DNSTake: DNS deficit check tool that leads to subdomain retrieval

DNS takeover vulnerabilities occur when a subdomain (subdomain.example.com) or the page itself has designated a provider as a valid nameserver (eg AWS Route 53, Akamai, Microsoft Azure, etc.). ) but the hosted zone has been removed or deleted completely.

Therefore, when requesting DNS records, the server responds with a SERVFAIL error. This allows a hacker to create a missing zone in the service used and thus check all DNS records for this (sub) domain.

131214165 06cb74c3 2754 48a6 a13d bfcf592e646a

 

Installation

1) The simplest method is to unzip the file to download from here and then run it.

2) There is also the manual method that we install from the source:

▶ go install github.com/pwnesia/dnstake/cmd/dnstake@latest

ή

▶ git clone https://github.com/pwnesia/dnstake ▶ cd dnstake / cmd / dnstake ▶ go build. ▶ (sudo) mv dnstake / usr / local / bin

Use

$ dnstake -h · ▐ ▐ ▄ .▄▄ · ▄▄▄▄▄ ▄▄▄ · ▄ • ▄ ▄▄▄. ██ ██ • █▌▐█▐█ ▀. • ██ ▐█ ▀█ ▀.▀ · ▐█ · ▐█▌▐█▐▐▌▄▀▀▀█▄▐█ .▪▄█▀▀█ ▐▀▀▄ · ▐▀▀▪▄ ██. ██ ██▐█▌▐█▄▪▐█▐█▌ · ▪▐▌▐█ ▪▐▌▐█.█▌▐█▄▄▌ ▀▀▀▀▀ • ▀▀ █▪ ▀▀▀ ▀ ▀ ▀ · ▀ ▀▀▀ ▀▀▀ (c) pwnesia.org - v0.0.1 Usage: [stdin] | dnstake [options] dnstake -t HOSTNAME [options] Options: -t, --target Define single target host / list to check -c, --concurrent         Set the concurrency level (default: 25) -s, --silent Suppress errors and / or clean output -h, --help Display its help Examples: dnstake -t (sub.) Domain.tld dnstake -t hosts.txt cat hosts.txt | dnstake subfinder -silent -d domain.tld | dnstake

You can download the program from here.

iGuRu.gr The Best Technology Site in Greeceggns

Get the best viral stories straight into your inbox!















DNSTake, dns, namesaerver, domain, subdomain

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).