dnsReaper v1.8 releases: subdomain takeover tool for attackers, bug bounty hunters and the blue team
DNS Reaper is yet another subdomain takeover tool, but with an emphasis on accuracy, speed, and the number of signatures in our arsenal!
We can scan around 50 subdomains per second, testing each one with over 50 takeover signatures. This means most organisations can scan their entire DNS estate in less than 10 seconds.
You can use DNS Reaper as an attacker or bug hunter!
You can run it by providing a list of domains in a file, or a single domain on the command line. DNS Reaper will then scan the domains with all of its signatures, producing a CSV file.
You can use DNS Reaper as a defender!
You can run it by letting it fetch your DNS records for you! Yes, that’s right, you can run it with credentials and test all your domain configs quickly and easily. DNS Reaper will connect to the DNS provider and fetch all your records, and then test them.
We currently support AWS Route53, Cloudflare, and Azure. Documentation on adding your own provider can be found here
You can use DNS Reaper as a DevSecOps Pro!
Punk Security is a DevSecOps company, and DNS Reaper has its roots in modern security best practices.
You can run DNS Reaper in a pipeline, feeding it a list of domains that you intend to provision, and it will exit Non-Zero if it detects a takeover is possible. You can prevent takeovers before they are even possible!
- Add templated check for cname or ip by @SimonGurney in #144
- Update Docker Examples in README by @sbani in #147
- Dec fixes by @SimonGurney in #145
git clone https://github.com/punk-security/dnsReaper.git
pip install -r requirements.txt
Run it with docker
docker run punksecurity/dnsreaper –help
Run it with python