DNSx - A Fast And Multi-Purpose DNS Toolkit Allow To Run Multiple DNS Queries Of Your Choice With A List Of User-Supplied Resolvers

dnsx is a fast and multi-purpose DNS toolkit allow to run multiple probers using retryabledns library, that allows you to perform multiple DNS queries of your choice with a list of user supplied resolvers.

dnsx is successor of dnsprobe that includes new features, multiple bugs fixes, and tailored for better user experience, few notable flags are resp and resp-only that allows to control and print the exact information you are looking for.

We also ported DNS wildcard filtering feature to dnsx from shuffledns as a standalone support.

Features

• Simple and Handy utility to query DNS records.
• Supports A, AAAA, CNAME, PTR, NS, MX, TXT, SOA
• Handles wildcard subdomains in automated way.
• Optimized for ease of use.
• Stdin andstdout support to work with other tools.

Usage

dnsx -h

This will display help for the tool. Here are all the switches it supports.

Flag	Description	Example
a	Query A record	dnsx -a
aaaa	Query AAAA record	dnsx -aaaa
cname	Query CNAME record	dnsx -cname
ns	Query NS record	dnsx -ns
ptr	Query PTR record	dnsx -ptr
txt	Query TXT record	dnsx -txt
mx	Query MX record	dnsx -mx
soa	Query SOA record	dnsx -soa
raw	Operates like dig	dnsx -raw
l	File input list of subdomains/host	dnsx -l list.txt
json	JSON output	dnsx -json
r	File or comma separated resolvers	dnsx -r 1.1.1.1
rl	Limit of DNS request/second	dnsx -rl 100
resp	Display response data	dnsx -cname -resp
resp-only	Display only response data	dnsx -cname resp-only
retry	Number of DNS retries	dnsx -retry 1
silent	Show only results in the output	dnsx -silent
o	File to write output to (optional)	dnsx -o output.txt
t	Concurrent threads to make	dnsx -t 250
verbose	Verbose output	dnsx -verbose
version	Show version of dnsx	dnsx -version
wd	Wildcard domain name for filtering	dnsx -wd example.com
wt	Wildcard Filter Threshold	dnsx -wt 5

Installation Instructions

From Source

The installation is easy. You can download the pre-built binaries for your platform from the Releases page. Extract them using tar, move it to your $PATHand you’re ready to go.

Download latest [binary](<https://www.kitploit.com/search/label/Binary> "binary" ) from https://github.com/projectdiscovery/dnsx/releases  
  
▶ tar -xvf dnsx-linux-amd64.tar  
▶ mv dnsx-linux-amd64 /usr/local/bin/dnsx  
▶ dnsx -h

From Source

dnsx requiresgo1.14+ to install successfully. Run the following command to get the repo -

▶ GO111MODULE=on go get -u -v github.com/projectdiscovery/dnsx/cmd/dnsx

From Github

▶ git clone https://github.com/projectdiscovery/dnsx.git; cd dnsx/cmd/dnsx; go build; mv dnsx /usr/local/bin/; dnsx -version

Running dnsx

dnsx can be used to filter dead records from the list of passive subdomains obtained from various sources, for example:-

▶ [subfinder](<https://www.kitploit.com/search/label/Subfinder> "subfinder" ) -silent -d hackerone.com | dnsx  
  
      _             __  __  
   __| | _ __   ___ \ \/ /  
  / _' || '_ \ / __| \  /   
 | (_| || | | |\__ \ /  \  
  \__,_||_| |_||___//_/\_\ v1.0  
  
    projectdiscovery.io  
  
[WRN] Use with caution. You are responsible for your actions  
[WRN] Developers assume no liability and are not responsible for any misuse or damage.  
  
a.ns.hackerone.com  
www.hackerone.com  
api.hackerone.com  
docs.hackerone.com  
mta-sts.managed.hackerone.com  
mta-sts.hackerone.com  
resources.hackerone.com  
b.ns.hackerone.com  
mta-sts.forwarding.hackerone.com  
events.hackerone.com  
support.hackerone.com

dnsx can be used to extractA records for the given list of subdomains, for example:-

▶ subfinder -silent -d hackerone.com | dnsx -silent -A -resp  
  
a.ns.hackerone.com [162.159.0.31]  
b.ns.hackerone.com [162.159.1.31]  
mta-sts.hackerone.com [185.199.108.153]  
events.hackerone.com [208.100.11.134]  
mta-sts.managed.hackerone.com [185.199.108.153]  
resources.hackerone.com [52.60.160.16]  
resources.hackerone.com [52.60.165.183]  
www.hackerone.com [104.16.100.52]  
support.hackerone.com [104.16.53.111]

dnsx can be used to extractCNAME records for the given list of subdomains, for example:-

▶ subfinder -silent -d hackerone.com | dnsx -silent -cname -resp  
  
support.hackerone.com [hackerone.zendesk.com]  
resources.hackerone.com [read.uberflip.com]  
mta-sts.hackerone.com [hacker0x01.github.io]  
mta-sts.forwarding.hackerone.com [hacker0x01.github.io]  
events.hackerone.com [whitelabel.bigmarker.com]

dnsx can be used to extract subdomains from given network range using PTR query, for example:-

mapcidr -cidr 173.0.84.0/24 -silent | dnsx -silent -resp-only -ptr  
  
cors.api.paypal.com  
trinityadminauth.paypal.com  
cld-edge-origin-api.paypal.com  
appmanagement.paypal.com  
svcs.paypal.com  
trinitypie-serv.paypal.com  
ppn.paypal.com  
pointofsale-new.paypal.com  
pointofsale.paypal.com  
slc-a-origin-pointofsale.paypal.com  
fpdbs.paypal.com

Wildcard filtering

A special feature of dnsx is its ability to handlemulti-level DNS based wildcardsand do it so with very less number of DNS requests. Sometimes all the subdomains will resolve which will lead to lots of garbage in the results. The waydnsx handles this is it will keep track of how many subdomains point to an IP and if the count of the Subdomains increase beyond a certain small threshold, it will check for wildcard on all the levels of the hosts for that IP iteratively.

dnsx -l airbnb-subs.txt -wd airbnb.com -o output.txt

**

Notes

**

• As default, dnsx checks forA record.
• As default dnsx uses Google, Cloudflare, Quad9 resolver.
• Domain name input is mandatory for wildcard elimination.
• DNS record flag can not be used when using wildcard filtering.

dnsx is made with



by the projectdiscovery team.

Download Dnsx