https://github.com/AlephNullSK/dnsgen
DNSGen is a powerful and flexible DNS name permutation tool designed for security researchers and penetration testers. It generates intelligent domain name variations to assist in subdomain discovery and security assessments.
https://github.com/AlephNullSK/dnsgen
domains osint recon subdomains
Last synced: about 1 month ago
JSON representation
DNSGen is a powerful and flexible DNS name permutation tool designed for security researchers and penetration testers. It generates intelligent domain name variations to assist in subdomain discovery and security assessments.
- Host: GitHub
- URL: https://github.com/AlephNullSK/dnsgen
- Owner: AlephNullSK
- License: mit
- Created: 2019-09-24T18:27:27.000Z (about 6 years ago)
- Default Branch: master
- Last Pushed: 2025-01-03T20:34:39.000Z (10 months ago)
- Last Synced: 2025-08-19T13:16:47.018Z (about 2 months ago)
- Topics: domains, osint, recon, subdomains
- Language: Python
- Homepage:
- Size: 133 KB
- Stars: 1,011
- Watchers: 23
- Forks: 124
- Open Issues: 16
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - AlephNullSK/dnsgen - DNSGen is a powerful and flexible DNS name permutation tool designed for security researchers and penetration testers. It generates intelligent domain name variations to assist in subdomain discovery (Python)
README
# DNSGen 2.0 - Advanced DNS Name Permutation Engine ๐
[](https://opensource.org/licenses/MIT)
[](https://www.python.org/downloads/)
[](https://github.com/psf/black)
DNSGen is a powerful and flexible DNS name permutation tool designed for security researchers and penetration testers. It generates intelligent domain name variations to assist in subdomain discovery and security assessments.
## โจ Features
- ๐ Smart domain name permutation engine
- ๐ Fast generation mode for quick assessments
- ๐ Support for custom wordlists with comments
- ๐ฏ Intelligent word extraction from existing domains
- ๐ง Multiple permutation techniques
- ๐ Cloud-aware patterns and modern naming conventions
## ๐ Quick Start
### Installation
```bash
# Using pip
python -m pip install dnsgen
# Using uv (recommended for development)
git clone https://github.com/AlephNullSK/dnsgen
cd dnsgen/
python -m pip install uv
uv sync
```
### Basic Usage
```bash
# Basic domain permutation
dnsgen domains.txt
# With custom wordlist and output file
dnsgen -w custom_wordlist.txt -o results.txt domains.txt
# Using fast mode for quick assessment
dnsgen -f domains.txt
# Pipe with massdns for resolution
cat domains.txt | dnsgen - | massdns -r resolvers.txt -t A -o J --flush 2>/dev/null
```
## ๐ ๏ธ Permutation Techniques
DNSGen 2.0 implements multiple sophisticated permutation techniques:
### Core Permutators
1. **Word Insertion**
- Inserts words between domain levels
- Example: `api.example.com` โ `staging.api.example.com`
2. **Number Manipulation**
- Intelligently modifies existing numbers
- Example: `api2.example.com` โ `api1.example.com`, `api3.example.com`
3. **Word Affixing**
- Prepends/appends words to levels
- Example: `api.example.com` โ `devapi.example.com`, `api-dev.example.com`
### Cloud & Modern Infrastructure Permutators
4. **Cloud Provider Patterns**
- Adds cloud-specific naming patterns
- Example: `example.com` โ `api-aws.example.com`, `storage-azure.example.com`
5. **Region Prefixes**
- Adds geographical region patterns
- Example: `api.example.com` โ `us-east.api.example.com`
6. **Microservice Patterns**
- Generates microservice-style names
- Example: `example.com` โ `auth-service.example.com`, `user-api.example.com`
### DevOps & Tooling Permutators
7. **Internal Tooling**
- Adds common internal tool subdomains
- Example: `example.com` โ `jenkins.internal.example.com`
8. **Port Prefixing**
- Adds common port numbers
- Example: `api.example.com` โ `8080.api.example.com`
## ๐ Command Line Options
```bash
dnsgen [OPTIONS] FILENAME
Options:
-l, --wordlen INTEGER Min length of custom words (default: 6)
-w, --wordlist PATH Path to custom wordlist
-f, --fast Fast generation mode
-o, --output PATH Output file path
-v, --verbose Enable verbose logging
--help Show this message and exit
```
## ๐ง Advanced Usage
### Custom Wordlists
DNSGen 2.0 supports commented wordlists for better organization:
```text
# Environment Names
dev
staging
prod
# Cloud Providers
aws
azure
gcp
# Tools and Services
jenkins
gitlab
grafana
```
### Integration with MassDNS
Get clean resolved domains:
```bash
# Generate and resolve
dnsgen hosts.txt > wordlist.txt
massdns -r resolvers.txt -o S wordlist.txt | grep -e ' A ' | \
cut -d 'A' -f 1 | rev | cut -d "." -f1 --complement | \
rev | sort | uniq > resolved_domains.txt
```
## ๐ค Contributing
Contributions are welcome! Here's how you can help:
1. Fork the repository
2. Create a feature branch: `git checkout -b feature/amazing-feature`
3. Commit your changes: `git commit -m 'Add amazing feature'`
4. Push to the branch: `git push origin feature/amazing-feature`
5. Open a Pull Request
See [CONTRIBUTING.md](CONTRIBUTING.md) for more details.
## ๐ Resources
- [Subdomain Enumeration: 2019 Workflow](https://0xpatrik.com/subdomain-enumeration-2019/)
- [Subdomain Enumeration: Doing it a Bit Smarter](https://0xpatrik.com/subdomain-enumeration-smarter/)
- [Project Documentation](docs/README.md)
## ๐ License
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
## ๐ Acknowledgments
- Original concept by [Aleph Null s.r.o.](https://alephnull.sk)
- Inspired by [altdns](https://github.com/infosec-au/altdns)
- [massdns](https://github.com/blechschmidt/massdns) for DNS resolution
## ๐ Project Status
- โ
Core functionality complete
- ๐๏ธ Adding more permutation techniques
- ๐ Improving documentation
- ๐งช Adding tests
---
Made with โค๏ธ by the security community