ncd massdns\nmake\nsudo make install\n```\n\n### List of public DNS resolver servers\n\nYou need to obtain a list of public DNS servers in order to use puredns. [Refer to the FAQ](#how-do-i-get-resolvers-for-use-with-puredns) to learn how to curate your own list of working servers.\n\n## Installation\n\nYou can [download a binary release](https://github.com/d3mondev/puredns/releases).\n\nAlternatively, you can compile the latest version easily. First make sure that Go is installed on your system - the last two major releases of Go are supported. Refer to the official [Go installation page](https://golang.org/doc/install) for installation instructions. Then run the following command:\n\n```\ngo install github.com/d3mondev/puredns/v2@latest\n```\n\n# Usage\n\nMake sure to view the complete list of available commands and options using `puredns --help`.\n\n\nIf a `resolvers.txt` file exists in the current working directory, puredns will default to using it. Otherwise, if either `~/.config/puredns/resolvers.txt` or `~/.config/puredns/resolvers-trusted.txt` files are present, puredns will automatically utilize them as resolvers. If none of these options are available, specify the resolvers to use with the --resolvers and --resolvers-trusted arguments.\n\nSpecifying trusted resolvers is optional. By default, puredns will simply use 8.8.8.8 and 8.8.4.4.\n\n### Subdomain bruteforcing\n\nHere's how to bruteforce a massive list of subdomains using a wordlist named `all.txt`:\n\n`puredns bruteforce all.txt domain.com`\n\nYou can also bruteforce multiple domains at once with the `-d` option to load a text file containing domains instead of specifying a single domain as an argument:\n\n`puredns bruteforce all.txt -d domains.txt`\n\n### Resolving a list of domains\n\nYou can also resolve a list of domains contained in a text file (one per line).\n\n`puredns resolve domains.txt`\n\n### Stdin operation\n\nYou can pass the list of domains to resolve through stdin:\n\n`cat domains.txt | puredns resolve`\n\nOr a list of words to use for bruteforcing:\n\n`cat wordlist.txt | puredns bruteforce domain.com`\n\nYou can also add the `-q` switch to output only the domains found to pipe to other tools:\n\n`cat domains.txt | puredns resolve -q | httprobe`\n\n### Saving the results to files\n\nYou can save the following information to files to reuse it in your workflows:\n\n* **domains**: clean list of domains that resolve correctly\n* **wildcard root domains**: list of the wildcard root domains found (i.e., *\\*.store.yahoo.com*)\n* **massdns results file (-o Snl text output)**: can be used as a reference and to extract A and CNAME records.\n\n```\npuredns resolve domains.txt --write valid_domains.txt \\\n                            --write-wildcards wildcards.txt \\\n                            --write-massdns massdns.txt\n```\n\n# How it works\n\n![puredns in operation](/assets/puredns-operation.gif)\n\nYou can see puredns in action against the domain google.com using a small wordlist of the 100k most common subdomains in the image above.\n\nAs part of its workflow, puredns performs three steps automatically:\n\n1. Mass resolve using public DNS servers\n2. Wildcard detection\n3. Validation\n\n#### 1. Mass resolve using public DNS servers\n\nUsing massdns, puredns will perform a mass resolve of all the domains and subdomains. It feeds the data to massdns through stdin, which allows it to throttle the number of queries per second if needed and perform basic sanitization on the list of domains generated.\n\nBy default, the input domains are set to lowercase, and only entries containing valid characters are accepted (essentially `[a-z0-9.-]`). You can disable this with the `--skip-sanitize` flag.\n\nAfter this step, the results are usually polluted: some public resolvers will send back bad answers, and wildcard subdomains can quickly inflate the results.\n\n#### 2. Wildcard detection\n\nPuredns then uses its wildcard detection algorithm to detect and extract all the wildcard subdomain roots from the massdns results file.\n\nIt will use the massdns output from step 1 as a DNS cache to minimize the number of queries it needs to perform. To ensure precise results, it may have to validate the cache results by performing a DNS query.\n\nYou can skip this step using the `--skip-wildcard` flag.\n\n#### 3. Validation\n\nTo protect against DNS poisoning, puredns uses massdns one last time to validate the remaining results using trusted DNS resolvers. Currently, the internal trusted resolvers used are `8.8.8.8` and `8.8.4.4`. This step is done at a slower pace to avoid hitting any rate limiting on the trusted resolvers.\n\nYou can skip this step using the `--skip-validation` flag.\n\nAt this point, the resulting files should be clean of wildcard subdomains and DNS poisoned answers.\n\n# FAQ\n\n### How do I get resolvers for use with puredns?\n\nTrickest maintains a list of valid resolvers here: https://github.com/trickest/resolvers\n\nAlternatively, you can obtain a list of public resolvers from [public-dns.info](https://public-dns.info/nameservers-all.txt), then use the [DNS Validator](https://github.com/vortexau/dnsvalidator) project to keep only resolvers that provide valid answers.\n\nIf your public resolvers provide incorrect information to puredns, for example by sending back poisoned replies, some subdomains can be missed as they will get filtered out. ***Hint:*** *Avoid resolvers from countries that censor the internet, like China.*\n\nOnce you have a list of custom resolvers, you can pass them to puredns with the `-r` argument or by placing them in a file located at `~/.config/puredns/resolvers.txt`:\n\n`puredns resolve domains.txt -r resolvers.txt`\n\nThe default trusted resolvers are currently `8.8.8.8` and `8.8.4.4`. If you do want to change them, you can also specify a custom list with the `--resolvers-trusted` argument or by placing them in a file located at `~/.config/puredns/resolvers-trusted.txt`. I have done many tests to find the best possible trusted resolvers for puredns - make sure to validate your results carefully if you decide to change them, and adjust the rate-limit with `--rate-limit-trusted`.\n\n`puredns resolve domains.txt -r resolvers.txt --resolvers-trusted trusted.txt`\n\n### Why are there domains that do not resolve to an IP address in the results?\n\nPuredns does not simply ignore DNS answers containing NXDOMAIN. Sometimes, those NXDOMAIN answers have valid CNAME records that point to expired domains. If those records are present, they may point to an unregistered domain, allowing for subdomain takeovers.\n\nIf you are getting back domains that do not resolve to an IP address, check to see if they contain a CNAME record of interest:\n\n`dig @8.8.8.8 CNAME example.com`\n\n### Why are there wildcards not being filtered out correctly for some domains?\n\nThe most likely cause is DNS load balancing - sometimes, you'll get different IP addresses for each unique DNS query made. It can make it very hard to detect wildcard subdomains by comparing their DNS records.\n\nYou can specify the number of tests that puredns will perform to gather all the different IP addresses for a subdomain during wildcard detection. The default number is 3 tests, which is very low. I've seen domains with a lot of balancing take more than 50 queries to return results that were not perfect but good enough.\n\nYou can try to increase the number of tests performed to detect wildcard subdomains with the `--wildcard-tests` argument:\n\n`puredns resolve domains.txt --wildcard-tests 50`\n\n### Why does puredns crash with an out-of-memory error when resolving very large lists?\n\nTo detect wildcards, puredns needs to keep a cache of the DNS answers found. If your list of domains is in the hundreds of millions and contains many wildcard subdomains, the host can run out of memory. But there's an easy solution.\n\nBy default, puredns puts all the domains in a single batch to save on the number of DNS queries and execution time. If memory is a concern, it's possible to process the domains in multiple smaller batches with the `--wildcard-batch` argument. I have found a good size to be between 1M and 2M subdomains for a VPS with 1GB RAM.\n\n`puredns resolve domains.txt --wildcard-batch 1000000`\n\n### Why do the results sometimes contain duplicate domains?\n\nPuredns does not remove duplicates anywhere in its pipeline. If the input file contains duplicate items such as identical words or domains, puredns will output duplicate elements. You can ensure that the input files provided to puredns are free of duplicates by using a tool like `sort -u`.\n\n### Why do the results sometimes contain unrelated domains?\n\nIt is likely due to the public resolvers used. Some of them will sometimes return answers unrelated to the queries, leading to random domain names in the output. Puredns does not currently handle this case and leaves it to the user to sanitize the output to ensure the domains found respect the scope.\n\n# Resources\n\n[public-dns.info](https://public-dns.info/) continuously updates a list of public and free DNS resolvers.\n\n[DNS Validator](https://github.com/vortexau/dnsvalidator) can be used to curate your own list of public DNS resolvers.\n\n[all.txt wordlist](https://gist.github.com/jhaddix/f64c97d0863a78454e44c2f7119c2a6a) Jhaddix's iconic `all.txt` wordlist is commonly used for subdomain enumeration.\n\n[shuffleDNS](https://github.com/projectdiscovery/shuffledns) is a good alternative written in go that handles wildcard subdomains using a different algorithm.\n\n# Contributions\n\nYou can contribute to puredns in the following ways:\n\n* [Submit new feature ideas](https://github.com/d3mondev/puredns/issues)\n* [Report bugs](https://github.com/d3mondev/puredns/issues) as issues\n* Star ⭐ this repository\n* Spread the word about puredns\n* [Become a sponsor](https://github.com/sponsors/d3mondev) 🥇 and earn unique perks\n\nDo you have an idea for an amazing new feature? Did you find a bug you want to fix? Great! Feel free to [submit an issue](https://github.com/d3mondev/puredns/issues) for discussion before making a pull request.\n\nI will not be accepting pull requests for trivial changes such as typo corrections, best practices, minor fixes, etc.\n\n# Disclaimer \u0026 License\n\nAny resolvers included in this repository are present for reference only. The author is not responsible for any misuse of the resolvers in that list. It is the user's responsibility to curate a list of resolvers you are authorized to use.\n\nUsage of this program for attacking targets without consent is illegal. It is the user's responsibility to obey all applicable laws. The developer assumes no liability and is not responsible for any misuse or damage caused by this program. Please use responsibly.\n\nThe material contained in this repository is licensed under GNU GPLv3.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fd3mondev%2Fpuredns","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fd3mondev%2Fpuredns","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fd3mondev%2Fpuredns/lists"}