DNS takeover vulnerabilities occur when a subdomain (subdomain.example.com) or the page itself has designated a provider as a valid nameserver (eg AWS Route 53, Akamai, Microsoft Azure, etc.). ) but the hosted zone has been removed or deleted completely.
Therefore, when requesting DNS records, the server responds with a SERVFAIL error. This allows a hacker to create a missing zone in the service used and thus check all DNS records for this (sub) domain.
Installation
1) The simplest method is to unzip the file to download from here and then run it.
2) There is also the manual method that we install from the source:
▶ go install github.com/pwnesia/dnstake/cmd/dnstake@latest
ή
▶ git clone https://github.com/pwnesia/dnstake ▶ cd dnstake / cmd / dnstake ▶ go build. ▶ (sudo) mv dnstake / usr / local / bin
Use
$ dnstake -h · ▐ ▐ ▄ .▄▄ · ▄▄▄▄▄ ▄▄▄ · ▄ • ▄ ▄▄▄. ██ ██ • █▌▐█▐█ ▀. • ██ ▐█ ▀█ ▀.▀ · ▐█ · ▐█▌▐█▐▐▌▄▀▀▀█▄▐█ .▪▄█▀▀█ ▐▀▀▄ · ▐▀▀▪▄ ██. ██ ██▐█▌▐█▄▪▐█▐█▌ · ▪▐▌▐█ ▪▐▌▐█.█▌▐█▄▄▌ ▀▀▀▀▀ • ▀▀ █▪ ▀▀▀ ▀ ▀ ▀ · ▀ ▀▀▀ ▀▀▀ (c) pwnesia.org - v0.0.1 Usage: [stdin] | dnstake [options] dnstake -t HOSTNAME [options] Options: -t, --target Define single target host / list to check -c, --concurrent Set the concurrency level (default: 25) -s, --silent Suppress errors and / or clean output -h, --help Display its help Examples: dnstake -t (sub.) Domain.tld dnstake -t hosts.txt cat hosts.txt | dnstake subfinder -silent -d domain.tld | dnstake
You can download the program from here.