{"id":13586086,"url":"https://github.com/mhelwig/privdns","last_synced_at":"2025-04-07T14:33:31.916Z","repository":{"id":75633416,"uuid":"119404586","full_name":"mhelwig/privdns","owner":"mhelwig","description":"Check dns servers for reverse resolving private ips","archived":false,"fork":false,"pushed_at":"2018-05-08T11:31:00.000Z","size":7,"stargazers_count":37,"open_issues_count":1,"forks_count":6,"subscribers_count":1,"default_branch":"master","last_synced_at":"2024-02-13T21:22:34.832Z","etag":null,"topics":["dns","pentesting","python3"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"lgpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mhelwig.png","metadata":{"files":{"readme":"README.MD","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-01-29T15:55:12.000Z","updated_at":"2024-08-01T16:32:00.519Z","dependencies_parsed_at":"2023-06-07T04:30:09.885Z","dependency_job_id":null,"html_url":"https://github.com/mhelwig/privdns","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mhelwig%2Fprivdns","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mhelwig%2Fprivdns/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mhelwig%2Fprivdns/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mhelwig%2Fprivdns/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mhelwig","download_url":"https://codeload.github.com/mhelwig/privdns/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223285056,"owners_count":17119826,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dns","pentesting","python3"],"created_at":"2024-08-01T15:05:19.053Z","updated_at":"2025-04-07T14:33:31.909Z","avatar_url":"https://github.com/mhelwig.png","language":"Python","funding_links":[],"categories":["Python"],"sub_categories":[],"readme":"# Privdns.py - Private IP DNS check\n\n## What does it do?\nYou can use it to check if your nameserver resolves private IPs to external clients. Reverse quering nameservers for private IP addresses might give an result, sometimes unexpectedly leaking infrastructure domains and ips.\n\nIt's basically a reverse DNS query in a loop directed at a specific nameserver. You can do the same thing with dig -x but privdns automates some things.\n\n## Requirements\n\n* Python3\n* ipaddress package (pip3 install ipaddress)\n* dns python (pip3 install dnspython)\n\n## How to run it\n\n```\nmichael@seventysix ~/privdns % python3 privdns.py \nPlease specifiy either nameserver or network\nusage: privdns.py [-h] [--quickcheck] [--timeout [TIMEOUT]]\n                  [--max-queries MAX_QUERIES] [--outfile [OUTFILE]]\n                  [--infile [INFILE]]\n                  [nameserver] [network]\n\npositional arguments:\n  nameserver            nameserver IP or hostname\n  network               network range in CIDR notation to check, e.g.\n                        10.0.0.0/8\n\noptional arguments:\n  -h, --help            show this help message and exit\n  --quickcheck, -q      Quick check: Use for batch testing. Scans the first\n                        entries of each private network.\n  --timeout [TIMEOUT], -t [TIMEOUT]\n                        Manually adjust timout in seconds. Default is 5\n  --max-queries MAX_QUERIES, -m MAX_QUERIES\n                        Maximal number of queries for a network. In quickcheck\n                        mode each private network will be called with the\n                        first number of ips specified here. Default 15.\n  --outfile [OUTFILE], -o [OUTFILE]\n                        write results in file\n  --infile [INFILE], -i [INFILE]\n                        Read nameservers from here, 1 per line\n\n```\n\n## Example\n\nScan the beginning of each private network (I know that fd00::1 is in range of fc00::1 but it still makes sense to check both)\n\n```\nmichael@seventysix ~/privdns % ./privdns.py 8.8.8.8\n[*] Checking nameserver 8.8.8.8\n[.] Resolved but no entry for 10.0.0.1\n[.] Resolved but no entry for 172.16.0.1\n[.] Resolved but no entry for 192.168.0.1\n[.] Resolved but no entry for fc00::1\n[.] Resolved but no entry for fd00::1\n```\n\nScan a specific network range in a given dnsserver\n```\nmichael@seventysix ~/privdns % ./privdns.py 8.8.8.8 10.0.0.0/8\n[*] Checking nameserver 8.8.8.8\n[.] Resolved but no entry for 10.0.0.1\n[.] Resolved but no entry for 10.0.0.2\n[.] Resolved but no entry for 10.0.0.3\n[.] Resolved but no entry for 10.0.0.4\n[.] Resolved but no entry for 10.0.0.5\n\n```\n\nDo a quickcheck, i.e. scan the first servers for each private network range (10.0.0.1 - 10.0.0.15, 172.16.0.1 - 172.16.0.15 etc.)\n```\nmichael@seventysix ~/privdns % ./privdns.py -q 8.8.8.8\n[*] Checking nameserver 8.8.8.8\n[*] Checking network 10.0.0.0/8\n    * Nameserver responded, further checks \n[*] Checking network 172.16.0.0/12\n    * Nameserver responded, further checks \n[*] Checking network 192.168.0.0/16\n    * Nameserver responded, further checks \n[*] Checking network fc00::/7\n    * Nameserver responded, further checks \n[*] Checking network fd00::/8\n    * Nameserver responded, further checks \n```\n\n## Troubleshooting\n\n1. I'm geting a \"host bit set\" error\n\nSpecify your network correctly, it should match your CIDR notation and all \"free\" bits need to be zero. So you can tell it to scan 10.0.0.0/8 but not 10.0.1.0/8. You would have to specify 10.0.1.0/24 then.\n\n2. How can I scan a single private ip?\n\nYou can't do that with this tool. Use dig or something else.\n\n3. Is it fast?\n\nNo, it's slow and not threaded or optimized for speed. It still should be usable for standard usecases.\n\n## Additional notes\n\nI scanned around 20K german and US nameservers for this. It doesn't seem to be a too common problem. Mostly servers belonging to the same companies showed up in the hits, as well as some private routers (mostly broadcom). You can read more on this here: https://www.codemetrix.net/when-your-dns-leaks-your-infrastructure/\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmhelwig%2Fprivdns","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmhelwig%2Fprivdns","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmhelwig%2Fprivdns/lists"}