Syborg: Recursive DNS Subdomain Enumerator
Syborg
Syborg is a Recursive DNS Domain Enumerator which is neither active nor completely passive. This tool simply constructs a domain name and queries it with a specified DNS Server.
When you run subdomain enumeration with some of the tools, most of them passively query public records like virustotal, crtsh or censys. This enumeration technique is really fast and helps to find out a lot of domains in much less time.
However, there are some domains that may not be mentioned in these public records. In order to find those domains, it interacts with the nameservers and recursively brute-forces subdomain from the DNS until it’s queue is empty.
Image Credits: Carbon
How can it be a great tool, smart and fast, yet dumb?
The answer is really simple! It relies on brute-forcing DNS servers for proper response. It recursively searches for subdomains by brute-forcing. That’s it! Nothing more! However, the power of this tool depends on how one uses it!
The wordlist provided with Syborg has a very limited, general set of words that are normally available. This wordlist does with in most of the cases but can’t give you the results you are expecting. We have to be smart with how we query for subdomains using syborg.
Install
git clone https://github.com/MilindPurswani/Syborg.git
cd Syborg
pip3 install -r requirements.txt
Use
python3 syborg.py yahoo.com
At times, it is also possible that Syborg will hit High CPU Usage and that can cost you a lot if you are trying to use this tool on your VPS. Therefore to limit that use another utility called Cpulimit
cpulimit -l 50 -p $(pgrep python3)
This tool can be downloaded as follows:
sudo apt install cpulimit
