Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/0x4f53/dnscovery
Discover services embedded in a site's DNS records
https://github.com/0x4f53/dnscovery
blackhat cloud cloudflare dig dns golang golang-application google osint-tool osint-tools penetration-testing penetration-testing-tools pentesting pentesting-tools security security-tools service-discovery txt txt-record txt-records
Last synced: about 1 month ago
JSON representation
Discover services embedded in a site's DNS records
- Host: GitHub
- URL: https://github.com/0x4f53/dnscovery
- Owner: 0x4f53
- License: mit
- Created: 2024-08-11T16:37:02.000Z (4 months ago)
- Default Branch: master
- Last Pushed: 2024-09-09T00:07:27.000Z (3 months ago)
- Last Synced: 2024-10-25T03:44:18.470Z (about 2 months ago)
- Topics: blackhat, cloud, cloudflare, dig, dns, golang, golang-application, google, osint-tool, osint-tools, penetration-testing, penetration-testing-tools, pentesting, pentesting-tools, security, security-tools, service-discovery, txt, txt-record, txt-records
- Language: Go
- Homepage:
- Size: 114 MB
- Stars: 19
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: readme.md
- Funding: .github/FUNDING.yml
- License: LICENSE
Awesome Lists containing this project
- trackawesomelist - DNSservices (⭐17) - Discover embedded services in a domain's DNS records within seconds (Recently Updated / [Aug 31, 2024](/content/2024/08/31/README.md))
README
[![Golang](https://img.shields.io/badge/Golang-fff.svg?style=flat-square&logo=go)](https://go.dev)
[![License](https://img.shields.io/badge/License-MIT-purple?style=flat-square&logo=libreoffice)](LICENSE)
[![Latest Version](https://img.shields.io/github/v/tag/0x4f53/dnscovery?label=Version&style=flat-square&logo=semver)](https://github.com/0x4f53/dnscovery/releases)
[![Binaries](https://img.shields.io/badge/Binaries-Click%20Here-blue?style=flat-square&logo=dropbox)](.build/binaries/)# 🌐 Dnscovery
A lightning-fast Golang tool to discover services embedded into DNS records
## 🚀 Features
- Takes just 1 second to resolve multiple domains**
- Queries multiple DNS servers concurrently
- More than 100 service signatures supported
- Easy to customize regexes and resolvers lists in YAML format
- Verbose JSON output for in-depth debugging_** - depending on factors like internet speed, DNS server availability etc._
## 🖊️ Usage
```bash
Usage:
dnscovery ... [flags]Flags:
-o, --output string Save output to file (in JSON format)
-v, --verbose Give extremely detailed information in output
```
### Examples
- Trying one domain
```bash
❯ ./dnscovery 0x4f.inReading resolvers... [ 7 found! ]
Checking if online... [ ✓ ONLINE ]0x4f.in: OpenAI Domain, Cloudflare Mail, Google Workspace, Ethereum Name Service
```- JSON output
```bash
❯ ./dnscovery 0x4f.in -o=output.jsonChecking if online... [ ✓ ONLINE ]
Looking up '0x4f.in'... [ 7 resolvers found! ]Output saved to 'output.json'
❯ cat output.json
{
"Host": "0x4f.in",
"Answers": [
{
"Resolver": {
"Name": "Google",
"IP": "8.8.4.4"
},
"Records": [
{
"Services": [
"Ethereum Name Service"
],
"Type": "TXT",
"Hostname": "0x4f.in.",
"Value": "ENS1 dnsname.ens.eth 0x6189345d91a667c4822A0afD7587a4994965a57C",
...
```- Trying multiple domains
```bash
❯ dnscovery nintendo.co.jp phase.dev huffpost.com redgear.com 0x4f.in lenovo.com apple.com microsoft.com netflix.com hackertyper.com tcl.comReading resolvers... [ 7 found! ]
Checking if online... [ ✓ ONLINE ]apple.com: Apple, Facebook, Google Cloud Platform, Atlassian
0x4f.in: Ethereum Name Service, Google Workspace, Cloudflare Mail, OpenAI Domain
tcl.com: Google Cloud Platform
lenovo.com: Microsoft Office 365
microsoft.com: Microsoft Office 365, Microsoft Dynamics 365, Docusign
netflix.com: Dropbox, Apple, Docusign
nintendo.co.jp: Microsoft Office 365, Docusign, Adobe Creative Cloud, Google Cloud Platform, Apple
huffpost.com: Microsoft Office 365, Dropbox, Docusign, KnowBe4, Facebook, Google Cloud Platform
phase.dev: Google Cloud Platform, Gandi.net, Google Workspace
redgear.com: Google Workspace, Microsoft Office 365, Barracuda.com, Google Cloud Platform, Dropbox
hackertyper.com: Google Cloud Platform, Google Workspace
```- Verbose mode
```bash
❯ ./dnscovery 0x4f.in -vReading resolvers... [ 7 found! ]
Checking if online... [ ✓ ONLINE ]0x4f.in
Resolved by: Control D (76.76.2.0) Cloudflare (1.1.1.1) Quad9 (9.9.9.9) OpenDNS (208.67.222.222) Google (8.8.4.4) Verisign (64.6.64.6)
Services:
OpenAI Domain
openai-domain-verification=dv-ThXpvQCK0VDGRfFHh6hCP7cy
Google Workspace
v=spf1 include:_spf.mx.cloudflare.net include:_spf.google.com ~all
Cloudflare Mail
v=spf1 include:_spf.mx.cloudflare.net include:_spf.google.com ~all
Ethereum Name Service
ENS1 dnsname.ens.eth 0x6189345d91a667c4822A0afD7587a4994965a57C
```## ⚙️ Building
To build this on your machine, you need to have Golang installed.
If you do, simply make build.sh executable and run it like so```bash
chmod +x build.sh
./build.sh
```## ⚙️ Installation
### Linux and macOSSimply run the `./install.sh` script (don't
have the time to put this on package managers)```bash
chmod +x install.sh
sudo ./install.sh
```And to uninstall
```bash
chmod +x uninstall.sh
sudo ./uninstall.sh
```You can also find the binaries in [`.build/binaries`](.build/binaries/) if you want to directly run them
without installation### Windows
You can find the exe files in [`.build/binaries`](.build/binaries/)## ❓ Why I made this
I made this tool to check common services that multiple hosts use, by running it on a list of top 10,000 sites,
for statistical purposes. This tool can also speed up a blue-teamer's inspection tasks or
provide instant attack vectors for red-teamers to experiment with.## 👍 Credits
- [NetSPI's Powershell scripts](https://github.com/NetSPI/PowerShell/blob/master/Resolve-DnsDomainValidationToken.ps1)
- [Google Dorks](https://www.freecodecamp.org/news/google-dorking-for-pentesters-a-practical-tutorial/) - good life skill to have
---
Copyright (c) 2024 Owais Shaikh
Licensed under the [MIT License](LICENSE)