{"id":13540001,"url":"https://github.com/rbsec/dnscan","last_synced_at":"2025-05-14T14:07:31.341Z","repository":{"id":7416748,"uuid":"8750069","full_name":"rbsec/dnscan","owner":"rbsec","description":null,"archived":false,"fork":false,"pushed_at":"2024-12-17T15:29:50.000Z","size":172,"stargazers_count":1185,"open_issues_count":6,"forks_count":410,"subscribers_count":35,"default_branch":"master","last_synced_at":"2025-04-13T19:23:15.238Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rbsec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2013-03-13T10:42:07.000Z","updated_at":"2025-04-09T23:25:08.000Z","dependencies_parsed_at":"2025-01-26T04:00:32.877Z","dependency_job_id":"1e693a0c-c13e-4697-8bd8-ad5df0ea779e","html_url":"https://github.com/rbsec/dnscan","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rbsec%2Fdnscan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rbsec%2Fdnscan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rbsec%2Fdnscan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rbsec%2Fdnscan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rbsec","download_url":"https://codeload.github.com/rbsec/dnscan/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254159194,"owners_count":22024558,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T09:01:37.055Z","updated_at":"2025-05-14T14:07:31.322Z","avatar_url":"https://github.com/rbsec.png","language":"Python","readme":"dnscan\n======\n\ndnscan is a python wordlist-based DNS subdomain scanner.\n\nThe script will first try to perform a zone transfer using each of the target domain's nameservers.\n\nIf this fails, it will lookup TXT and MX records for the domain, and then perform a recursive subdomain scan using the supplied wordlist.\n\nUsage\n-----\n\ndnscan.py (-d \\\u003cdomain\\\u003e | -l \\\u003clist\\\u003e) [OPTIONS]\n\n#### Mandatory Arguments\n    -d  --domain                              Target domain; OR\n    -l  --list                                Newline separated file of domains to scan\n    \n#### Optional Arguments\n    -w --wordlist \u003cwordlist\u003e                  Wordlist of subdomains to use\n    -t --threads \u003cthreadcount\u003e                Threads (1 - 32), default 8\n    -6 --ipv6                                 Scan for IPv6 records (AAAA)\n    -z --zonetransfer                         Perform zone transfer and exit\n    -r --recursive                            Recursively scan subdomains\n       --recurse-wildcards                    Recursively scan wildcards (slow)\n\n    -m --maxdepth                             Maximum levels to scan recursively\n    -a --alterations                          Scan for alterations of subdomains (slow)\n    -R --resolver \u003cresolver\u003e                  Use the specified resolver instead of the system default\n    -L --resolver-list \u003cfile\u003e                 Read list of resolvers from a file\n    -T --tld                                  Scan for the domain in all TLDs\n    -o --output \u003cfilename\u003e                    Output to a text file\n    -i --output-ips \u003cfilename\u003e                Output discovered IP addresses to a text file\n    -n --nocheck                              Don't check nameservers before scanning. Useful in airgapped networks\n    -q --quick                                Only perform the zone transfer and subdomain scans. Suppresses most file output with -o\n    -N --no-ip                                Don't print IP addresses in the output\n    -v --verbose                              Verbose output\n    -h --help                                 Display help text\n\nCustom insertion points can be specified by adding `%%` in the domain name, such as:\n\n```\n$ dnscan.py -d dev-%%.example.org\n```\n\nWordlists\n---------\n\nA number of wordlists are supplied with dnscan.\n\nThe first four (**subdomains-100.txt**, **subdomains-500.txt**, **subdomains-1000.txt** and **subdomains-10000.txt**) were created by analysing the most commonly occuring subomdains in approximately 86,000 zone files that were transferred as part of a separate research project. These wordlists are sorted by the popularity of the subdomains (more strictly by the percentage of zones that contained them in the dataset).\n\nThe **subdomain-uk-500.txt** and **subdomain-uk-1000.txt** lists are created using the same methodology, but from a set of approximately 180,000 zone transfers from \".uk\" domains.\n\nThe final (and default) wordlist (**subdomains.txt**) is based on the top 500 subdomains by popularity and the top 500 UK subdomains, but has had a number of manual additions made based on domains identified during testing.\n\nThis list is sorted alphabetically and currently contains approximately **770** entries.\n\n\nTLD Scanning\n------------\nThe -T (--tld) option can be used to scan for all of the TLDs a specific domain name exists in. By default it will use the **tlds.txt** list, which contains all of the TLDs listed by IANA (including new TLDs). You can also specify a custom wordlist with -w. The **suffixes.txt** file included is a cut-down version of the public suffix list, so will include most of the second level domains (such as co.uk).\n\nNote that when you use this option, you should only specify the base of the domain name (\"github\", not \"github.com\").\n\nAlterations\n-----------\nThe `-a`/`--alterations` switch adds various prefixes and suffixes (such as `dev`, `test`, `01`, etc) to the domains, with and without hyphens. This generates **a lot** of extra permutations (approximately 60 permutations per domain), so is much slower, especially with larger wordlists.\n\n\nSetup\n-----\n\ndnscan requires Python 3, and the netaddr (version 0.7.19 or greater) and dnspython (version 2.0.0 or greater) libraries.\n\nRun the following command to install dependencies:\n\n    $ pip install -r requirements.txt\n","funding_links":[],"categories":["Recon","Python","Python (1887)","\u003ca id=\"170048b7d8668c50681c0ab1e92c679a\"\u003e\u003c/a\u003e工具"],"sub_categories":["Subdomain Enumeration","\u003ca id=\"a695111d8e30d645354c414cb27b7843\"\u003e\u003c/a\u003eDNS"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frbsec%2Fdnscan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frbsec%2Fdnscan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frbsec%2Fdnscan/lists"}