Puredns - Bruteforce Domains
Puredns is a very fast domain resolver tool with the benefit of wildcard detection. Domain resolution is the process of querying the IP address of a webserver or domain name from a DNS server. Puredns is built in Golang by @d3mondev.
In the background, it uses massdns(a very high performance DNS resolver) built in C. The requirements to use this tool are a good network bandwidth, list of subdomains to bruteforce, a list of DNS resolvers and your little bit of time.
The primary use cases of puredns are domain resolution and domain bruteforcing. Domain resolution, attacker provides a list of possible domains and puredns resolves that domain to check if the domain actually exists or not. Domain bruteforcing, attacker provides a list of subdomains, a domain name and puredns creates the list of hosts to resolve by adding each subdomain to domain name and then do domain resolution.
Prerequisites: Install massdns
$ git clone https://github.com/blechschmidt/massdns.git $ cd massdns $ make $ sudo make install
$ go install github.com/d3mondev/puredns/v2@latest
- List all possible commands
$ puredns -h
- Bruteforce subdomains- give list of subdomains, resolvers and a domain name
$ puredns bruteforce <wordlist.txt> <domain.com> -r <resolvers.txt>
- List all possible options for puredns bruteforce or resolve module
$ puredns bruteforce -h $ puredns resolve -h
- Resolve list of hosts with resolve module
$ cat <hosts.txt> | puredns resolve -r <resolvers.txt> $ puredns resolve <hosts.txt> -r <resolvers.txt>
- Write output of resolved hosts
$ puredns bruteforce <wordlist.txt> <domain.com> -r <resolvers.txt> --write output.txt --write-wildcards output-wildcards.txt
- Use an updated dns resolvers file. Trickest updates there resolvers repository daily. Link: https://github.com/trickest/resolvers
- Perform subdomain recon 2 times in a week on a big target to get newer results.