dnstake v0.1.1 releases: check missing hosted DNS zones

DNSTake:

A fast tool to check missing hosted DNS zones that can lead to subdomain takeover.

What is a DNS takeover?

DNS takeover vulnerabilities occur when a subdomain (subdomain.example.com) or domain has its authoritative nameserver set to a provider (e.g. AWS Route 53, Akamai, Microsoft Azure, etc.) but the hosted zone has been removed or deleted. Consequently, when making a request for DNS records the server responds with a SERVFAIL error. This allows an attacker to create the missing hosted zone on the service that was being used and thus controls all DNS records for that (sub)domain.

Workflow

DNSTake uses the RetryableDNS client library to send DNS queries. An initial engagement using Google & Cloudflare DNS as the resolver, then check & fingerprinting the nameservers of target host — if there is one, it will resolve the target host again with its nameserver IPs as a resolver, if it gets weird DNS status response (other than NOERROR/NXDOMAIN), then it’s vulnerable to be taken over. More or less like this in form of a diagram.

Currently supported DNS providers, see here.

Use

Changelog v0.1.1

• 7801278 Updated version (#25)
• cee5684 Fix -s flag (#24)

Download

Copyright (c) 2021 dwisiswant0