dnsgen v1.0.4 releases: Generates combination of domain names

by do son · Published October 13, 2019 · Updated March 4, 2020

dnsgen (DNS generator)

This tool generates a combination of domain names from the provided input. Combinations are created based on a wordlist. Custom words are extracted per execution. Refer to the Techniques section to learn more.

dnsgen is very similar to altdns. It does not contain a DNS resolver. You should use massdns for DNS resolution.

Techniques

(For demo purposes, let’s say that wordlist contains just one word: stage)

Insert word on every index — Creates new subdomain levels by inserting the words between existing levels. foo.example.com -> stage.foo.example.com, foo.stage.example.com
Insert num on every index — Creates new subdomain levels by inserting the numbers between existing levels. foo.bar.example.com -> 1.foo.bar.example.com, foo.1.bar.example.com, 01.foo.bar.example.com, …
Increase/Decrease num found — (In development) If the number is found in an existing subdomain, increase/decrease this number without any other alteration. foo01.example.com -> foo02.example.com, foo03.example.com, …
Prepend word on every index — On every subdomain level, prepend existing content with WORD and WORD-. foo.example.com -> stagefoo.example.com, stage-foo.example.com
Append word on every index — On every subdomain level, append existing content with WORD and WORD-. foo.example.com -> foostage.example.com, foo-stage.example.com
Replace the word with word — If word longer than 3 is found in an existing subdomain, replace it with other words from the wordlist. (If we have more words than one in our wordlist). stage.foo.example.com -> otherword.foo.example.com, anotherword.foo.example.com, …
Extract custom words — Extend the wordlist based on target’s domain naming conventions. Such words are either whole subdomain levels or – is used for a split on some subdomain level. For instance, mapp1-current.datastream.example.com has mapp1, current, datastream words. To prevent the overflow, the user-defined word length is used for word extraction. The default value is set to 6. This means that only words strictly longer than 5 characters are included (from the previous example, mapp1 does not satisfy this condition).