DNSx DNS Herramienta Cheat Sheet¶
Sinopsis¶
DNSx es un kit de herramientas DNS rápido y multipropósito desarrollado por Project Discovery que permite ejecutar múltiples sondas DNS utilizando la biblioteca de retrígidos. Está diseñado para realizar varias consultas DNS con un enfoque en velocidad y fiabilidad. DNSx puede manejar múltiples tipos de discos DNS y admite fallos personalizados, por lo que es una herramienta versátil para el reconocimiento y la enumeración de DNS.
Lo que distingue a DNSx de otras herramientas DNS es su capacidad para procesar un gran número de dominios de manera eficiente y sus capacidades de integración con otras herramientas de seguridad. Puede filtrar registros de DNS comodín, realizar DNS caminando y extraer información valiosa de las respuestas DNS. DNSx se utiliza comúnmente en la fase de reconocimiento de las evaluaciones de seguridad para reunir información sobre los dominios de destino y su infraestructura.
DNSx admite varios formatos de entrada y se puede integrar fácilmente con otras herramientas en un oleoducto, lo que lo convierte en un componente esencial en muchos flujos de trabajo de pruebas de seguridad. Su capacidad de filtrar los resultados basado en diversos criterios ayuda a los profesionales de la seguridad a centrarse en los objetivos más relevantes.
Instalación¶
Usando Go¶
# Install using Go (requires Go 1.20 or later)
go install -v github.com/projectdiscovery/dnsx/cmd/dnsx@latest
# Verify installation
dnsx -version
Usando Docker¶
# Pull the latest Docker image
docker pull projectdiscovery/dnsx:latest
# Run DNSx using Docker
docker run -it projectdiscovery/dnsx:latest -h
Utilizando Homebrew (macOS)¶
Utilizando PDTM (Project Discovery Tools Manager)¶
# Install PDTM first if not already installed
go install -v github.com/projectdiscovery/pdtm/cmd/pdtm@latest
# Install DNSx using PDTM
pdtm -i dnsx
# Verify installation
dnsx -version
En Kali Linux¶
Uso básico¶
DNS Lookups¶
# Perform A record lookup for a single domain
dnsx -d example.com -a
# Perform A record lookup for multiple domains
dnsx -d example.com,hackerone.com -a
# Perform A record lookup from a list of domains
dnsx -l domains.txt -a
# Perform A record lookup from STDIN
cat domains.txt|dnsx -a
Tipos de registro¶
# Query A records (IPv4 addresses)
dnsx -l domains.txt -a
# Query AAAA records (IPv6 addresses)
dnsx -l domains.txt -aaaa
# Query CNAME records (Canonical names)
dnsx -l domains.txt -cname
# Query NS records (Name servers)
dnsx -l domains.txt -ns
# Query TXT records (Text records)
dnsx -l domains.txt -txt
# Query MX records (Mail exchange servers)
dnsx -l domains.txt -mx
# Query SOA records (Start of authority)
dnsx -l domains.txt -soa
# Query PTR records (Pointer records)
dnsx -l domains.txt -ptr
# Query multiple record types
dnsx -l domains.txt -a -cname -ns
Opciones de salida¶
# Save results to a file
dnsx -l domains.txt -a -o results.txt
# Output in JSON format
dnsx -l domains.txt -a -json -o results.json
# Output in CSV format
dnsx -l domains.txt -a -csv -o results.csv
# Silent mode (only results)
dnsx -l domains.txt -a -silent
Uso avanzado¶
Configuración de resolver¶
# Use specific DNS resolvers
dnsx -l domains.txt -a -resolver 1.1.1.1,8.8.8.8
# Use resolvers from a file
dnsx -l domains.txt -a -resolver-file resolvers.txt
# Use system resolvers
dnsx -l domains.txt -a -system-resolver
Filtro de respuesta¶
# Filter by response containing specific string
dnsx -l domains.txt -a -resp-only -resp "1.2.3.4"
# Filter by response matching regex
dnsx -l domains.txt -a -resp-only -resp-regex "^1\.2\.[0-9]+\.[0-9]+$"
Filtro de Wildcard¶
# Enable wildcard filtering
dnsx -l domains.txt -a -wildcard
# Set wildcard threshold
dnsx -l domains.txt -a -wildcard-threshold 5
DNS Walking¶
# Enable DNS walking
dnsx -l domains.txt -a -walk
# Set DNS walking threads
dnsx -l domains.txt -a -walk -walk-threads 20
Optimización del rendimiento¶
Concurrencia y limitación de tarifas¶
# Set concurrency (default: 100)
dnsx -l domains.txt -a -c 200
# Set rate limit
dnsx -l domains.txt -a -rate-limit 100
# Set retries
dnsx -l domains.txt -a -retries 3
Opciones de tiempo¶
Optimización para grandes escáneres¶
# Use stream mode for large inputs
dnsx -l large-domains.txt -a -stream
# Increase concurrency for faster scanning
dnsx -l domains.txt -a -c 500
Integración con otras herramientas¶
Pipeline con Subfinder¶
# Find subdomains and resolve them
subfinder -d example.com -silent|dnsx -a -silent
# Find subdomains and check for specific record types
subfinder -d example.com -silent|dnsx -a -cname -silent
Pipeline con HTTPX¶
# Resolve domains and probe for HTTP services
dnsx -l domains.txt -a -silent|httpx -silent
# Resolve domains, filter by IP, and probe for HTTP services
dnsx -l domains.txt -a -silent -resp "1.2.3.4"|httpx -silent
Pipeline con Naabu¶
# Resolve domains and scan for open ports
dnsx -l domains.txt -a -silent|naabu -silent
# Resolve domains, filter by IP, and scan for open ports
dnsx -l domains.txt -a -silent -resp "1.2.3.4"|naabu -silent
Personalización de productos¶
Formato de salida personalizado¶
# Output only domain and IP
dnsx -l domains.txt -a -resp-only
# Output with additional information
dnsx -l domains.txt -a -json
# Count unique IPs
dnsx -l domains.txt -a -resp-only|sort -u|wc -l
# Sort output by IP
dnsx -l domains.txt -a -resp-only|sort -t ' ' -k2
Filtro de salida¶
# Filter by IP
dnsx -l domains.txt -a -resp-only|grep "1.2.3.4"
# Filter by domain
dnsx -l domains.txt -a -resp-only|grep "example.com"
# Find unique IPs
dnsx -l domains.txt -a -resp-only|awk '\\\\{print $2\\\\}'|sort -u
Filtro avanzado¶
Filtro IP¶
# Filter by specific IP
dnsx -l domains.txt -a -resp-only -resp "1.2.3.4"
# Filter by IP range
dnsx -l domains.txt -a -resp-only -resp-regex "^1\.2\.3\.[0-9]+$"
Filtro de dominio¶
# Filter by domain pattern
dnsx -l domains.txt -a -resp-only|grep "api"
# Filter by specific TLD
dnsx -l domains.txt -a -resp-only|grep "\.com$"
CNAME Filtro¶
# Find domains with specific CNAME
dnsx -l domains.txt -cname -resp-only -resp "cdn.example.com"
# Find domains with CNAME pointing to specific services
dnsx -l domains.txt -cname -resp-only -resp-regex "amazonaws\.com$"
Varios Características¶
Consulta DNS inversa¶
# Perform reverse DNS lookup
dnsx -l ips.txt -ptr
# Perform reverse DNS lookup with response filtering
dnsx -l ips.txt -ptr -resp-only -resp "example.com"
DNS Trace¶
# Perform DNS trace
dnsx -d example.com -trace
# Perform DNS trace with specific resolver
dnsx -d example.com -trace -resolver 1.1.1.1
Control de salud¶
# Check resolver health
dnsx -hc -resolver 1.1.1.1,8.8.8.8
# Check resolver health with timeout
dnsx -hc -resolver 1.1.1.1,8.8.8.8 -timeout 5000
Solución de problemas¶
Cuestiones comunes¶
- ** Cuestiones de resolución**
# Try different resolvers dnsx -l domains.txt -a -resolver 1.1.1.1,8.8.8.8 # Check resolver health dnsx -hc -resolver 1.1.1.1,8.8.8.8 ``` 2. ** Problemas de tiempo** ```bash # Increase timeout dnsx -l domains.txt -a -timeout 10000 # Increase retries dnsx -l domains.txt -a -retries 5 ``` 3. ** Limitación de destino** ```bash # Reduce concurrency dnsx -l domains.txt -a -c 50 # Set rate limit dnsx -l domains.txt -a -rate-limit 50 ``` 4. * Problemas de memoria* ```bash # Use stream mode for large inputs dnsx -l large-domains.txt -a -stream ``` ### Debugging ```bash # Enable verbose mode dnsx -l domains.txt -a -v # Show debug information dnsx -l domains.txt -a -debug # Show statistics dnsx -l domains.txt -a -stats
Configuración¶
Archivo de configuración¶
DNSx utiliza un archivo de configuración ubicado en $HOME/.config/dnsx/config.yaml. Puede personalizar varios ajustes en este archivo:
# Example configuration file
concurrency: 100
rate-limit: 100
retries: 3
timeout: 5000
resolvers:
- 1.1.1.1
- 8.8.8.8
Medio ambiente¶
# Set DNSx configuration via environment variables
export DNSX_CONCURRENCY=100
export DNSX_RATE_LIMIT=100
export DNSX_RETRIES=3
export DNSX_TIMEOUT=5000
export DNSX_RESOLVERS=1.1.1.1,8.8.8.8
Referencia¶
Opciones de línea de mando¶
| Flag | Description |
|---|---|
-d, -domain |
Target domain to query |
-l, -list |
File containing list of domains to query |
-a |
Query A records |
-aaaa |
Query AAAA records |
-cname |
Query CNAME records |
-ns |
Query NS records |
-txt |
Query TXT records |
-mx |
Query MX records |
-soa |
Query SOA records |
-ptr |
Query PTR records |
-o, -output |
File to write output to |
-json |
Write output in JSON format |
-csv |
Write output in CSV format |
-silent |
Show only results in output |
-v, -verbose |
Show verbose output |
-resolver |
DNS resolvers to use |
-resolver-file |
File containing DNS resolvers |
-system-resolver |
Use system resolvers |
-resp-only |
Show only response in output |
-resp |
Filter response containing string |
-resp-regex |
Filter response matching regex |
-wildcard |
Enable wildcard filtering |
-wildcard-threshold |
Wildcard filtering threshold |
-walk |
Enable DNS walking |
-walk-threads |
Number of DNS walking threads |
-c, -concurrency |
Number of concurrent queries |
-rate-limit |
Maximum number of queries per second |
-retries |
Number of retries for failed queries |
-timeout |
Timeout for DNS queries in milliseconds |
-stream |
Stream mode for large inputs |
-hc |
Check resolver health |
-trace |
Perform DNS trace |
-version |
Show DNSx version |
Tipos de registro¶
| Type | Description |
|---|---|
A |
IPv4 address records |
AAAA |
IPv6 address records |
CNAME |
Canonical name records |
NS |
Name server records |
TXT |
Text records |
MX |
Mail exchange records |
SOA |
Start of authority records |
PTR |
Pointer records |
Recursos¶
-...
*Esta hoja de trampolín proporciona una referencia completa para el uso de DNSx, desde las consultas básicas DNS hasta el filtrado avanzado e integración con otras herramientas. Para la información más actualizada, consulte siempre la documentación oficial. *