Check subdomains for subdomain takeovers and other DNS tomfoolery

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for Aconite33 from gravatar.com Aconite33

Unverified details

These details have not been verified by PyPI
Project links
Meta
Report project as malware

Project description

BadDNS

Check subdomains for subdomain takeovers and other DNS tomfoolery

Ruff License tests codecov Pypi Downloads

BadDNS is a standalone tool and BBOT module for detecting domain/subdomain takeovers of all kinds, including other DNS issues like NSEC walks and Subdomain Takeovers.

Check out the introductory blog on the BLS substack!

Installation

We have a pypi package, so you can just do pip install baddns to make use of the library.

Or use pipx: pipx install git+https://github.com/blacklanternsecurity/baddns

Usage

After installing with pip, you can just run baddns from the command line.

usage: baddns [-h] [-n CUSTOM_NAMESERVERS] [-c CUSTOM_SIGNATURES] [-l] [-s] [-m MODULES] [-d] [-D] [target]

Check subdomains for subdomain takeovers and other DNS tomfoolery

positional arguments:
  target                subdomain to analyze

options:
  -h, --help            show this help message and exit
  -n CUSTOM_NAMESERVERS, --custom-nameservers CUSTOM_NAMESERVERS
                        Provide a list of custom nameservers separated by comma.
  -c CUSTOM_SIGNATURES, --custom-signatures CUSTOM_SIGNATURES
                        Use an alternate directory for loading signatures
  -l, --list-modules    List available modules and their descriptions.
  -s, --silent          Only show results, no other output (JSON format)
  -m MODULES, --modules MODULES
                        Comma separated list of module names to use. Ex: module1,module2,module3
  -d, --debug           Enable debug logging
  -D, --direct          Enable direct mode

Modules

Name Description
cname Check for dangling CNAME records and interrogate them for subdomain takeover opportunities
ns Check for dangling NS records, and interrogate them for takeover opportunities
mx Check for dangling MX records and assess their base domains for availability
nsec Enumerate subdomains by NSEC-walking
references Check HTML content for links or other references that contain a hijackable domain
txt Check TXT record contents for hijackable domains
zonetransfer Attempt a DNS zone transfer
dmarc Check for missing or misconfigured DMARC records
mta-sts Check for MTA-STS misconfigurations and dangling mta-sts subdomains
wildcard Check for wildcard DNS records that could enable domain-wide subdomain takeover
spf Check for missing or misconfigured SPF records and hijackable include/redirect domains

Examples

  • Simple check
baddns subdomaintocheck.example.com
  • Specify Module(s)
baddns -m CNAME subdomaintocheck.example.com
baddns -m CNAME,NS subdomaintocheck.example.com
  • List available Modules
baddns -l
  • Custom Nameservers
baddns -n 1.1.1.1 subdomaintocheck.example.com

Documentation

Please visit our full documentation for many more details, including information about specific BadDNS modules.

Acknowledgements

BadDNS Signatures are sourced primarily from Nuclei Templates and from dnsReaper by Punk Security, although many have been modified or updated in BadDNS. Much of the research contained in the signatures was originally discussed on the issues page of can-i-take-over-xyz.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for Aconite33 from gravatar.com Aconite33

Unverified details

These details have not been verified by PyPI
Project links
Meta

Release history Release notifications | RSS feed

2.3.0

This version

2.2.0

2.1.0

2.0.452

1.12.294

1.11.236

1.10.185

1.9.132

1.9.130

1.8.108

1.7.86

1.6.68

1.4.13

1.3.12

1.3.5

1.3.3

1.3.2

1.2.4

1.2.3

1.1.869

1.1.864

1.1.862

1.1.855

1.1.852

1.1.849

1.1.846

1.1.839

1.1.818

1.1.815

1.1.798

1.1.796

1.1.793

1.1.789

1.1.785

1.1.784

1.1.781

1.1.778

1.1.764

1.1.762

1.1.757

1.1.752

1.1.748

1.1.744

1.1.740

1.1.737

1.1.734

1.1.732

1.1.729

1.0.726

1.0.723

1.0.720

1.0.717

1.0.714

1.0.712

1.0.707

1.0.702

1.0.698

1.0.691

1.0.681

1.0.679

1.0.675

1.0.667

1.0.666

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

baddns-2.2.0.tar.gz (61.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

baddns-2.2.0-py3-none-any.whl (119.3 kB view details)

Uploaded Python 3

File details

Details for the file baddns-2.2.0.tar.gz.

File metadata

  • Download URL: baddns-2.2.0.tar.gz
  • Upload date:
  • Size: 61.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for baddns-2.2.0.tar.gz
Algorithm Hash digest
SHA256 b91be33ce3c8f0fec5d30480d6b653790c149c72bd6d523888cfcd99d096ed4b
MD5 6c8ecab5a87567b7d9f55e528efd83ef
BLAKE2b-256 13d1dbdcfd397364145ee4df69e7b55fd850b0ec6d60bf9ebb13e452659d478c

See more details on using hashes here.

File details

Details for the file baddns-2.2.0-py3-none-any.whl.

File metadata

  • Download URL: baddns-2.2.0-py3-none-any.whl
  • Upload date:
  • Size: 119.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for baddns-2.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 690d5fbe5ed95877738d2bf65a3d9038eb8cffbfc9039e2a6302f1c7998e208b
MD5 e9ff0d8c9be9d75a0376e180c4b641e1
BLAKE2b-256 723c11cb2f2d26f66c0391399323c5e9b23892966b4727b7448e95fdfd2b2a42

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page