0x0Lab Blog Just another damn blog

12Dec/11Off

DNS Brute Force

This python program, bfdomain.py, was written to identify valid hosts of a domain that deny zone transfers.

Where can I use it?
This program must be used against a domain that deny zone transfer. For instance,
neuro:~ neuro$ host -l 0x0lab.org

;; connection timed out; no servers could be reached
neuro:~ neuro$ dig @ns1.0x0lab.org 0x0lab.org axfr

; <<>> DiG 9.6-ESV-R4-P3 <<>> @ns1.0x0lab.org 0x0lab.org axfr
; (1 server found)
;; global options: +cmd
; Transfer failed.

Is there any dependency?
Yes, you have to install PyDNS Library (http://pydns.sourceforge.net)

Program Usage
Usage: bfdomain.py [options]

Options:
  -h, --help            show this help message and exit
  -t TARGET, --target=TARGET
                        specify a domain name (mandatory)
  -f FNAME, --dictionary=FNAME
                        specify a file to read data (mandatory)
  -d DNS, --dns=DNS     specify a name server
  -T THREADS, --Threads=THREADS
                        specify a number of threads (default=5)

How do I use it?
Suppose that you want to extract valid hosts from "domain.com", using a dict file, i.e. hostname-list.txt and open x threads (default is 5).

python bfdomain.py -t domain.com -f hostname-list -T 10

Note: In this case, system dns will be used.

Furthermore, you can add a dns server.

python bfdomain.py -t domain.com -f hostname-list -d ns1.domain.com -T 10

Downloads
Brute Force Domain (971)
Download dictionaries: https://code.0x0lab.org/p/asphyx1a/source/tree/master/dictionaries

Other Related
https://blog.0x0lab.org/2011/12/dns-brute-nse/

Special Thanks
cirrus, mayhem

Posted by neuro

Tagged as: Comments Off
Comments (0) Trackbacks (0)

Sorry, the comment form is closed at this time.

No trackbacks yet.