- Notifications
You must be signed in to change notification settings - Fork0
Sergios9494/dns-enum-tool
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
A comprehensive Python tool for DNS reconnaissance and enumeration, designed for cybersecurity professionals, penetration testers, and bug bounty hunters.
- A Records: IPv4 addresses
- AAAA Records: IPv6 addresses
- CNAME Records: Canonical name records
- MX Records: Mail exchange records
- NS Records: Name server records
- TXT Records: Text records (SPF, DKIM, etc.)
- SOA Records: Start of authority records
- PTR Records: Pointer records
- SRV Records: Service records
- CAA Records: Certificate authority authorization
- DNSKEY Records: DNS key records
- DS Records: Delegation signer records
- NSEC/NSEC3 Records: Next secure records
- Brute Force: Comprehensive wordlist with 500+ common subdomains
- Multi-threaded: Configurable thread count for faster enumeration
- Concurrent Processing: Efficient parallel subdomain checking
- Zone Transfer: Attempts DNS zone transfer from name servers
- Port Scanning: Checks common ports on discovered IPs
- Reverse DNS: Performs reverse DNS lookups
- Multiple Output Formats: JSON, CSV, and TXT reports
- JSON Output: Structured data for programmatic use
- CSV Output: Spreadsheet-compatible format
- TXT Output: Human-readable report
- Timestamped Reports: Automatic filename generation
- Python 3.7+
- Kali Linux (recommended) or any Linux distribution
# Install required packagessudo apt install python3-dnspython python3-requests# Or install via pip (in virtual environment)pip install dnspython requests
# Clone or download the toolgit clone<repository-url>cd dns-enum-tool# Make executablechmod +x dns_enum_tool.py
# Full enumerationpython3 dns_enum_tool.py example.com# Verbose outputpython3 dns_enum_tool.py example.com -v# Custom thread countpython3 dns_enum_tool.py example.com -t 20
# Only DNS records enumerationpython3 dns_enum_tool.py example.com --records-only# Only subdomain enumerationpython3 dns_enum_tool.py example.com --subdomains-only# Specific output formatpython3 dns_enum_tool.py example.com -o jsonpython3 dns_enum_tool.py example.com -o csvpython3 dns_enum_tool.py example.com -o txt
positional arguments: domain Target domain to enumerateoptions: -h, --help show this help message and exit -v, --verbose Verbose output -t, --threads THREADS Number of threads (default: 10) -o, --output {json,csv,txt,all} Output format (default: all) --subdomains-only Only enumerate subdomains --records-only Only enumerate DNS recordspython3 dns_enum_tool.py google.com -v
Output:
[11:36:58] [INFO] Starting DNS record enumeration for google.com[11:36:58] [INFO] Checking A records...[11:36:58] [INFO] Found 1 A record(s): 142.250.74.174[11:36:58] [INFO] Checking AAAA records...[11:36:58] [INFO] Found 1 AAAA record(s): 2a00:1450:400f:805::200e[11:36:58] [INFO] Checking MX records...[11:36:58] [INFO] Found 1 MX record(s): 10 smtp.google.com.[11:36:58] [INFO] Checking NS records...[11:36:58] [INFO] Found 4 NS record(s): ns1.google.com., ns2.google.com., ns3.google.com., ns4.google.com.python3 dns_enum_tool.py example.com --subdomains-only -t 15
python3 dns_enum_tool.py target.com -o json
The tool generates timestamped reports in the current directory:
dns_enum_report_[domain]_[timestamp].json- JSON formatdns_enum_report_[domain]_[timestamp].csv- CSV formatdns_enum_report_[domain]_[timestamp].txt- Text format
{"domain":"example.com","timestamp":"2025-01-24T11:36:58.123456","records": {"A": ["192.168.1.1"],"MX": ["10 mail.example.com."],"NS": ["ns1.example.com.","ns2.example.com."] },"subdomains": [ {"subdomain":"www.example.com","ip":"192.168.1.1","timestamp":"2025-01-24T11:36:58.123456","open_ports": [80,443] } ],"errors": []}- Authorized penetration testing
- Bug bounty hunting (with proper authorization)
- Security research on your own infrastructure
- Educational purposes
- Always obtain proper authorization before testing
- Respect robots.txt and rate limiting
- Use responsibly and ethically
- The author is not responsible for misuse
- Thread Count: Adjust
-tparameter based on your system and target - Network Speed: Faster connections allow higher thread counts
- Target Limits: Some DNS servers may rate limit requests
- Timeout Settings: Built-in timeouts prevent hanging
Permission Denied
chmod +x dns_enum_tool.py
Module Not Found
sudo apt install python3-dnspython python3-requests
Timeout Errors
- Reduce thread count with
-t 5 - Check network connectivity
- Verify target domain exists
No Results Found
- Check if domain exists
- Verify DNS resolution
- Try with
-vfor verbose output
Contributions are welcome! Please feel free to submit:
- Bug reports
- Feature requests
- Code improvements
- Documentation updates
This project is licensed under the MIT License - see the LICENSE file for details.
Sergios9494 - Cybersecurity Professional
- GitHub:@Sergios9494
- Inspired by various DNS enumeration techniques
- Built for the cybersecurity community
- Designed for educational and professional use
Happy Hunting! 🎯
About
Professional DNS Records Enumeration Tool for cybersecurity professionals, penetration testers, and bug bounty hunters
Topics
Resources
Uh oh!
There was an error while loading.Please reload this page.
Stars
Watchers
Forks
Releases
No releases published
Packages0
No packages published