Lädt...


📰 dnsReaper - Subdomain Takeover Tool For Attackers, Bug Bounty Hunters And The Blue Team!


Nachrichtenbereich: 📰 IT Security Nachrichten
🔗 Quelle: kitploit.com


DNS Reaper is yet another sub-domain takeover tool, but with an emphasis on accuracy, speed and the number of signatures in our arsenal!

We can scan around 50 subdomains per second, testing each one with over 50 takeover signatures. This means most organisations can scan their entire DNS estate in less than 10 seconds.


You can use DNS Reaper as an attacker or bug hunter!

You can run it by providing a list of domains in a file, or a single domain on the command line. DNS Reaper will then scan the domains with all of its signatures, producing a CSV file.

You can use DNS Reaper as a defender!

You can run it by letting it fetch your DNS records for you! Yes that's right, you can run it with credentials and test all your domain config quickly and easily. DNS Reaper will connect to the DNS provider and fetch all your records, and then test them.

We currently support AWS Route53, Cloudflare, and Azure. Documentation on adding your own provider can be found here

You can use DNS Reaper as a DevSecOps Pro!

Punk Security are a DevSecOps company, and DNS Reaper has its roots in modern security best practice.

You can run DNS Reaper in a pipeline, feeding it a list of domains that you intend to provision, and it will exit Non-Zero if it detects a takeover is possible. You can prevent takeovers before they are even possible!

Usage

To run DNS Reaper, you can use the docker image or run it with python 3.10.

Findings are returned in the output and more detail is provided in a local "results.csv" file. We also support json output as an option.

Run it with docker

docker run punksecurity/dnsreaper --help

Run it with python

pip install -r requirements.txt
python main.py --help

Common commands

  • Scan AWS account:

    docker run punksecurity/dnsreaper aws --aws-access-key-id <key> --aws-access-key-secret <secret>

    For more information, see the documentation for the aws provider

  • Scan all domains from file:

    docker run -v $(pwd):/etc/dnsreaper punksecurity/dnsreaper file --filename /etc/dnsreaper/<filename>

  • Scan single domain

    docker run punksecurity/dnsreaper single --domain <domain>

  • Scan single domain and output to stdout:

    You should either redirect the stderr output or save stdout output with >

    docker run punksecurity/dnsreaper single --domain <domain> --out stdout --out-format=json > output

Full usage

          ____              __   _____                      _ __
/ __ \__ ______ / /__/ ___/___ _______ _______(_) /___ __
/ /_/ / / / / __ \/ //_/\__ \/ _ \/ ___/ / / / ___/ / __/ / / /
/ ____/ /_/ / / / / ,< ___/ / __/ /__/ /_/ / / / / /_/ /_/ /
/_/ \__,_/_/ /_/_/|_|/____/\___/\___/\__,_/_/ /_/\__/\__, /
PRESENTS /____/
DNS Reaper ☠️

Scan all your DNS records for subdomain takeovers!

usage:
.\main.py provider [options]

output:
findings output to screen and (by default) results.csv

help:
.\main.py --help

providers:
> aws - Scan multiple domains by fetching them from AWS Route53
> azure - Scan multiple domains by fetching t hem from Azure DNS services
> bind - Read domains from a dns BIND zone file, or path to multiple
> cloudflare - Scan multiple domains by fetching them from Cloudflare
> file - Read domains from a file, one per line
> single - Scan a single domain by providing a domain on the commandline
> zonetransfer - Scan multiple domains by fetching records via DNS zone transfer

positional arguments:
{aws,azure,bind,cloudflare,file,single,zonetransfer}

options:
-h, --help Show this help message and exit
--out OUT Output file (default: results) - use 'stdout' to stream out
--out-format {csv,json}
--resolver RESOLVER
Provide a custom DNS resolver (or multiple seperated by commas)
--parallelism PARALLELISM
Number of domains to test in parallel - too high and you may see odd DNS results (default: 30)
--disable-probable Do not check for probable conditions
--enable-unlikely Check for more conditions, but with a high false positive rate
--signature SIGNATURE
Only scan with this signature (multiple accepted)
--exclude-signature EXCLUDE_SIGNATURE
Do not scan with this signature (multiple accepted)
--pipeline Exit Non-Zero on detection (used to fail a pipeline)
-v, --verbose -v for verbose, -vv for extra verbose
--nocolour Turns off coloured text

aws:
Scan multiple domains by fetching them from AWS Route53

--aws-access-key-id AWS_ACCESS_KEY_ID
Optional
--aws-access-key-secret AWS_ACCESS_KEY_SECRET
Optional

azure:
Scan multiple domains by fetching them from Azure DNS services

--az-subscription-id AZ_SUBSCRIPTION_ID
Required
--az-tenant-id AZ_TENANT_ID
Required
--az-client-id AZ_CLIENT_ID
Required
--az-client-secret AZ_CLIENT_SECRET
Required

bind:
Read domains from a dns BIND zone file, or path to multiple

--bind-zone-file BIND_ZONE_FILE
Required

cloudflare:
Scan multiple domains by fetching them from Cloudflare

--cloudflare-token CLOUDFLARE_TOKEN
Required

file:
Read domains from a file, one per line

--filename FILENAME Required

single:
Scan a single domain by providing a domain on the commandline

--domain DOMAIN Required

zonetransfer:
Scan multiple domains by fetching records via DNS zone transfer

--zonetransfer-nameserver ZONE TRANSFER_NAMESERVER
Required
--zonetransfer-domain ZONETRANSFER_DOMAIN
Required


...

🕵️ Offensive Security Tool: dnsReaper


📈 41.05 Punkte
🕵️ Hacking

🔧 Tìm Hiểu Về RAG: Công Nghệ Đột Phá Đang "Làm Mưa Làm Gió" Trong Thế Giới Chatbot


📈 39.47 Punkte
🔧 Programmierung

🕵️ Apple paid a $50,000 bounty to two bug bounty hunters for hacking its hosts


📈 38.61 Punkte
🕵️ Hacking

🎥 DEF CON 27 Blue Team Village - Christine Le - Blue Team Guide For Fresh Eyes video


📈 34.34 Punkte
🎥 IT Security Video

📰 Blue Team Village, OpenSOC Blue Team CTF, blog.opensoc.io, Whitney Champion, DEF CON 27


📈 34.34 Punkte
📰 IT Security Nachrichten

📰 Blue Team, Red Team, and Purple Team: An Overview


📈 33.1 Punkte
📰 IT Security Nachrichten

📰 Axiom - A Dynamic Infrastructure Toolkit For Red Teamers And Bug Bounty Hunters!


📈 31.61 Punkte
📰 IT Security Nachrichten

📰 Secbutler - The Perfect Butler For Pentesters, Bug-Bounty Hunters And Security Researchers


📈 31.61 Punkte
📰 IT Security Nachrichten

📰 Red Team v. Blue Team? They Are In Fact One – The Purple Team


📈 31.48 Punkte
📰 IT Security Nachrichten

📰 Twitter pays out over $322,000 to bug bounty hunters


📈 29.99 Punkte
📰 IT Security Nachrichten

📰 Zero-Day Hunters Will Pay Over Twice as Much as Apple's New Bug Bounty Programme


📈 29.99 Punkte
📰 IT Security

📰 Microsoft Widens Edge Browser Bug Hunt For Bounty Hunters


📈 29.99 Punkte
📰 IT Security

📰 Twitter pays out over $322,000 to bug bounty hunters


📈 29.99 Punkte
📰 IT Security Nachrichten

📰 Zero-Day Hunters Will Pay Over Twice as Much as Apple's New Bug Bounty Programme


📈 29.99 Punkte
📰 IT Security

📰 Microsoft Widens Edge Browser Bug Hunt For Bounty Hunters


📈 29.99 Punkte
📰 IT Security

📰 HackerOne aims to pay bug bounty hunters $100 million by 2020


📈 29.99 Punkte
📰 IT Security Nachrichten

📰 Bug bounty hunters can make big bucks with the right hack


📈 29.99 Punkte
📰 IT Security Nachrichten

📰 Under the hoodie: what makes bug bounty hunters tick?


📈 29.99 Punkte
📰 IT Security Nachrichten

📰 Navigating an Uncharted Future, Bug Bounty Hunters Seek Safe Harbors


📈 29.99 Punkte
📰 IT Security Nachrichten

📰 White Hat Hackers Turning Security Bug Bounty Hunters


📈 29.99 Punkte
📰 IT Security Nachrichten

📰 Microsoft Bounty Program Offers Larger Rewards For Bug Hunters


📈 29.99 Punkte
📰 IT Security Nachrichten

📰 HackerOne Says Bug Bounty Hunters Earned $100 Million Through Its Platform


📈 29.99 Punkte
📰 IT Security Nachrichten

📰 The 10 vulnerabilities most commonly discovered by bug bounty hunters in 2020


📈 29.99 Punkte
📰 IT Security Nachrichten

📰 Bug Bounty Hunters Earned Over $4M for XSS Flaws Reported via HackerOne in 2020


📈 29.99 Punkte
📰 IT Security Nachrichten

📰 Bug Bounty Hunters Earn $1.2 Million at Chinese Hacking Competition


📈 29.99 Punkte
📰 IT Security Nachrichten

🕵️ Google paid $6.7 million to bug bounty hunters in 2020


📈 29.99 Punkte
🕵️ Hacking

🕵️ 5 Things Top Bug Bounty Hunters Do Differently


📈 29.99 Punkte
🕵️ Hacking

🕵️ 5 Things Top Bug Bounty Hunters Do Differently


📈 29.99 Punkte
🕵️ Hacking

🔧 OWASP Top 10 Vulnerabilities – A Guide for Pen-Testers & Bug Bounty Hunters


📈 29.99 Punkte
🔧 Programmierung

🔧 Afrog explained for bug bounty hunters


📈 29.99 Punkte
🔧 Programmierung

matomo