subdomain-scanner

使用Golang编写的子域名检测程序，特点就是快、快、快。

扫描速度依赖于网络环境。1Mb带宽，200个goroutine，稳定1700左右/s的扫描速度。

默认为谷歌的DNS服务器，可自行配置其它DNS。

Building

go get github.com/miekg/dns
go get github.com/hashicorp/go-multierror
go get github.com/fengdingbo/subdomain-scanner
cd $GOPATH/src/github.com/fengdingbo/subdomain-scanner/
make
./subdomain-scanner -h

Download from releases

Download compiled binaries from releases

Usage

Usage of ./subdomain-scanner -h
  -axfr
		DNS Zone Transfer Protocol (AXFR) of RFC 5936 (default true)
  -d string
		The target Domain
  -depth int
		Scan sub domain depth. range[>=1] (default 1)
  -dns string
		DNS global server (default "8.8.8.8/8.8.4.4")
  -f string
		File contains new line delimited subs (default "dict/subnames_full.txt")
  -fw
		Force scan with wildcard domain (default true)
  -h	Show this help message and exit
  -l string
		The target Domain in file
  -o string
		Output file to write results to (defaults to ./log/{target}).txt
  -t int
		Num of scan threads (default 200)

Examples

$./subdomain-scanner -d qq.com
=============================================
subdomain-scanner v0.4#dev
=============================================
[+] Threads        : 200
[+] Domain         : qq.com
[+] Dict           : dict/subnames_full.txt
[+] Depth          : 1
[+] Help           : false
[+] Log            : log/qq.com.txt
[+] DNSServer      : 8.8.8.8/8.8.4.4
[+] WildcardDomain : true
[+] AXFC           : true
[+] ScanDomainList : [qq.com]
=============================================
2018/12/10 00:05:05 [+] Validate DNS servers...
2018/12/10 00:05:05 [+] Found DNS Server 8.8.8.8/8.8.4.4
2018/12/10 00:05:05 [+] Validate AXFR of DNS zone transfer 
2018/12/10 00:05:08 Starting
2018/12/10 00:05:52 All Done. 2146 found, 1744.6328/s, 76120 scanned in 43.63 seconds
2018/12/10 00:05:52 The output result file is log/qq.com.txt

Change Log

• [2018-12-03]
  • 更好的参数调用提示
• [2018-12-01]
  • 支持DNS域传送
  • 泛域名识别+扫描(泛域名得到的ip加入黑名单，继续爆破非黑名单ip)
• [2018-11-30]
  • 重构并发逻辑
  • go官方的net包，不够完善，好多RFC都不支持，比如RFC 4592，所以使用了一个第三方包来做dns解析，提升扫描效率。
• [2018-11-27]
  • Demo雏形

TODO

• 可选dns服务器
• 自定义字典
• 并发扫描
• 泛域名识别+扫描(泛域名得到的ip加入黑名单，继续爆破非黑名单ip)
• 支持DNS域传送
• 从文件中获取需要检测的域名
• 支持DNS AAAA，ipv6检测
• 深度扫描(多级子域名检测)
• 自定义导出格式、计划支持txt、json等
• 更友好的参数调用提示
• 支持api接口调用

Thanks

https://github.com/miekg/dns

https://github.com/OJ/gobuster

https://github.com/binaryfigments/axfr

https://github.com/lijiejie/subDomainsBrute