Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/makuga01/dnsFookup

DNS rebinding toolkit
https://github.com/makuga01/dnsFookup

cyber-security dns-fookup dns-rebinding dns-rebindinging hacking

Last synced: about 1 month ago
JSON representation

DNS rebinding toolkit

Host: GitHub
URL: https://github.com/makuga01/dnsFookup
Owner: makuga01
Created: 2019-09-16T20:21:50.000Z (about 5 years ago)
Default Branch: master
Last Pushed: 2023-05-22T06:46:03.000Z (over 1 year ago)
Last Synced: 2024-08-01T10:17:03.714Z (4 months ago)
Topics: cyber-security, dns-fookup, dns-rebinding, dns-rebindinging, hacking
Language: JavaScript
Size: 26.2 MB
Stars: 249
Watchers: 4
Forks: 41
Open Issues: 18
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md

Awesome Lists containing this project

awesome-bugbounty-tools - dnsFookup - DNS rebinding toolkit (Exploitation / Server Side Request Forgery)
awesome-hacking-lists - makuga01/dnsFookup - DNS rebinding toolkit (JavaScript)

README

# DnsFookup v 2.0.1
[DNS Rebinding](https://en.wikipedia.org/wiki/DNS_rebinding) freamwork containing:
- a dns server obviously
- python web api to create new subdomains and control the dns server, view logs, stuff like that
- shitty react app to make it more comfy

[Changelog](./CHANGELOG.md)

[API documentation](./API.md)

## What does it do?
It lets you create dns bins like a burp collaborator
but it adds a bit more features...
![create new dnsbin](.images/create.png)

You can specify what ips/domains should the created subdomain resolve to and how many times, for now it *A,CNAME and AAAA record are supported*

Then you can see where it was requested from, what did it resolve to,... in logs
![create new dnsbin](.images/logs.png)

### Video of tool in action

[![Watch the video](https://img.youtube.com/vi/jP_bFUdDVRQ/maxresdefault.jpg)](https://youtu.be/jP_bFUdDVRQ)

Source of the vulnerable application is from https://github.com/makuga01/dnsFookup/tree/master/vulnerableApp

## How to run it

First of all, check the configuration in config.yaml

You also should not forget to change all passwords and keys inside the config

```
# First edit config.yaml as you please
# Don't forget to change the JWT secret!
vim config.yaml

# Install python & docker-compose
apt install docker-compose python3-pip
sudo apt-get install libpq-dev python-dev

#Set up postgres and redis
sudo docker-compose up

#in ./BE
pip3 install -r requirements.txt

python3 dns.py # to start the dns server

# for testing purposes development server is enough I think
FLASK_APP=app.py
FLASK_ENV=development
flask run

# Install npm
curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash -
apt -y install nodejs make gcc g++

# then in ./FE
npm install
npm start
```

*If you have a bit of free time, please contribute, it means a lot to me :D*

#### Want to see some feature in next update?

Let me know [on keybase](https://keybase.io/gel0)