PitchHut logo
Scan domains like a pro with powerful DNS and security tools
Pitch

DNScanner automates DNS and security reviews for domains, providing a robust CLI interface, interactive menu, and an importable Python module. It's designed to be efficient and versatile, offering quick scans and in-depth analysis, ensuring safety and accuracy while integrating smoothly into broader tools.

Description

DNScanner is a comprehensive tool designed for automating DNS and security reviews of domains. Originally developed as a module for a larger OSINT and penetration testing framework, DNScanner can be utilized in three versatile ways:

  1. Command-Line Interface (CLI) - Use the dnscanner command or python3 start.py for quick scans.
  2. Interactive Menu - Run without arguments for a guided interface to facilitate various checks.
  3. Importable Python Module - Easily embed DNScanner into other tools, returning structured, JSON-serializable results.

Key Features

DNS and Resolution Checks

  • Query various DNS records including A, AAAA, MX, NS, CNAME, TXT, SOA, and CAA.
  • Perform thorough CAA and SOA parsing to assess Certificate Authority issuance policies and validate settings against RFC 1912.
  • Execute reverse DNS lookups and obtain WHOIS/RDAP records with key fields neatly normalized for easy analysis.
  • Implement IP geolocation to gather details about the country, city, and ISP/ASN.
  • Discover subdomains through both active (concurrent and wildcard-aware) and passive (crt.sh/CT logs) methods.

Security Posture Assessments

  • Evaluate email authentication mechanisms, including SPF, DMARC, and DKIM.
  • Examine DNSSEC status for security verification of domain responses.
  • Conduct zone transfer (AXFR) tests against nameservers.
  • Analyze TLS certificates for issuer information, expiry countdown, and Subject Alternative Names (SANs).
  • Inspect HTTP security headers and detect potential subdomain takeovers by comparing dangling CNAMEs to known service fingerprints.
  • Ensure cross-platform TCP reachability without requiring root/ICMP access.
  • All findings are properly tagged with severity levels (info/low/medium/high), accompanied by remediation suggestions and authoritative references from RFC or OWASP frameworks.

Additional Integration and Configuration

  • Offers two configurable scan profiles: standard for fast, target-specific scans, and extended for more in-depth analysis with additional checks.
  • A persisted configuration file allows users to customize checks, options, and supply environment-specific API keys effortlessly.
  • Supports output in JSON format, making it suitable for integration with other tools.
  • Generate customizable reports in HTML or PDF format for easy sharing and documentation.

Example Usage

Command line examples demonstrate simplified syntax:

# Quick review of basic checks:
python3 start.py -d example.com

# Extended scan for comprehensive data:
python3 start.py -d example.com -S

# Individual checks:
python3 start.py -d example.com --email  # Email checks
python3 start.py -d example.com --tls --http  # TLS and HTTP security headers

Interactive Menu

For a guided experience, run DNScanner with no arguments;

python3 start.py

This brings up an interactive menu for tailored scans across various parameters including active/passive checks, reachability, and export options.

As a Library

To use DNScanner within Python scripts:

from DNScanner import DNScanner

result = DNScanner("example.com").scan(
    checks=["records", "email", "dnssec", "tls", "http", "axfr"]
)

DNScanner is efficient, versatile, and user-friendly, making it an essential toolkit for security professionals engaged in domain assessments.

0 comments

No comments yet.

Sign in to be the first to comment.