{"id":13400423,"url":"https://github.com/pwnesia/dnstake","last_synced_at":"2025-05-16T09:05:10.042Z","repository":{"id":37693993,"uuid":"399437818","full_name":"pwnesia/dnstake","owner":"pwnesia","description":"DNSTake — A fast tool to check missing hosted DNS zones that can lead to subdomain takeover","archived":false,"fork":false,"pushed_at":"2023-02-13T09:08:15.000Z","size":52,"stargazers_count":817,"open_issues_count":8,"forks_count":67,"subscribers_count":10,"default_branch":"master","last_synced_at":"2024-07-31T19:24:37.413Z","etag":null,"topics":["dns","go","golang","nameserver","subdomain","takeover","vulnerability"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pwnesia.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null}},"created_at":"2021-08-24T11:22:15.000Z","updated_at":"2024-07-31T14:33:24.000Z","dependencies_parsed_at":"2023-02-16T17:16:16.585Z","dependency_job_id":null,"html_url":"https://github.com/pwnesia/dnstake","commit_stats":{"total_commits":32,"total_committers":7,"mean_commits":4.571428571428571,"dds":0.59375,"last_synced_commit":"3d9d96ef75139202fd25ba5c01292d8a94cd0682"},"previous_names":["dwisiswant0/dnstake"],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pwnesia%2Fdnstake","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pwnesia%2Fdnstake/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pwnesia%2Fdnstake/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pwnesia%2Fdnstake/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pwnesia","download_url":"https://codeload.github.com/pwnesia/dnstake/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254501557,"owners_count":22081528,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dns","go","golang","nameserver","subdomain","takeover","vulnerability"],"created_at":"2024-07-30T19:00:51.885Z","updated_at":"2025-05-16T09:05:05.033Z","avatar_url":"https://github.com/pwnesia.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"# DNSTake\n\n\u003cimg src=\"https://user-images.githubusercontent.com/25837540/131214165-06cb74c3-2754-48a6-a13d-bfcf592e646a.png\" width=\"480\" alt=\"DNSTake\" title=\"DNSTake\"\u003e\n\nA fast tool to check missing hosted DNS zones that can lead to subdomain takeover.\n\n---\n\n\n## What is a DNS takeover?\n\nDNS takeover vulnerabilities occur when a subdomain (subdomain.example.com) or domain has its authoritative nameserver set to a provider (e.g. AWS Route 53, Akamai, Microsoft Azure, etc.) but the hosted zone has been removed or deleted. Consequently, when making a [request for DNS records](https://www.diggui.com/#type=A\u0026hostname=github.technology\u0026nameserver=public\u0026public=8.8.8.8\u0026specify=\u0026clientsubnet=\u0026tcp=def\u0026transport=def\u0026mapped=def\u0026nssearch=def\u0026trace=def\u0026recurse=def\u0026edns=def\u0026dnssec=def\u0026subnet=def\u0026cookie=def\u0026all=def\u0026cmd=def\u0026question=def\u0026answer=def\u0026authority=def\u0026additional=def\u0026comments=def\u0026stats=def\u0026multiline=def\u0026short=def\u0026colorize=on) the server responds with a `SERVFAIL` error. This allows an attacker to create the missing hosted zone on the service that was being used and thus control all DNS records for that (sub)domain.¹\n\n## Installation\n\n### from Binary\n\nThe ez way! You can download a pre-built binary from [releases page](https://github.com/pwnesia/dnstake/releases), just unpack and run!\n\n### from Source\n\n\u003ctable\u003e\n\t\u003ctd\u003e\u003cb\u003eNOTE:\u003c/b\u003e \u003ca href=\"https://golang.org/doc/install\"\u003eGo 1.16+ compiler\u003c/a\u003e should be installed \u0026 configured!\u003c/td\u003e\n\u003c/table\u003e\n\nVery quick \u0026 clean!\n\n```bash\n▶ go install github.com/pwnesia/dnstake/cmd/dnstake@latest\n```\n\n#### — or\n\nManual building executable from source code:\n\n```bash\n▶ git clone https://github.com/pwnesia/dnstake\n▶ cd dnstake/cmd/dnstake\n▶ go build .\n▶ (sudo) mv dnstake /usr/local/bin\n```\n\n## Usage\n\n```console\n$ dnstake -h\n\n  ·▄▄▄▄   ▐ ▄ .▄▄ ·▄▄▄▄▄ ▄▄▄· ▄ •▄ ▄▄▄ .\n  ██▪ ██ •█▌▐█▐█ ▀.•██  ▐█ ▀█ █▌▄▌▪▀▄.▀·\n  ▐█· ▐█▌▐█▐▐▌▄▀▀▀█▄▐█.▪▄█▀▀█ ▐▀▀▄·▐▀▀▪▄\n  ██. ██ ██▐█▌▐█▄▪▐█▐█▌·▐█ ▪▐▌▐█.█▌▐█▄▄▌\n  ▀▀▀▀▀• ▀▀ █▪ ▀▀▀▀ ▀▀▀  ▀  ▀ ·▀  ▀ ▀▀▀\n\n        (c) pwnesia.org — v0.0.1\n\nUsage:\n  [stdin] | dnstake [options]\n  dnstake -t HOSTNAME [options]\n\nOptions:\n  -t, --target \u003cHOST/FILE\u003e    Define single target host/list to check\n  -c, --concurrent \u003ci\u003e        Set the concurrency level (default: 25)\n  -s, --silent                Suppress errors and/or clean output\n  -o, --output \u003cFILE\u003e         Save vulnerable hosts to FILE\n  -h, --help                  Display its help\n\nExamples:\n  dnstake -t (sub.)domain.tld\n  dnstake -t hosts.txt\n  dnstake -t hosts.txt -o ./dnstake.out\n  cat hosts.txt | dnstake\n  subfinder -silent -d domain.tld | dnstake\n```\n\n## Workflow\n\n**DNSTake** use [RetryableDNS client library](https://github.com/projectdiscovery/retryabledns) to send DNS queries. Initial engagement using Google \u0026 Cloudflare DNS as the resolver, then check \u0026 fingerprinting the nameservers of target host — if there is one, it will resolving the target host again with its nameserver IPs as resolver, if it gets weird DNS status response (other than `NOERROR`/`NXDOMAIN`), then it's vulnerable to be taken over. More or less [like this](https://0xpatrik.com/content/images/2018/08/ns_automation-2.png) in form of a diagram.\n\nCurrently supported DNS providers, see [here](https://github.com/indianajson/can-i-take-over-dns/blob/97104102c8ce911fd978521c703f26e1c547c613/README.md#dns-providers).\n\n## References\n\n- [1] https://github.com/indianajson/can-i-take-over-dns#what-is-a-dns-takeover\n- https://0xpatrik.com/subdomain-takeover-ns/\n\n## License\n\n**DNSTake** is distributed under MIT. See `LICENSE`.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpwnesia%2Fdnstake","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpwnesia%2Fdnstake","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpwnesia%2Fdnstake/lists"}