mstoeck3/dnsrecon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
dnsrecon/README.md
overcuriousity 8263f5cfa9 flask app
2025-09-09 13:55:05 +02:00

2.8 KiB
Raw Blame History

DNS Reconnaissance Tool

A comprehensive DNS reconnaissance tool designed for investigators to gather intelligence on hostnames and IP addresses through multiple data sources.

Features

  • DNS Resolution: Query multiple DNS servers (1.1.1.1, 8.8.8.8, 9.9.9.9)
  • TLD Expansion: Automatically try all IANA TLDs for hostname-only inputs
  • Certificate Transparency: Query crt.sh for SSL certificate information
  • Recursive Discovery: Automatically discover and analyze subdomains
  • External Intelligence: Optional Shodan and VirusTotal integration
  • Multiple Interfaces: Both CLI and web interface available
  • Comprehensive Reports: JSON and text output formats

Installation

# Clone or create the project structure
mkdir dns-recon-tool && cd dns-recon-tool

# Install dependencies
pip install -r requirements.txt

Usage

Command Line Interface

# Basic domain scan
python -m src.main example.com

# Try all TLDs for hostname
python -m src.main example

# With API keys and custom depth
python -m src.main example.com --shodan-key YOUR_KEY --virustotal-key YOUR_KEY --max-depth 3

# Save reports
python -m src.main example.com --output results

# JSON only output
python -m src.main example.com --json-only

Web Interface

# Start web server
python -m src.main --web

# Custom port
python -m src.main --web --port 8080

Then open http://localhost:5000 in your browser.

Configuration

The tool uses the following default settings:

  • DNS Servers: 1.1.1.1, 8.8.8.8, 9.9.9.9
  • Max Recursion Depth: 2
  • Rate Limits: DNS (10/s), crt.sh (2/s), Shodan (0.5/s), VirusTotal (0.25/s)

API Keys

For enhanced reconnaissance, obtain API keys from:

  • Shodan - Port scanning and service detection
  • VirusTotal - Security analysis and reputation

Output

The tool generates two types of reports:

JSON Report

Complete machine-readable data including:

  • All discovered hostnames and IPs
  • DNS records by type
  • Certificate information
  • External service results
  • Metadata and timing

Text Report

Human-readable summary with:

  • Executive summary
  • Hostnames by discovery depth
  • IP address analysis
  • DNS record details
  • Certificate analysis
  • Security findings

Architecture

src/
├── main.py              # CLI entry point
├── web_app.py           # Flask web interface  
├── config.py            # Configuration management
├── data_structures.py   # Data models
├── dns_resolver.py      # DNS functionality
├── certificate_checker.py # crt.sh integration
├── shodan_client.py     # Shodan API
├── virustotal_client.py # VirusTotal API
├── tld_fetcher.py       # IANA TLD handling
├── reconnaissance.py    # Main logic
└── report_generator.py  # Report generation