dnsreaper
subdomain takeover tool for attackers, bug bounty hunters and the blue team!
Details
Category: Vulnerabilities
Publisher: trickest-mhmdiaa
Created Date: 9/7/2022
Container: quay.io/trickest/dnsreaper:dd7fa2a-patch-2
Source URL: https://github.com/punk-security/dnsReaper
Parameters
Command:
aws
- Scan multiple domains by fetching them from AWS Route53Command:
bind
- Read domains from a dns BIND zone file, or path to multipleCommand:
file
- Read domains from a file (or folder of files), one per lineCommand:
azure
- Scan multiple domains by fetching them from Azure DNS servicesCommand:
single
- Scan a single domain by providing a domain on the commandlineCommand:
-v
- Verbose outputCommand:
--nocolour
- Turns off coloured textCommand:
--pipeline
- Exit Non-Zero on detection (used to fail a pipeline)Command:
--resolver
- Provide a custom DNS resolver (or multiple seperated by commas)Command:
--signature
- Only scan with this signatureCommand:
cloudflare
- Scan multiple domains by fetching them from CloudflareCommand:
--do-api-key
- DigitalOcean API key (the `digitalocean` input must be set to true)Command:
--do-domains
- Limit the scan to these domains (comma-separated)Command:
--filename
- List of domains to scan (the `file` input must be set to true)Command:
--out-format
- Output format (csv/json)Command:
--parallelism
- Number of domains to test in parallel - too high and you may see odd DNS results (default: 30)Command:
--az-client-id
- Azure client ID (the `azure` input must be set to true)Command:
--az-tenant-id
- Azure tenant ID (the `azure` input must be set to true)Command:
digitalocean
- Scan multiple domains by fetching them from Digital OceanCommand:
zonetransfer
- Scan multiple domains by fetching records via DNS zone transferCommand:
-vv
- Extra verbose outputCommand:
--domain
- Scan this one domain (the `single` input must be set to true)Command:
--bind-zone-file
- Bind zone file (the `bind` input must be set to true)Command:
--enable-unlikely
- Check for more conditions, but with a high false positive rateCommand:
--az-client-secret
- Azure client secret (the `azure` input must be set to true)Command:
--cloudflare-token
- Cloudflare token (the `cloudflare` input must be set to true)Command:
--disable-probable
- Do not check for probable conditionsCommand:
--aws-access-key-id
- AWS access key ID (the `aws` input must be set to true)Command:
--exclude-signature
- Do not scan with this signatureCommand:
--az-subscription-id
- Azure subscription ID (the `azure` input must be set to true)Command:
--zonetransfer-domain
- Root domain to scan for (the `zonetransfer` input must be set to true)Command:
--aws-access-key-secret
- AWS access key secret (the `aws` input must be set to true)Command:
--zonetransfer-nameserver
- DNS server fqdn (such as ns1.domain.com) or IP address (the `zonetransfer` input must be set to true)