Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/projectdiscovery/shuffledns
MassDNS wrapper written in go to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard filtering and easy input-output support.
https://github.com/projectdiscovery/shuffledns
dns dns-bruteforcer dns-resolution dns-resolver hacktoberfest massdns reconnaissance subdomain-bruteforcing
Last synced: about 10 hours ago
JSON representation
MassDNS wrapper written in go to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard filtering and easy input-output support.
- Host: GitHub
- URL: https://github.com/projectdiscovery/shuffledns
- Owner: projectdiscovery
- License: gpl-3.0
- Created: 2020-02-25T19:04:25.000Z (almost 5 years ago)
- Default Branch: main
- Last Pushed: 2024-11-25T19:08:40.000Z (16 days ago)
- Last Synced: 2024-11-27T18:07:42.098Z (14 days ago)
- Topics: dns, dns-bruteforcer, dns-resolution, dns-resolver, hacktoberfest, massdns, reconnaissance, subdomain-bruteforcing
- Language: Go
- Homepage: https://projectdiscovery.io
- Size: 1.62 MB
- Stars: 1,334
- Watchers: 37
- Forks: 192
- Open Issues: 5
-
Metadata Files:
- Readme: README.md
- License: LICENSE.md
Awesome Lists containing this project
- awesome-bugbounty-tools - shuffledns - shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output… (Recon / Subdomain Enumeration)
- WebHackersWeapons - shuffledns - output support. |![](https://img.shields.io/github/stars/projectdiscovery/shuffledns?label=%20)|[`dns`](/categorize/tags/dns.md)|![linux](/images/linux.png)![macos](/images/apple.png)![windows](/images/windows.png)[![Go](/images/go.png)](/categorize/langs/Go.md)| (Weapons / Tools)
- awesome-hacking-lists - projectdiscovery/shuffledns - MassDNS wrapper written in go to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard filtering and easy input-output support. (Go)
- StarryDivineSky - projectdiscovery/shuffledns
README
massDNS wrapper to bruteforce and resolve the subdomains with wildcard handling support
Feature •
Install •
Run •
Wildcard •
License •
Discord---
`shuffleDNS` is a wrapper around `massdns`, written in go, that allows you to enumerate valid subdomains using active bruteforce, as well as resolve subdomains with wildcard handling and easy input-output support.
Based on the work on `massdns` project by [@blechschmidt](https://github.com/blechschmidt).
# Features
- Simple and modular code base making it easy to contribute.
- Fast And Simple active subdomain scanning.
- Handles wildcard subdomains in a smart manner.
- Optimized for **ease of use**
- **Stdin** and **stdout** support for integrating in workflows# Usage
```bash
shuffledns -h
```
This will display help for the tool. Here are all the switches it supports.```yaml
shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support.Usage:
./shuffledns [flags]Flags:
Flags:
INPUT:
-d, -domain string[] Domain to find or resolve subdomains for
-l, -list string File containing list of subdomains to resolve
-w, -wordlist string File containing words to bruteforce for domain
-r, -resolver string File containing list of resolvers for enumeration
-tr, -trusted-resolver string File containing list of trusted resolvers
-ri, -raw-input string Validate raw full massdns output
-mode string Execution mode (bruteforce, resolve, filter)RATE-LIMIT:
-t int Number of concurrent massdns resolves (default 10000)UPDATE:
-up, -update update shuffledns to latest version
-duc, -disable-update-check disable automatic shuffledns update checkOUTPUT:
-o, -output string File to write output to (optional)
-j, -json Make output format as ndjson
-wo, -wildcard-output string Dump wildcard ips to output fileCONFIGURATIONS:
-m, -massdns string Path to the massdns binary
-mcmd, -massdns-cmd string Optional massdns commands to run (example '-i 10')
-directory string Temporary directory for enumerationOPTIMIZATIONS:
-retries int Number of retries for dns enumeration (default 5)
-sw, -strict-wildcard Perform wildcard check on all found subdomains
-wt int Number of concurrent wildcard checks (default 250)DEBUG:
-silent Show only subdomains in output
-version Show version of shuffledns
-v Show Verbose output
-nc, -no-color Don't Use colors in output
```
## Prerequisite
`shuffledns` requires `massdns` to be installed in order to perform its operations. You can see the installation instructions at [massdns project](https://github.com/blechschmidt/massdns#compilation). If you place the binary in `/usr/bin/massdns` or `/usr/local/bin/massdns`, the tool will auto-detect the presence of the binary and use it. On Windows, you need to supply the path to the binary for the tool to work.
The tool also needs a list of valid resolvers. The [dnsvalidator](https://github.com/vortexau/dnsvalidator) project can be used to generate these lists. You also need to provide wordlist, you can use a custom wordlist or use the [commonspeak2-wordlist](https://wordlists-cdn.assetnote.io/data/manual/best-dns-wordlist.txt).
## Installation Instructions
`shuffledns` requires `go1.21+` to install successfully. Run the following command to install the latest version:
```bash
go install -v github.com/projectdiscovery/shuffledns/cmd/shuffledns@latest
```## Running shuffledns
`shuffledns` supports two types of operations:
**Subdomain resolving**
To resolve a list of subdomains, you can pass the list of subdomains via the `-list` option.
```bash
shuffledns -d example.com -list example-subdomains.txt -r resolvers.txt -mode resolve
```This will run the tool against subdomains in `example-subdomains.txt` and returns the results. The tool uses the resolvers specified with `-r` flag to do the resolving.
You can also pass the list of subdomains at standard input (STDIN). This allows for easy integration in automation pipelines.
```bash
subfinder -d example.com | shuffledns -d example.com -r resolvers.txt -mode resolve
```This uses the subdomains found passively by `subfinder` and resolves them with `shuffledns` returning only the unique and valid subdomains.
**Subdomain Bruteforcing**
`shuffledns` also supports bruteforce of a target with a given wordlist. You can use the `w` flag to pass a wordlist which will be used to generate permutations that will be resolved using massdns.
```bash
shuffledns -d hackerone.com -w wordlist.txt -r resolvers.txt -mode bruteforce
```This will run the tool against `hackerone.com` with the wordlist `wordlist.txt`. The domain bruteforce can also be done with standard input as in previous example for resolving the subdomains.
```bash
echo hackerone.com | shuffledns -w wordlist.txt -r resolvers.txt -mode bruteforce
```---
## Handling Wildcards
A special feature of `shuffleDNS` is its ability to handle multi-level DNS based wildcards, and do it so with a very reduced number of DNS requests. Sometimes all the subdomains would resolve, leading to lots of garbage in the results. The way `shuffleDNS` handles this is by keeping track of how many subdomains point to an IP, and if the number of subdomains increase beyond a certain small threshold, it checks for wildcard on all the levels of the hosts for that IP iteratively.
### Notes
- Wildcard filter feature works with domain (`-d`) input only.
- Resolving or Brute-forcing only one operation can be done at a time.### License
`shuffledns` is distributed under [GPL v3 License](https://github.com/projectdiscovery/shuffledns/blob/main/LICENSE.md)