Awesome
hakrevdns
Small, fast, simple tool for performing reverse DNS lookups en masse.
You feed it IP addresses, it returns hostnames.
This can be a useful way of finding domains and subdomains belonging to a company from their IP addresses.
Installation
go install github.com/hakluke/hakrevdns@latest
Usage
The most basic usage is to simply pipe a list of IP addresses into the tool, for example:
hakluke~$ prips 173.0.84.0/24 | hakrevdns
173.0.84.110 he.paypal.com.
173.0.84.109 twofasapi.paypal.com.
173.0.84.114 www-carrier.paypal.com.
173.0.84.77 twofasapi.paypal.com.
173.0.84.102 pointofsale.paypal.com.
173.0.84.104 slc-a-origin-pointofsale.paypal.com.
173.0.84.111 smsapi.paypal.com.
173.0.84.203 m.paypal.com.
173.0.84.105 prm.paypal.com.
173.0.84.113 mpltapi.paypal.com.
173.0.84.8 ipnpb.paypal.com.
173.0.84.2 active-www.paypal.com.
173.0.84.4 securepayments.paypal.com.
...
Parameters
hakluke~$ hakrevdns -h
Usage:
main [OPTIONS]
Application Options:
-t, --threads= How many threads should be used (default: 8)
-r, --resolver= IP of the DNS resolver to use for lookups
-R, --resolvers-file= File containing list of DNS resolvers to use for lookups
-U, --use-default Use default resolvers for lookups
-P, --protocol=[tcp|udp] Protocol to use for lookups (default: udp)
-p, --port= Port to bother the specified DNS resolver on (default: 53)
-d, --domain Output only domains
-h, --help Show help message
Help Options:
-h, --help Show this help message
New Flags
-U, --use-default:
When specified, this flag tells the program to use a predefined list of default DNS resolvers for lookups. This is useful for ensuring consistent DNS resolution across various environments, especially if no custom resolvers are provided.
-R, --resolvers-file:
This flag allows you to specify a file containing a list of custom DNS resolvers. Each line in the file should contain a single resolver IP address. If both -R and -r are provided, the resolver specified by -r is added to the list of resolvers from the file.
If you want to use a resolver not specified by your OS, say: 1.1.1.1, try this:
hakluke~$ echo "173.0.84.110" | hakrevdns -r 1.1.1.1
173.0.84.110 he.paypal.com.
If you wish to obtain only a list of domains without IP addresses, you can use -d
:
$ echo "173.0.84.110" | hakrevdns -d
This tool is designed to be easily piped into other tools, for example:
$ echo "173.0.84.110" | hakrevdns -d | httprobe
Contributors
- hakluke wrote the tool
- alphakilo added the option to use custom resolvers
- SaveBreach added the -d flag and cleaned up the code