/subdomain-scanner

subdomain-scanner is a subdomain discovery tool that discovers valid subdomains for websites.

Primary LanguageGoApache License 2.0Apache-2.0

subdomain-scanner

使用Golang编写的子域名检测程序,特点就是快、快、快。

扫描速度依赖于网络环境。1Mb带宽,200个goroutine,稳定1700左右/s的扫描速度。

默认为谷歌的DNS服务器,可自行配置其它DNS。

Building

go get github.com/miekg/dns
go get github.com/hashicorp/go-multierror
go get github.com/fengdingbo/subdomain-scanner
cd $GOPATH/src/github.com/fengdingbo/subdomain-scanner/
make
./subdomain-scanner -h

Download from releases

Download compiled binaries from releases

Usage

Usage of ./subdomain-scanner -h
  -axfr
		DNS Zone Transfer Protocol (AXFR) of RFC 5936 (default true)
  -d string
		The target Domain
  -depth int
		Scan sub domain depth. range[>=1] (default 1)
  -dns string
		DNS global server (default "8.8.8.8/8.8.4.4")
  -f string
		File contains new line delimited subs (default "dict/subnames_full.txt")
  -fw
		Force scan with wildcard domain (default true)
  -h	Show this help message and exit
  -l string
		The target Domain in file
  -o string
		Output file to write results to (defaults to ./log/{target}).txt
  -t int
		Num of scan threads (default 200)

Examples

$./subdomain-scanner -d qq.com
=============================================
subdomain-scanner v0.4#dev
=============================================
[+] Threads        : 200
[+] Domain         : qq.com
[+] Dict           : dict/subnames_full.txt
[+] Depth          : 1
[+] Help           : false
[+] Log            : log/qq.com.txt
[+] DNSServer      : 8.8.8.8/8.8.4.4
[+] WildcardDomain : true
[+] AXFC           : true
[+] ScanDomainList : [qq.com]
=============================================
2018/12/10 00:05:05 [+] Validate DNS servers...
2018/12/10 00:05:05 [+] Found DNS Server 8.8.8.8/8.8.4.4
2018/12/10 00:05:05 [+] Validate AXFR of DNS zone transfer 
2018/12/10 00:05:08 Starting
2018/12/10 00:05:52 All Done. 2146 found, 1744.6328/s, 76120 scanned in 43.63 seconds
2018/12/10 00:05:52 The output result file is log/qq.com.txt

Change Log

  • [2018-12-03]
    • 更好的参数调用提示
  • [2018-12-01]
    • 支持DNS域传送
    • 泛域名识别+扫描(泛域名得到的ip加入黑名单,继续爆破非黑名单ip)
  • [2018-11-30]
    • 重构并发逻辑
    • go官方的net包,不够完善,好多RFC都不支持,比如RFC 4592,所以使用了一个第三方包来做dns解析,提升扫描效率。
  • [2018-11-27]
    • Demo雏形

TODO

  • 可选dns服务器
  • 自定义字典
  • 并发扫描
  • 泛域名识别+扫描(泛域名得到的ip加入黑名单,继续爆破非黑名单ip)
  • 支持DNS域传送
  • 从文件中获取需要检测的域名
  • 支持DNS AAAA,ipv6检测
  • 深度扫描(多级子域名检测)
  • 自定义导出格式、计划支持txt、json等
  • 更友好的参数调用提示
  • 支持api接口调用

Thanks

https://github.com/miekg/dns

https://github.com/OJ/gobuster

https://github.com/binaryfigments/axfr

https://github.com/lijiejie/subDomainsBrute