107 lines
2.8 KiB
Markdown
107 lines
2.8 KiB
Markdown
# DNS Reconnaissance Tool
|
|
|
|
A comprehensive DNS reconnaissance tool designed for investigators to gather intelligence on hostnames and IP addresses through multiple data sources.
|
|
|
|
## Features
|
|
|
|
- **DNS Resolution**: Query multiple DNS servers (1.1.1.1, 8.8.8.8, 9.9.9.9)
|
|
- **TLD Expansion**: Automatically try all IANA TLDs for hostname-only inputs
|
|
- **Certificate Transparency**: Query crt.sh for SSL certificate information
|
|
- **Recursive Discovery**: Automatically discover and analyze subdomains
|
|
- **External Intelligence**: Optional Shodan and VirusTotal integration
|
|
- **Multiple Interfaces**: Both CLI and web interface available
|
|
- **Comprehensive Reports**: JSON and text output formats
|
|
|
|
## Installation
|
|
|
|
```bash
|
|
# Clone or create the project structure
|
|
mkdir dns-recon-tool && cd dns-recon-tool
|
|
|
|
# Install dependencies
|
|
pip install -r requirements.txt
|
|
```
|
|
|
|
## Usage
|
|
|
|
### Command Line Interface
|
|
|
|
```bash
|
|
# Basic domain scan
|
|
python -m src.main example.com
|
|
|
|
# Try all TLDs for hostname
|
|
python -m src.main example
|
|
|
|
# With API keys and custom depth
|
|
python -m src.main example.com --shodan-key YOUR_KEY --virustotal-key YOUR_KEY --max-depth 3
|
|
|
|
# Save reports
|
|
python -m src.main example.com --output results
|
|
|
|
# JSON only output
|
|
python -m src.main example.com --json-only
|
|
```
|
|
|
|
### Web Interface
|
|
|
|
```bash
|
|
# Start web server
|
|
python -m src.main --web
|
|
|
|
# Custom port
|
|
python -m src.main --web --port 8080
|
|
```
|
|
|
|
Then open http://localhost:5000 in your browser.
|
|
|
|
## Configuration
|
|
|
|
The tool uses the following default settings:
|
|
- DNS Servers: 1.1.1.1, 8.8.8.8, 9.9.9.9
|
|
- Max Recursion Depth: 2
|
|
- Rate Limits: DNS (10/s), crt.sh (2/s), Shodan (0.5/s), VirusTotal (0.25/s)
|
|
|
|
## API Keys
|
|
|
|
For enhanced reconnaissance, obtain API keys from:
|
|
- [Shodan](https://shodan.io) - Port scanning and service detection
|
|
- [VirusTotal](https://virustotal.com) - Security analysis and reputation
|
|
|
|
## Output
|
|
|
|
The tool generates two types of reports:
|
|
|
|
### JSON Report
|
|
Complete machine-readable data including:
|
|
- All discovered hostnames and IPs
|
|
- DNS records by type
|
|
- Certificate information
|
|
- External service results
|
|
- Metadata and timing
|
|
|
|
### Text Report
|
|
Human-readable summary with:
|
|
- Executive summary
|
|
- Hostnames by discovery depth
|
|
- IP address analysis
|
|
- DNS record details
|
|
- Certificate analysis
|
|
- Security findings
|
|
|
|
## Architecture
|
|
|
|
```
|
|
src/
|
|
├── main.py # CLI entry point
|
|
├── web_app.py # Flask web interface
|
|
├── config.py # Configuration management
|
|
├── data_structures.py # Data models
|
|
├── dns_resolver.py # DNS functionality
|
|
├── certificate_checker.py # crt.sh integration
|
|
├── shodan_client.py # Shodan API
|
|
├── virustotal_client.py # VirusTotal API
|
|
├── tld_fetcher.py # IANA TLD handling
|
|
├── reconnaissance.py # Main logic
|
|
└── report_generator.py # Report generation
|
|
``` |