8000 DNS Probing Module · Issue #11 · idealeer/xmap · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
DNS Probing Module #11
New issue
New issue
Closed
Closed
DNS Probing Module#11
@idealeer

Description

@idealeer
idealeer
opened on Oct 20, 2022

Help

Type xmap -4 -h -M dnsx -O json to show the help information.

This module sends out DNS queries and parses basic responses.
By default, the module performs an A record lookup for www.qq.com.
You can specify other queries using the --probe-args argument
in the form: label_type:input_src:type,query;type,query, e.g.,
raw:text:A,qq.com;NS,qq.com. The module supports
sending the the following types of queries: A, NS, CNAME, SOA, PTR,
MX, TXT, AAAA, RRSIG, ANY, SIG, SRV, DS, DNSKEY, TLSA, SVCB, HTTPS,
CAA, and HTTPSSVC. The module will accept and attempt
to parse all DNS responses. There is currently support for parsing
out full data from A, NS, CNAME, MX, TXT, and AAAA.
Query format: label_type:recurse:input_src:type,query;type,query
Any other types will be output in raw form.
label_type: raw, str, time, random, dst-ip
  raw: do nothing to the query domain, e.g., qq.com
  str: add the 'str' subdomain www, e.g., www.qq.com
  time: add the s+μs subdomain, e.g., 1620027515-568043.qq.com
  random: add random subdomain lefzwnrq, e.g., lefzwnrq.qq.com
  dst-ip: add probe num + src ip, e.g., 1.1-2-3-4.qq.com
recurse: recurse, no-recurse
  recurse: recursive query
  no-recurse: non-recursive query
input_src: text, file
  text: like A,qq.com;AAAA,qq.com
  file: each line is like a text
type: A, NS, CNAME, SOA, PTR, MX, TXT, AAAA, RRSIG, ANY, SIG,
  SRV, DS, DNSKEY, TLSA, SVCB, HTTPS, CAA, and HTTPSSVC
query: A,qq.com;AAAA,qq.com
Examples:
 --probe-args="raw/time/random:recurse/no-recurse:text:type,query"
 --probe-args="raw/time/random:recurse/no-recurse:file:file_name"
 --probe-args="str:SomeText:recurse/no-recurse:text:type,query"
 --probe-args="str:SomeText:recurse/no-recurse:file:file_name"
 --probe-args="dst-ip:recurse/no-recurse:text:type,query"
 --probe-args="dst-ip:recurse/no-recurse:file:file_name"

Usage Examples

  1. Query qq.com A targeting 8.8.8.8:

xmap -4 -x 32 -p 53 -M dnsx -O json --output-fields="*" --output-filter="success = 1 || success = 0" -P 1 --probe-args="raw:recurse:text:A,qq.com" -R 1000 -o result.txt 8.8.8.8

  1. Query qq.com A and baidu.com NS targeting 8.8.8.8:

xmap -4 -x 32 -p 53 -M dnsx -O json --output-fields="*" --output-filter="success = 1 || success = 0" -P 2 --probe-args="raw:recurse:text:A,qq.com;NS,baidu.com" -R 1000 -o result.txt 8.8.8.8

  1. Query each domain from a domain.txt targeting all IPs from a ip.txt:

xmap -4 -x 32 -p 53 -M dnsx -O json --output-fields="*" --output-filter="success = 1 || success = 0" -P domain_number --probe-args="raw:recurse:file:domain.txt" -R 1000 -o result.txt -I ip.txt

Note: Each line in domain.txt is in the form like A,qq.com and -P domain_number = the number of domains.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0