_____ ____ ____ _ / ___// __ ____ ____ ___ / __ (_)_____________ _ _____ _____ __ / / / / __ / __ `__ / / / / / ___/ ___/ __ | / / _ / ___/ ___/ / /_/ / /_/ / / / / / / /_/ / (__ ) /__/Read More
Passive-Recursive DNS daemon. Quickstart nameserver 127.0.0.1 | sudo tee /etc/resolv.conf dig google.com dig -x $(dig +short google.com)”> go get github.com/korc/PR-DNSdsudo setcap cap_net_bind_service,cap_sys_chroot=ep go/bin/PR-DNSdgo/bin/PR-DNSd -upstream 9.9.9.9:53 -listen 127.0.0.1:53echo nameserver 127.0.0.1 | sudo tee /etc/resolv.confdig google.comdig -x $(dig +short google.com) If you can’t use setcap, you have to use -chroot “” and -listen :<high_port> options, or runRead More
Your MitM sidekick for relaying attacks featuring DHCPv6 DNS takeoveras well as mDNS, LLMNR and NetBIOS-NS spoofing pretender is a tool developed by RedTeam Pentesting to obtain machine-in-the-middle positions via spoofed local name resolution and DHCPv6 DNS takeover attacks. pretender primarily targets Windows hosts, as it is intended to be used for relaying attacks butRead More
[*] A Python 3.5+ tool that uses asyncio to brute force domain names asynchronously. Speed It’s fast. Benchmarks on small VPS hosts put around 100k DNS resoultions at 1.5-2mins. An amazon M3 box was used to make 1 mil requests in just over 3 minutes. Your mileage may vary. It’s probably best to avoid usingRead More
A fast tool to check missing hosted DNS zones that can lead to subdomain takeover. What is a DNS takeover? DNS takeover vulnerabilities occur when a subdomain (subdomain.example.com) or domain has its authoritative nameserver set to a provider (e.g. AWS Route 53, Akamai, Microsoft Azure, etc.) but the hosted zone has been removed or deleted.Read More
Passive DNS collection and monitoring built with Golang, Clickhouse and Grafana: dnsmonster implements a packet sniffer for DNS traffic. It can accept traffic from a pcap file, a live interface or a dnstap socket, and can be used to index and store thousands of DNS queries per second (it has shown to be capable ofRead More
This tool allows: To check whether a subdomain can be taken over because it has: a dangling CNAME pointing to a CMS provider (Heroku, Github, Shopify, Amazon S3, Amazon CloudFront, etc.) that can be taken over. a dangling CNAME pointing to a non-existent domain name one or more wrong/typoed NS records pointing to a nameserverRead More
CredPhish is a PowerShell script designed to invoke credential prompts and exfiltrate passwords. It relies on CredentialPicker to collect user passwords, Resolve-DnsName for DNS exfiltration, and Windows Defender’s ConfigSecurityPolicy.exe to perform arbitrary GET requests. For a walkthrough, see the Black Hills Infosec publication. Download CredPhish
DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS. DNSStager will create a malicious DNS server that handles DNS requests to your domain and return your payload as a response to specific record requests such as AAAA or TXT records after splitting it into chunks and encodingRead More
Multi-platform toolkit for an interactive C2C DNS shell, by using DNS-Black-Cat, you will be able to execute system commands in shell mode over a fully encrypted covert channel. Server ported as a python script, which acts as DNS server with required functionalities to provide interactive shell command interface. Client ported as the following file formatsRead More
