Overview
Ksubdomain is a stateless subdomain blasting tool, similar to stateless port scanning, supports fast DNS blasting on Windows/Linux/Mac, and has a retransmission mechanism, so you don’t have to worry about missing packets.
This tool can be use to perform subdomain enumeration, asynchronous dns packets, use pcap to scan 1600,000 subdomains in 1 second.
The src asset collection of hacking8 information flow https://i.hacking8.com/src/ uses ksubdomain.
Features and Tips
- Stateless blasting, with failure retransmission mechanism, extremely fast
- Chinese help, -h will see Chinese help
- Two modes, enumeration mode and verification mode, the enumeration mode has a built-in 10w dictionary
- Simplify the network parameters to -b parameters, enter your network download speed such as -b 5m, it will automatically limit the network card sending speed.
- You can use ./ksubdomain test to test the maximum number of local packets
- Obtaining the network card has been changed to fully automatic and can be read according to the configuration file.
- There will be a progress bar from time to time, showing success/send/queue/receive/failure/time-consuming information in sequence.
- For different scales of data, adjust the –retry –timeout parameters to get the best results
- When –retry is -1, it will keep retrying until all is successful.
Usage
To use this tool, just type this following command:
ksubdomain [global options] command [command options] [arguments…]
List of Commands:
enum (-e): enumerate domain namesverify (-v): verify modetest: tests the maximum sending speed of the local network cardhelp (-h): Shows a list of commands or help for one command
List of Tool Mode
- Verification Mode Provides a complete list of domain names, ksubdomain is responsible for quickly getting results
- Enumeration mode Provide only first-level domain names, specify a domain name dictionary or use the built-in dictionary of ksubdomain to enumerate all second-level domain names
Demo
Compared with massdns, dnsx
Use 100w dictionary, test in 4H5M network environment
| ksubdomain | massdns | dnsx | |
|---|---|---|---|
| Support system | Windows/Linux/Darwin | Windows/Linux/Darwin | Windows/Linux/Darwin |
| Features | Support for validation and enumeration | only verify | only verify |
| way of sending | pcap network card sending packets | epoll,pcap,socket | socket |
| Command Line | time ./ksubdomain v -b 5m -f d2.txt -o ksubdomain.txt -r dns.txt –retry 3 –np | time ./massdns -r dns.txt -t AAAA -w massdns.txt d2.txt –root -o L | time ./dnsx -a -o dnsx.txt -r dns.txt -l d2.txt -retry 3 -t 5000 |
| Remark | Added –np to prevent too much printing | ||
| result | Time consuming: 1m28.273s Number of successes: 1397 | Time spent: 3m29.337s Number of successes: 1396 | Time consuming: 5m26.780s Number of successes: 1396 |
ksubdomain only takes 1 minute and a half, which is much faster than massdns and dnsx~
