dnsresolver

A Lightning-Fast DNS Resolver

Table of Contents

• Installation
• Usage
  • Basic Usage
  • Resolving Hosts with Ports
  • Virtual Host Enumeration
    • Using Unresolved Domains
    • Using Localhost
• Demonstrations
• Feedback
• License

Installation

Make sure you have rust installed, then run the following command to install dnsresolver.

git clone https://github.com/ethicalhackingplayground/dnsresolver ; cd dnsresolver ; cargo install --path .

Usage

cat subs.txt | dnsresolver

If you need to resolve hosts with any ports, you can use the --ports flag.

cat subs.txt | dnsresolver -p 443,80,8080,8081

Virtual Host Enumeration

Using Unresolved Domains

First step would be to get all the unresolved hosts from a given domain list using:

cat subs.txt | dnsresolver --show-unresolved | anew unresolved.txt

Then, to discover all the virtual hosts from a given domain list,

you can use the --vhost flag followed by the --vhost-file flag.

dnsresolver aims to bypass access restrictions on certain pages. It does so by substituting the host header with unresolved domains and using the sift algorithm. This ensures that the virtual host's response differs from the actual response. Remember to raise the soft limit using the command ulimit -n 10000 to handle more files simultaneously.

cat subs.txt | dnsresolver --vhost --vhost-file unresolved.txt

To validate a finding run this curl command:

curl -v -k thehost.com -H "Host: unresolved-domain.com"

Using Localhost

You can also use the --vhost flag with the --check-localhost flag to replace the host header with localhost, often times this allows you to access restricted pages and can lead to some information disclosures and juicy admin panels.

cat subs.txt | dnsresolver --vhost --check-localhost

To validate a finding run this curl command:

curl -v -k thehost.com -H "Host: localhost"

Demonstrations

Feedback

If you have any feedback, please reach out to us at [email protected] or via twitter https://twitter.com/z0idsec

License

MIT