Hoja de Referencia de DNSx DNS Toolkit
Descripción general
DNSx es un toolkit de DNS rápido y multipropósito desarrollado por Project Discovery que permite ejecutar múltiples sondeos DNS utilizando la biblioteca retryabledns. Está diseñado para realizar varios tipos de consultas DNS con un enfoque en velocidad y confiabilidad. DNSx puede manejar múltiples tipos de registros DNS y soporta resolvedores personalizados, lo que lo convierte en una herramienta versátil para reconocimiento y enumeración de DNS.
Lo que distingue a DNSx de otras herramientas DNS es su capacidad para procesar grandes cantidades de dominios de manera eficiente y sus capacidades de integración con otras herramientas de seguridad. Puede filtrar registros DNS de comodín, realizar DNS walking y extraer información valiosa de las respuestas DNS. DNSx se usa comúnmente en la fase de reconocimiento de evaluaciones de seguridad para recopilar información sobre dominios objetivo y su infraestructura.
DNSx soporta varios formatos de entrada y puede integrarse fácilmente con otras herramientas en un pipeline, lo que lo convierte en un componente esencial en muchos flujos de trabajo de pruebas de seguridad. Su capacidad para filtrar resultados según varios criterios ayuda a los profesionales de seguridad a centrarse en los objetivos más relevantes.
Instalación
Usando Go
Would you like me to continue with the remaining sections?```bash
Install using Go (requires Go 1.20 or later)
go install -v github.com/projectdiscovery/dnsx/cmd/dnsx@latest
Verify installation
dnsx -version
### Using Docker
```bash
# Pull the latest Docker image
docker pull projectdiscovery/dnsx:latest
# Run DNSx using Docker
docker run -it projectdiscovery/dnsx:latest -hUsing Homebrew (macOS)
# Install using Homebrew
brew install dnsx
# Verify installation
dnsx -versionUsing PDTM (Project Discovery Tools Manager)
# Install PDTM first if not already installed
go install -v github.com/projectdiscovery/pdtm/cmd/pdtm@latest
# Install DNSx using PDTM
pdtm -i dnsx
# Verify installation
dnsx -versionOn Kali Linux
# Install using apt
sudo apt install dnsx
# Verify installation
dnsx -versionBasic Usage
DNS Lookups
# Perform A record lookup for a single domain
dnsx -d example.com -a
# Perform A record lookup for multiple domains
dnsx -d example.com,hackerone.com -a
# Perform A record lookup from a list of domains
dnsx -l domains.txt -a
# Perform A record lookup from STDIN
cat domains.txt|dnsx -aRecord Types
# Query A records (IPv4 addresses)
dnsx -l domains.txt -a
# Query AAAA records (IPv6 addresses)
dnsx -l domains.txt -aaaa
# Query CNAME records (Canonical names)
dnsx -l domains.txt -cname
# Query NS records (Name servers)
dnsx -l domains.txt -ns
# Query TXT records (Text records)
dnsx -l domains.txt -txt
# Query MX records (Mail exchange servers)
dnsx -l domains.txt -mx
# Query SOA records (Start of authority)
dnsx -l domains.txt -soa
# Query PTR records (Pointer records)
dnsx -l domains.txt -ptr
# Query multiple record types
dnsx -l domains.txt -a -cname -nsOutput Options
# Save results to a file
dnsx -l domains.txt -a -o results.txt
# Output in JSON format
dnsx -l domains.txt -a -json -o results.json
# Output in CSV format
dnsx -l domains.txt -a -csv -o results.csv
# Silent mode (only results)
dnsx -l domains.txt -a -silentAdvanced Usage
Resolver Configuration
# Use specific DNS resolvers
dnsx -l domains.txt -a -resolver 1.1.1.1,8.8.8.8
# Use resolvers from a file
dnsx -l domains.txt -a -resolver-file resolvers.txt
# Use system resolvers
dnsx -l domains.txt -a -system-resolverResponse Filtering
# Filter by response containing specific string
dnsx -l domains.txt -a -resp-only -resp "1.2.3.4"
# Filter by response matching regex
dnsx -l domains.txt -a -resp-only -resp-regex "^1\.2\.[0-9]+\.[0-9]+$"Wildcard Filtering
# Enable wildcard filtering
dnsx -l domains.txt -a -wildcard
# Set wildcard threshold
dnsx -l domains.txt -a -wildcard-threshold 5DNS Walking
# Enable DNS walking
dnsx -l domains.txt -a -walk
# Set DNS walking threads
dnsx -l domains.txt -a -walk -walk-threads 20Performance Optimization
Concurrency and Rate Limiting
# Set concurrency (default: 100)
dnsx -l domains.txt -a -c 200
# Set rate limit
dnsx -l domains.txt -a -rate-limit 100
# Set retries
dnsx -l domains.txt -a -retries 3Timeout Options
# Set timeout for DNS queries (milliseconds)
dnsx -l domains.txt -a -timeout 5000Optimization for Large Scans
# Use stream mode for large inputs
dnsx -l large-domains.txt -a -stream
# Increase concurrency for faster scanning
dnsx -l domains.txt -a -c 500Integration with Other Tools
Pipeline with Subfinder
# Find subdomains and resolve them
subfinder -d example.com -silent|dnsx -a -silent
# Find subdomains and check for specific record types
subfinder -d example.com -silent|dnsx -a -cname -silentPipeline with HTTPX
# Resolve domains and probe for HTTP services
dnsx -l domains.txt -a -silent|httpx -silent
# Resolve domains, filter by IP, and probe for HTTP services
dnsx -l domains.txt -a -silent -resp "1.2.3.4"|httpx -silentPipeline with Naabu
# Resolve domains and scan for open ports
dnsx -l domains.txt -a -silent|naabu -silent
# Resolve domains, filter by IP, and scan for open ports
dnsx -l domains.txt -a -silent -resp "1.2.3.4"|naabu -silentOutput Customization
Custom Output Format
# Output only domain and IP
dnsx -l domains.txt -a -resp-only
# Output with additional information
dnsx -l domains.txt -a -json
# Count unique IPs
dnsx -l domains.txt -a -resp-only|sort -u|wc -l
# Sort output by IP
dnsx -l domains.txt -a -resp-only|sort -t ' ' -k2Filtering Output
# Filter by IP
dnsx -l domains.txt -a -resp-only|grep "1.2.3.4"
# Filter by domain
dnsx -l domains.txt -a -resp-only|grep "example.com"
# Find unique IPs
dnsx -l domains.txt -a -resp-only|awk '\\\\{print $2\\\\}'|sort -uAdvanced Filtering
IP Filtering
# Filter by specific IP
dnsx -l domains.txt -a -resp-only -resp "1.2.3.4"
# Filter by IP range
dnsx -l domains.txt -a -resp-only -resp-regex "^1\.2\.3\.[0-9]+$"Domain Filtering
# Filter by domain pattern
dnsx -l domains.txt -a -resp-only|grep "api"
# Filter by specific TLD
dnsx -l domains.txt -a -resp-only|grep "\.com$"CNAME Filtering
# Find domains with specific CNAME
dnsx -l domains.txt -cname -resp-only -resp "cdn.example.com"
# Find domains with CNAME pointing to specific services
dnsx -l domains.txt -cname -resp-only -resp-regex "amazonaws\.com$"Miscellaneous Features
Reverse DNS Lookup
# Perform reverse DNS lookup
dnsx -l ips.txt -ptr
# Perform reverse DNS lookup with response filtering
dnsx -l ips.txt -ptr -resp-only -resp "example.com"DNS Trace
# Perform DNS trace
dnsx -d example.com -trace
# Perform DNS trace with specific resolver
dnsx -d example.com -trace -resolver 1.1.1.1Health Check
# Check resolver health
dnsx -hc -resolver 1.1.1.1,8.8.8.8
# Check resolver health with timeout
dnsx -hc -resolver 1.1.1.1,8.8.8.8 -timeout 5000Troubleshooting
Common Issues
-
Resolver Issues
# Try different resolvers dnsx -l domains.txt -a -resolver 1.1.1.1,8.8.8.8 # Check resolver health dnsx -hc -resolver 1.1.1.1,8.8.8.8 -
Timeout Issues
# Increase timeout dnsx -l domains.txt -a -timeout 10000 # Increase retries dnsx -l domains.txt -a -retries 5 -
Rate Limiting
# Reduce concurrency dnsx -l domains.txt -a -c 50 # Set rate limit dnsx -l domains.txt -a -rate-limit 50 -
Memory Issues
# Use stream mode for large inputs dnsx -l large-domains.txt -a -stream
Debugging
# Enable verbose mode
dnsx -l domains.txt -a -v
# Show debug information
dnsx -l domains.txt -a -debug
# Show statistics
dnsx -l domains.txt -a -statsConfiguration
Configuration File
DNSx uses a configuration file located at $HOME/.config/dnsx/config.yaml. You can customize various settings in this file:
# Example configuration file
concurrency: 100
rate-limit: 100
retries: 3
timeout: 5000
resolvers:
- 1.1.1.1
- 8.8.8.8Environment Variables
# Set DNSx configuration via environment variables
export DNSX_CONCURRENCY=100
export DNSX_RATE_LIMIT=100
export DNSX_RETRIES=3
export DNSX_TIMEOUT=5000
export DNSX_RESOLVERS=1.1.1.1,8.8.8.8Reference
Command Line Options
| Bandera | Descripción |
|---|---|
-d, -domain | Dominio objetivo para consultar |
-l, -list | Archivo que contiene lista de dominios para consultar |
-a | Consultar registros A |
-aaaa | Consultar registros AAAA |
-cname | Consultar registros CNAME |
-ns | Consultar registros NS |
-txt | Consultar registros TXT |
-mx | Consultar registros MX |
-soa | Consultar registros SOA |
-ptr | Consultar registros PTR |
-o, -output | Archivo para escribir la salida |
-json | Escribir la salida en formato JSON |
-csv | Escribir salida en formato CSV |
-silent | Mostrar solo resultados en la salida |
-v, -verbose | Mostrar salida detallada |
-resolver | Resolvedores DNS a utilizar |
-resolver-file | Archivo que contiene resolvedores DNS |
-system-resolver | Utilizar resolvedores de sistema |
-resp-only | Mostrar solo respuesta en la salida |
-resp | Filtrar respuesta que contiene cadena |
-resp-regex | Filtrar respuesta que coincide con regex |
-wildcard | Habilitar filtrado con comodín |
-wildcard-threshold | Umbral de filtrado de comodín |
-walk | Habilitar DNS walking |
-walk-threads | Número de hilos de recorrido DNS |
-c, -concurrency | Número de consultas concurrentes |
-rate-limit | Número máximo de consultas por segundo |
-retries | Número de reintentos para consultas fallidas |
-timeout | Timeout para consultas DNS en milisegundos |
-stream | Modo stream para entradas grandes |
-hc | Verificar estado de salud del resolver |
-trace | Realizar seguimiento DNS |
-version | Mostrar versión de DNSx |
Record Types
| Type | Descripción |
|---|---|
A | Registros de direcciones IPv4 |
AAAA | Registros de direcciones IPv6 |
CNAME | Registros de nombre canónico |
NS | Registros de servidor de nombres |
TXT | Registros de texto |
MX | Registros de intercambio de correo |
SOA | Inicio de registros de autoridad |
PTR | Registros Pointer |
Resources
This cheat sheet provides a comprehensive reference for using DNSx, from basic DNS queries to advanced filtering and integration with other tools. For the most up-to-date information, always refer to the official documentation.