Takemeon

Here is a small tool to make your life a little more easier.

https://github.com/MilindPurswani/takemeon

Ofter while subdomain enumeration, there is a whole class of subdomains that gets totally ignored when an nxdomain is encountered. But what is nxdomain? NXDOMAIN stands for Non-existing Internet domains. This means that the domain simply doesn’t exist on the internet. We can typically check for that using the following command:

$ nslookup test.milindpurswani.com
Server:         8.8.8.8
Address:        8.8.8.8#53

** server can't find test.milindpurswani.com: NXDOMAIN

$ host test.milindpurswani.com
Host test.milindpurswani.com not found: 3(NXDOMAIN)

But does this mean that there is nothing here? Subdomain scanners usually give up when they encounter nxdomain. However, in my cloudflare settings, I have a CNAME that looks something like this:

RACE

This is where takemeon comes into light. This tool will simply list if there are any hidden domains behind the nxdomain. Unlike traditional tools, which go all the way upto the last domain and then throw error, this dns library enables us to get such domains.

Installation

You can simply install this tool by issuing following command.

$ go get -u github.com/milindpurswani/takemeon

Ofcourse a standard installation of go is required here. Moreover, you need to set your $GOPATH variable for this to work as intended.

Usage Guidelines:

Currently, this tool can only be used with stdin as input. So run it something like this:

$ cat test.txt | takemeon 
test.milindpurswani.com | totallynonexistingdomain.com
test3.milindpurswani.com | totallynonexistingdomain.com

It will use your system’s dns configuration /etc/resolv.conf.

However, it is preferable that you manually specify the dns server using -mdns flag. That will decrease an extra overhead of reading the system’s configuration file while running it for each iteration. Moreover, by manually specifying the flags, you can actually query for the dns names from different dnsservers. This increases the chances of finding a dandling nxdomain hidden behind a subdomain.

Preferred Usage:

$ cat test.txt | takemeon -mdns 8.8.8.8
test.milindpurswani.com | totallynonexistingdomain.com
test3.milindpurswani.com | totallynonexistingdomain.com

I hope you guys liked it. Do let me know in the comments how you felt or if you have any doubts, DM me on twitter on Milind Purswani or @panda0nair.

Thanks,

Milind Purswani

PREVIOUSRace Conditions - Exploring the Possibilities

NEXTRevolutionizing Cybersecurity: A Deep Dive into Innovative Attack Surface Management