Does tkosubs check for all NS of a particular domain?

anshumanbh / tko-subs

A tool that can help detect and takeover subdomains with dead DNS records

MIT License

741 stars 137 forks source link

Does tkosubs check for all NS of a particular domain? #30

Closed anshumanbh closed 6 years ago

anshumanbh commented 6 years ago

Reference: https://0xpatrik.com/subdomain-takeover-ns/

mhmdiaa commented 6 years ago

Yes, it does. We pass each domain to authorityReturnRefusedOrServfail(), which iterates over the domain's authoritative nameservers and tries to resolve the domain using them on by one. If at least one of them returns SERVFAIL/REFUSED, the domain is considered vulnerable.