Make sure you have rust installed, then run the following command to install dnsresolver.
git clone https://github.com/ethicalhackingplayground/dnsresolver ; cd dnsresolver ; cargo install --path .
cat subs.txt | dnsresolver
If you need to resolve hosts with any ports, you can use the --ports
flag.
cat subs.txt | dnsresolver -p 443,80,8080,8081
First step would be to get all the unresolved hosts from a given domain list using:
cat subs.txt | dnsresolver --show-unresolved | anew unresolved.txt
Then, to discover all the virtual hosts from a given domain list,
you can use the --vhost
flag followed by the --vhost-file
flag.
dnsresolver aims to bypass access restrictions on certain pages. It does so by substituting the host header with unresolved domains and using the sift algorithm. This ensures that the virtual host's response differs from the actual response. Remember to raise the soft limit using the command ulimit -n 10000
to handle more files simultaneously.
cat subs.txt | dnsresolver --vhost --vhost-file unresolved.txt
To validate a finding run this curl command:
curl -v -k thehost.com -H "Host: unresolved-domain.com"
You can also use the --vhost
flag with the --check-localhost
flag to replace the host header with localhost, often times this allows you to access
restricted pages and can lead to some information disclosures and juicy admin panels.
cat subs.txt | dnsresolver --vhost --check-localhost
To validate a finding run this curl command:
curl -v -k thehost.com -H "Host: localhost"
If you have any feedback, please reach out to us at [email protected] or via twitter https://twitter.com/z0idsec