Resolvers

[jaikishantulswani]

@ethicalhackingplayground would be good if it have a flag to resolve domains using list of dns resolvers.

[ethicalhackingplayground]

Hi there, Thanks for your feature request, yes, I've currently got this listed on the things to implement :) please stay tuned for more updates.

Regards, Blake

[ethicalhackingplayground]

I've just added in the option to specify a list of dns resolvers, would you be able to test it out please?

Thanks.

[jaikishantulswani]

@ethicalhackingplayground thank you for this fast, I have tested and found that resolving with dnsresolver is working fine. One more thing I would like to add that there is a diff from previous one where dnsresolver is also showing status of the reosolved domains but in this version it is not having the said feature.

It would be good if we have another flag for the user to use --status to show status along with the resolved one.

About vhost feature which is a bonus in this, right now if user want to detect vhost by using --vhost flag it won't show any information like if the host is vhost or not it only show the domain name and also not showing the ip associated with that.

I would like that if user tried to resolve the domains from the list and also using --vhost then dnsresolver output would be like:

cat domains.txt | ./dnsresolver --vhost --resolvers trustedns.txt -r 25 -c 25
example.com 1.2.3.4
test.com [vhost] 2.3.4.5
new.com 2.3.5.6
old.com [vhost] 5.5.5.5

[ethicalhackingplayground]

Thanks for your reply, I'm a little confused about what you mean about the status of the resolved hosts, when you say the status of the resolved hosts, do you mean it was showing the hosts in this format https:// or http:// if port 80,443 is opened because if so, this feature is now optional with the --ports flag. Concerning the virtual host enumeration feature, this is experimental at the moment but I have had some great feedback on this and I will be spending some time fixing up the virtual host enumeration feature, so far if you specify the --vhost flag it will find which subdomains belong to each IP address and there should be a folder called vhosts which contains all the IPs as subfolders and in each folder there is a vhosts.txt file which contains all the subdomains that belong to the IP address.

Also, just keep in mind some IPs may rotate so you may find that IP addresses are not always the same, you can validate if it's a virtual host by checking the subdomain on this site https://mxtoolbox.com/dnslookup.aspx to see if it's the same IP but also note that websites can point to one or more IP addresses.

I hope this helps, I will make sure to improve the virtual host discovery.

Regards, Blake

[jaikishantulswani]

Thank you @ethicalhackingplayground for this detailed information and hope to get more from dnsresolver

[ethicalhackingplayground]

@jaikishantulswani Hey mate,

I've pushed some changes to the virtual host enumeration and it now supports Waf detection, could you please test the tool before I close this as resolved?

Regards, Blake

[jaikishantulswani]

Hi @ethicalhackingplayground Thank you for the ping, I tested the vhost functionality, the one thing which I would like to take control on is default waf detection, can we give this control to the user so they can use the flag -waf along with vhost and or domain resolving functionality and also shows the ip address parallel to the resolved domains or vhost. like only if user need to test if the host is behind a waf while resolving domain or while testing vhost functionality and by default it wont check the waf. One more thing what if we also set a config file for waf configuration like a file hosted in dnsresolver repo itself and keep getting updated as there are any changes in headers or any keywords for detecting the waf so that we can supply the local file or the url itself to fetch the keywords or headers for waf from the provided file.

cat hosts.txt | ./dnsresolver -r 10 -c 10 --resolvers trustedns.txt -waf -config wafconfig.yaml -ip

[ethicalhackingplayground]

Thanks for your response @jaikishantulswani,

These are some excellent suggestions, I will make these changes as soon as possible.

Regards, Blake.