{"id":13541847,"url":"https://github.com/projectdiscovery/dnsx","last_synced_at":"2025-05-12T15:34:49.053Z","repository":{"id":37657376,"uuid":"312360662","full_name":"projectdiscovery/dnsx","owner":"projectdiscovery","description":"dnsx is a fast and multi-purpose DNS toolkit allow to run multiple DNS queries of your choice with a list of user-supplied resolvers.","archived":false,"fork":false,"pushed_at":"2025-03-17T02:58:24.000Z","size":2745,"stargazers_count":2335,"open_issues_count":11,"forks_count":253,"subscribers_count":35,"default_branch":"dev","last_synced_at":"2025-05-08T00:45:54.566Z","etag":null,"topics":["cli","dns-bruteforcer","dns-client","dns-records","dns-resolution","wildcard-filtering"],"latest_commit_sha":null,"homepage":"https://docs.projectdiscovery.io/tools/dnsx","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/projectdiscovery.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-11-12T18:20:20.000Z","updated_at":"2025-05-06T21:23:27.000Z","dependencies_parsed_at":"2024-11-11T04:17:44.538Z","dependency_job_id":"2fe12ff4-c236-457d-a83c-72714a669df2","html_url":"https://github.com/projectdiscovery/dnsx","commit_stats":{"total_commits":552,"total_committers":32,"mean_commits":17.25,"dds":0.4257246376811594,"last_synced_commit":"15dfbe004ecddb4c287707650dd38bb7c04c264c"},"previous_names":[],"tags_count":20,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projectdiscovery%2Fdnsx","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projectdiscovery%2Fdnsx/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projectdiscovery%2Fdnsx/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/projectdiscovery%2Fdnsx/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/projectdiscovery","download_url":"https://codeload.github.com/projectdiscovery/dnsx/tar.gz/refs/heads/dev","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253766348,"owners_count":21960896,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cli","dns-bruteforcer","dns-client","dns-records","dns-resolution","wildcard-filtering"],"created_at":"2024-08-01T10:00:57.772Z","updated_at":"2025-05-12T15:34:49.002Z","avatar_url":"https://github.com/projectdiscovery.png","language":"Go","readme":"\u003ch1 align=\"center\"\u003e\n  \u003cimg src=\"static/dnsx-logo.png\" alt=\"dnsx\" width=\"200px\"\u003e\n  \u003cbr\u003e\n\u003c/h1\u003e\n\n\u003ch4 align=\"center\"\u003eA fast and multi-purpose DNS toolkit designed for running DNS queries\u003c/h4\u003e\n\n\u003cp align=\"center\"\u003e\n\u003ca href=\"https://goreportcard.com/report/github.com/projectdiscovery/dnsx\"\u003e\u003cimg src=\"https://goreportcard.com/badge/github.com/projectdiscovery/dnsx\"\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/projectdiscovery/dnsx/issues\"\u003e\u003cimg src=\"https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat\"\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/projectdiscovery/dnsx/releases\"\u003e\u003cimg src=\"https://img.shields.io/github/release/projectdiscovery/dnsx\"\u003e\u003c/a\u003e\n\u003ca href=\"https://twitter.com/pdiscoveryio\"\u003e\u003cimg src=\"https://img.shields.io/twitter/follow/pdiscoveryio.svg?logo=twitter\"\u003e\u003c/a\u003e\n\u003ca href=\"https://discord.gg/projectdiscovery\"\u003e\u003cimg src=\"https://img.shields.io/discord/695645237418131507.svg?logo=discord\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"#features\"\u003eFeatures\u003c/a\u003e •\n  \u003ca href=\"#installation-instructions\"\u003eInstallation\u003c/a\u003e •\n  \u003ca href=\"#usage\"\u003eUsage\u003c/a\u003e •\n  \u003ca href=\"#running-dnsx\"\u003eRunning `dnsx`\u003c/a\u003e •\n  \u003ca href=\"#wildcard-filtering\"\u003eWildcard\u003c/a\u003e •\n  \u003ca href=\"#-notes\"\u003eNotes\u003c/a\u003e •\n  \u003ca href=\"https://discord.gg/projectdiscovery\"\u003eJoin Discord\u003c/a\u003e\n\u003c/p\u003e\n\n\n---\n\n`dnsx` is a fast and multi-purpose DNS toolkit designed for running various probes through the [retryabledns](https://github.com/projectdiscovery/retryabledns) library. It supports multiple DNS queries, user supplied resolvers, DNS wildcard filtering like [shuffledns](https://github.com/projectdiscovery/shuffledns) etc.\n\n\n# Features\n\n\u003ch1 align=\"left\"\u003e\n  \u003cimg src=\"https://github.com/projectdiscovery/dnsx/assets/8293321/73fe69a0-15b8-4b54-bacc-e201edd90103\" alt=\"dnsx\" width=\"700px\"\u003e\u003c/a\u003e\n  \u003cbr\u003e\n\u003c/h1\u003e\n\n\n - Simple and Handy utility to query DNS records.\n - **A, AAAA, CNAME, PTR, NS, MX, TXT, SRV, SOA** query support\n - DNS **Resolution** / **Brute-force** support\n - Custom **resolver** input support\n - Multiple resolver format **(TCP/UDP/DOH/DOT)** support\n - **stdin** and **stdout** support\n - Automatic **wildcard** handling support\n\n# Installation Instructions\n\n\n`dnsx` requires **go1.21** to install successfully. Run the following command to install the latest version: \n\n```sh\ngo install -v github.com/projectdiscovery/dnsx/cmd/dnsx@latest\n```\n\n# Usage\n\n```sh\ndnsx -h\n```\n\nThis will display help for the tool. Here are all the switches it supports.\n\n```console\nINPUT:\n   -l, -list string      list of sub(domains)/hosts to resolve (file or stdin)\n   -d, -domain string    list of domain to bruteforce (file or comma separated or stdin)\n   -w, -wordlist string  list of words to bruteforce (file or comma separated or stdin)\n\nQUERY:\n   -a                       query A record (default)\n   -aaaa                    query AAAA record\n   -cname                   query CNAME record\n   -ns                      query NS record\n   -txt                     query TXT record\n   -srv                     query SRV record\n   -ptr                     query PTR record\n   -mx                      query MX record\n   -soa                     query SOA record\n   -any                     query ANY record\n   -axfr                    query AXFR\n   -caa                     query CAA record\n   -recon                   query all the dns records (a,aaaa,cname,ns,txt,srv,ptr,mx,soa,axfr,caa)\n   -e, -exclude-type value  dns query type to exclude (a,aaaa,cname,ns,txt,srv,ptr,mx,soa,axfr,caa) (default none)\n\nFILTER:\n   -re, -resp          display dns response\n   -ro, -resp-only     display dns response only\n   -rc, -rcode string  filter result by dns status code (eg. -rcode noerror,servfail,refused)\n\nPROBE:\n   -cdn  display cdn name\n   -asn  display host asn information\n\nRATE-LIMIT:\n   -t, -threads int      number of concurrent threads to use (default 100)\n   -rl, -rate-limit int  number of dns request/second to make (disabled as default) (default -1)\n\nUPDATE:\n   -up, -update                 update dnsx to latest version\n   -duc, -disable-update-check  disable automatic dnsx update check\n\nOUTPUT:\n   -o, -output string  file to write output\n   -j, -json           write output in JSONL(ines) format\n   -omit-raw, -or      omit raw dns response from jsonl output\n\nDEBUG:\n   -hc, -health-check  run diagnostic check up\n   -silent             display only results in the output\n   -v, -verbose        display verbose output\n   -raw, -debug        display raw dns response\n   -stats              display stats of the running scan\n   -version            display version of dnsx\n   -nc, -no-color      disable color in output\n\nOPTIMIZATION:\n   -retry int                number of dns attempts to make (must be at least 1) (default 2)\n   -hf, -hostsfile           use system host file\n   -trace                    perform dns tracing\n   -trace-max-recursion int  Max recursion for dns trace (default 32767)\n   -resume                   resume existing scan\n   -stream                   stream mode (wordlist, wildcard, stats and stop/resume will be disabled)\n\nCONFIGURATIONS:\n   -auth                         configure projectdiscovery cloud (pdcp) api key (default true)\n   -r, -resolver string          list of resolvers to use (file or comma separated)\n   -wt, -wildcard-threshold int  wildcard filter threshold (default 5)\n   -wd, -wildcard-domain string  domain name for wildcard filtering (other flags will be ignored - only json output is supported)\n```\n\n## Running dnsx\n\n### DNS Resolving\n\nFilter active hostnames from the list of passive subdomains, obtained from various sources:\n\n```console\nsubfinder -silent -d hackerone.com | dnsx -silent\n\na.ns.hackerone.com\nwww.hackerone.com\napi.hackerone.com\ndocs.hackerone.com\nmta-sts.managed.hackerone.com\nmta-sts.hackerone.com\nresources.hackerone.com\nb.ns.hackerone.com\nmta-sts.forwarding.hackerone.com\nevents.hackerone.com\nsupport.hackerone.com\n```\n\nPrint **A** records for the given list of subdomains:\n\n```console\nsubfinder -silent -d hackerone.com | dnsx -silent -a -resp\n\nwww.hackerone.com [104.16.100.52]\nwww.hackerone.com [104.16.99.52]\nhackerone.com [104.16.99.52]\nhackerone.com [104.16.100.52]\napi.hackerone.com [104.16.99.52]\napi.hackerone.com [104.16.100.52]\nmta-sts.forwarding.hackerone.com [185.199.108.153]\nmta-sts.forwarding.hackerone.com [185.199.109.153]\nmta-sts.forwarding.hackerone.com [185.199.110.153]\nmta-sts.forwarding.hackerone.com [185.199.111.153]\na.ns.hackerone.com [162.159.0.31]\nresources.hackerone.com [52.60.160.16]\nresources.hackerone.com [3.98.63.202]\nresources.hackerone.com [52.60.165.183]\nresources.hackerone.com [read.uberflip.com]\nmta-sts.hackerone.com [185.199.110.153]\nmta-sts.hackerone.com [185.199.111.153]\nmta-sts.hackerone.com [185.199.109.153]\nmta-sts.hackerone.com [185.199.108.153]\ngslink.hackerone.com [13.35.210.17]\ngslink.hackerone.com [13.35.210.38]\ngslink.hackerone.com [13.35.210.83]\ngslink.hackerone.com [13.35.210.19]\nb.ns.hackerone.com [162.159.1.31]\ndocs.hackerone.com [185.199.109.153]\ndocs.hackerone.com [185.199.110.153]\ndocs.hackerone.com [185.199.111.153]\ndocs.hackerone.com [185.199.108.153]\nsupport.hackerone.com [104.16.51.111]\nsupport.hackerone.com [104.16.53.111]\nmta-sts.managed.hackerone.com [185.199.108.153]\nmta-sts.managed.hackerone.com [185.199.109.153]\nmta-sts.managed.hackerone.com [185.199.110.153]\nmta-sts.managed.hackerone.com [185.199.111.153]\n```\n\nExtract **A** records for the given list of subdomains:\n\n```console\nsubfinder -silent -d hackerone.com | dnsx -silent -a -resp-only\n\n104.16.99.52\n104.16.100.52\n162.159.1.31\n104.16.99.52\n104.16.100.52\n185.199.110.153\n185.199.111.153\n185.199.108.153\n185.199.109.153\n104.16.99.52\n104.16.100.52\n104.16.51.111\n104.16.53.111\n185.199.108.153\n185.199.111.153\n185.199.110.153\n185.199.111.153\n```\n\nExtract **CNAME** records for the given list of subdomains:\n\n```console\nsubfinder -silent -d hackerone.com | dnsx -silent -cname -resp\n\nsupport.hackerone.com [hackerone.zendesk.com]\nresources.hackerone.com [read.uberflip.com]\nmta-sts.hackerone.com [hacker0x01.github.io]\nmta-sts.forwarding.hackerone.com [hacker0x01.github.io]\nevents.hackerone.com [whitelabel.bigmarker.com]\n```\nExtract **ASN** records for the given list of subdomains:\n```console\nsubfinder -silent -d hackerone.com | dnsx -silent  -asn\n\nb.ns.hackerone.com [AS13335, CLOUDFLARENET, US]\na.ns.hackerone.com [AS13335, CLOUDFLARENET, US]\nhackerone.com [AS13335, CLOUDFLARENET, US]\nwww.hackerone.com [AS13335, CLOUDFLARENET, US]\napi.hackerone.com [AS13335, CLOUDFLARENET, US]\nsupport.hackerone.com [AS13335, CLOUDFLARENET, US]\n```\n\nProbe using [dns status code](https://github.com/projectdiscovery/dnsx/wiki/RCODE-ID-VALUE-Mapping) on given list of (sub)domains:\n\n```console\nsubfinder -silent -d hackerone.com | dnsx -silent -rcode noerror,servfail,refused\n\nns.hackerone.com [NOERROR]\na.ns.hackerone.com [NOERROR]\nb.ns.hackerone.com [NOERROR]\nsupport.hackerone.com [NOERROR]\nresources.hackerone.com [NOERROR]\nmta-sts.hackerone.com [NOERROR]\nwww.hackerone.com [NOERROR]\nmta-sts.forwarding.hackerone.com [NOERROR]\ndocs.hackerone.com [NOERROR]\n```\n\nExtract subdomains from given network range using `PTR` query:\n\n```console\necho 173.0.84.0/24 | dnsx -silent -resp-only -ptr\n\ncors.api.paypal.com\ntrinityadminauth.paypal.com\ncld-edge-origin-api.paypal.com\nappmanagement.paypal.com\nsvcs.paypal.com\ntrinitypie-serv.paypal.com\nppn.paypal.com\npointofsale-new.paypal.com\npointofsale.paypal.com\nslc-a-origin-pointofsale.paypal.com\nfpdbs.paypal.com\n```\n\nExtract subdomains from given ASN using `PTR` query:\n```console\necho AS17012 | dnsx -silent -resp-only -ptr \n\napiagw-a.paypal.com\nnotify.paypal.com\nadnormserv-slc-a.paypal.com\na.sandbox.paypal.com\napps2.paypal-labs.com\npilot-payflowpro.paypal.com\nwww.paypallabs.com\npaypal-portal.com\nmicropayments.paypal-labs.com\nminicart.paypal-labs.com\n```\n---------\n\n### DNS Bruteforce\n\nBruteforce subdomains for given domain or list of domains using `d` and `w` flag:\n\n```console\ndnsx -silent -d facebook.com -w dns_worldlist.txt\n\nblog.facebook.com\nbooking.facebook.com\napi.facebook.com\nanalytics.facebook.com\nbeta.facebook.com\napollo.facebook.com\nads.facebook.com\nbox.facebook.com\nalpha.facebook.com\napps.facebook.com\nconnect.facebook.com\nc.facebook.com\ncareers.facebook.com\ncode.facebook.com\n```\n\nBruteforce targeted subdomain using single or multiple keyword input, as `d` or `w` flag supports file or comma separated keyword inputs:\n\n```console\ndnsx -silent -d domains.txt -w jira,grafana,jenkins\n\ngrafana.1688.com\ngrafana.8x8.vc\ngrafana.airmap.com\ngrafana.aerius.nl\njenkins.1688.com\njenkins.airbnb.app\njenkins.airmap.com\njenkins.ahn.nl\njenkins.achmea.nl\njira.amocrm.com\njira.amexgbt.com\njira.amitree.com\njira.arrival.com\njira.atlassian.net\njira.atlassian.com\n```\n\nValues are accepted from **stdin** for all the input types (`-list`, `-domain`, `-wordlist`). The `-list` flag defaults to `stdin`, but the same can be achieved for other input types by adding a `-` (dash) as parameter:\n\n```console\ncat domains.txt | dnsx -silent -w jira,grafana,jenkins -d -\n\ngrafana.1688.com\ngrafana.8x8.vc\ngrafana.airmap.com\ngrafana.aerius.nl\njenkins.1688.com\njenkins.airbnb.app\njenkins.airmap.com\njenkins.ahn.nl\njenkins.achmea.nl\njira.amocrm.com\njira.amexgbt.com\njira.amitree.com\njira.arrival.com\njira.atlassian.net\njira.atlassian.com\n```\n\n#### DNS Bruteforce with Placeholder based wordlist\n\n```bash\n$ cat tld.txt\n\ncom\nby\nde\nbe\nal\nbi\ncg\ndj\nbs\n```\n\n```console\ndnsx -d google.FUZZ -w tld.txt -resp\n\n      _             __  __\n   __| | _ __   ___ \\ \\/ /\n  / _' || '_ \\ / __| \\  / \n | (_| || | | |\\__ \\ /  \\ \n  \\__,_||_| |_||___//_/\\_\\ v1.1.2\n\n      projectdiscovery.io\n\ngoogle.de [142.250.194.99] \ngoogle.com [142.250.76.206] \ngoogle.be [172.217.27.163] \ngoogle.bs [142.251.42.35] \ngoogle.bi [216.58.196.67] \ngoogle.al [216.58.196.68] \ngoogle.by [142.250.195.4] \ngoogle.cg [142.250.183.131] \ngoogle.dj [142.250.192.3] \n```\n\n### Wildcard filtering\n\nA special feature of `dnsx` is its ability to handle **multi-level DNS based wildcards**, and do it so with a very reduced number of DNS requests. Sometimes all the subdomains will resolve, which leads to lots of garbage in the output. The way `dnsx` handles this is by keeping track of how many subdomains point to an IP and if the count of the subdomains increase beyond a certain threshold, it will check for wildcards on all the levels of the hosts for that IP iteratively.\n\n```console\ndnsx -l subdomain_list.txt -wd airbnb.com -o output.txt\n```\n\n---------\n\n### Dnsx as a library\n\nIt's possible to use the library directly in your golang programs. The following code snippets is an example of use in golang programs. Please refer to [here](https://pkg.go.dev/github.com/projectdiscovery/dnsx@v1.1.0/libs/dnsx) for detailed package configuration and usage.\n\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/projectdiscovery/dnsx/libs/dnsx\"\n)\n\nfunc main() {\n\t// Create DNS Resolver with default options\n\tdnsClient, err := dnsx.New(dnsx.DefaultOptions)\n\tif err != nil {\n\t\tfmt.Printf(\"err: %v\\n\", err)\n\t\treturn\n\t}\n\n\t// DNS A question and returns corresponding IPs\n\tresult, err := dnsClient.Lookup(\"hackerone.com\")\n\tif err != nil {\n\t\tfmt.Printf(\"err: %v\\n\", err)\n\t\treturn\n\t}\n\tfor idx, msg := range result {\n\t\tfmt.Printf(\"%d: %s\\n\", idx+1, msg)\n\t}\n\n\t// Query\n\trawResp, err := dnsClient.QueryOne(\"hackerone.com\")\n\tif err != nil {\n\t\tfmt.Printf(\"err: %v\\n\", err)\n\t\treturn\n\t}\n\tfmt.Printf(\"rawResp: %v\\n\", rawResp)\n\n\tjsonStr, err := rawResp.JSON()\n\tif err != nil {\n\t\tfmt.Printf(\"err: %v\\n\", err)\n\t\treturn\n\t}\n\tfmt.Println(jsonStr)\n\n\treturn\n}\n```\n\n# 📋 Notes\n\n- As default, `dnsx` checks for **A** record.\n- As default `dnsx` uses Google, Cloudflare, Quad9 [resolver](https://github.com/projectdiscovery/dnsx/blob/43af78839e237ea8cbafe571df1ab0d6cbe7f445/libs/dnsx/dnsx.go#L31).\n- Custom resolver list can be loaded using the `r` flag.\n- Domain name (`wd`) input is mandatory for wildcard elimination.\n- DNS record flag can not be used when using wildcard filtering.\n- DNS resolution (`l`) and DNS brute-forcing (`w`) can't be used together.\n- VPN operators tend to filter high DNS/UDP traffic, therefore the tool might experience packets loss (eg. [Mullvad VPN](https://github.com/projectdiscovery/dnsx/issues/221)). Check [this potential solution](./MULLVAD.md).\n\n`dnsx` is made with 🖤 by the [projectdiscovery](https://projectdiscovery.io) team.\n","funding_links":[],"categories":["Recon","Go","Weapons"],"sub_categories":["Subdomain Enumeration","Tools"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprojectdiscovery%2Fdnsx","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fprojectdiscovery%2Fdnsx","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprojectdiscovery%2Fdnsx/lists"}