Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/codingo/DNSCewl
A DNS Bruteforcing Wordlist Generator
https://github.com/codingo/DNSCewl
Last synced: 6 days ago
JSON representation
A DNS Bruteforcing Wordlist Generator
- Host: GitHub
- URL: https://github.com/codingo/DNSCewl
- Owner: codingo
- License: gpl-3.0
- Created: 2019-08-19T04:06:10.000Z (about 5 years ago)
- Default Branch: master
- Last Pushed: 2023-02-22T01:12:19.000Z (over 1 year ago)
- Last Synced: 2024-10-09T13:03:08.588Z (25 days ago)
- Language: C++
- Size: 3.34 MB
- Stars: 347
- Watchers: 10
- Forks: 53
- Open Issues: 7
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome - codingo/DNSCewl - A DNS Bruteforcing Wordlist Generator (C++)
README
# DNSCewl
[](https://www.gnu.org/licenses/gpl-3.0.en.html) [](https://twitter.com/codingo_)
A DNS Bruteforcing Wordlist Generator.
| Argument | Description |
|------------|-----------------------------------------------------------------------|
| (stdin) | Specify a list of targets |
| -t | Specify a single target. |
| -tL | Specify a list of targets. |
| -sL | Specify a list of sets to substitue with |
| -eL | Specify a list of targets to exclude |
| -eX | Specify a list of domain extensions to substitute with |
| -a | Specify a file of words to append to a host |
| -p | Specify a file of words to prepend to a host |
| -v | If set then verbose output will be displayed in the terminal |
| -i | If set, original domains (from source files) are included in the output. |
| --range | Set a higher range for integer permutations. |
| --subs | If set then only subdomains will be generated. |
| --no-color | If set then any foreground or background colours will be stripped out |
| --limit | Specify a fixed word limit to output. |
| --level | Specify the level of results to output. |
| --no-repeats | Prevent repeated structures such as one.one.com |
# Level
There are multiple levels of changes that can be performed, specified by "-level". A level of "1" or above modifies the results to use a `-` as well as everything else. A level of 0 wouldn't use `-`. Level defaults to level 1.
At level 2 integer substituions start to take place, using a set range.
# Append
Append works by adding a new subdomain, as well as the word with a `-` and without (unless level is 0). So, for example:
A target list of:
```
example.com
help.example.com
```
With an append list of:
```
dev
test
```
With command line as:
```
DNSCewl -tL targets.txt -a append.txt
```
Would provide the output:
```
example-dev.com
example-test.com
help-dev.example.com
help-test.example.com
example.dev.com
example.test.com
help.dev.example.com
help.test.example.com
```
If the flag `--subs` was passed then this would limit results to new subdomains only, and output the following:
```
dev.example.com
devhelp.example.com
dev-help.example.com
dev.help.example.com
test.example.com
testhelp.example.com
test-help.example.com
test.help.example.com
```
# Prepend
Prepend is the same as append, but at the beginning of a domain (or subdomain).
Using as:
```
DNSCewl -tL targets.txt -p append.txt
```
Would result in:
```
devexample.com
dev-example.com
dev.example.com
devhelp.example.com
dev-help.example.com
dev.help.example.com
testexample.com
test-example.com
test.example.com
testhelp.example.com
test-help.example.com
test.help.example.com
```
# Level Usage Example
If level 1 was spefied, results with `-` wouldn't be used. For example:
```
DNSCewl -tL targets.txt -p append.txt --level=0
```
Would result in:
```
devexample.com
dev.example.com
devhelp.example.com
dev.help.example.com
testexample.com
test.example.com
testhelp.example.com
test-help.example.com
test.help.example.com
```
# Subs Usage Example
Subs limits results to subdomains only. For example:
```
DNSCewl -tL targets.txt -p append.txt --level=0 --subs
```
Would result in:
```
dev.example.com
dev.help.example.com
test.example.com
test-help.example.com
test.help.example.com
```
# No repeats example
No repeats prevents the same term being used twice in a domain.
For example, using `test.example.com` with an prepended list of:
```
test
```
With the following:
```
DNSCewl -tL targets.txt -p append.txt --no-repeats
```
Would result in:
```
test.example.com
test.testexample.com
```
Note that test.test.example.com isn't included, as it's a repeated subdomain. It's important to note that test.testexample.com is still possible here, as --no-repeats shouldn't prevent a subdomain and a top level domain from repeating.
# Set List (-sL) Example
A set list is a series of words to perform a replacement on when one word in a set is discovered.
For example, an input of:
```
one.example.com
b.example.com
```
When provided a set list of:
```
one
two
three
```
Would output:
```
two.example.com
three.example.com
```
# Include originals (-i)
If set than the original domains, from source lists are included in outputted results. If not then they will be excluded.
# Range Example
By default if level=2 is set then any integers in a domain would be incremented and decremented by 100. For example,
```
101.example.com
```
Would generate domains from 1.example.com to 200.example.com as output.
Range allows you to override this setting. By default range will adjust to be both negative and positive. For example:
```
--range=10
```
Would generate domians from 91.example.com to 111.example.com. You can however specify + or - on range. So for example,
```
--range=+10
```
Would only generate domains from 101.example.com to 111.example.com as our output.
# Domain Extensions (-eX)
Takes a list of domain extensions and replaces extensions on final results with them.
For example,
```
example.com
sub.example.com
```
When combined with a list of extentions that includes:
```
.com.au
.co.uk
```
Would result in a list of domains:
```
example.com.au
example.co.uk
sub.example.com.au
sub.example.co.uk
```