Home

Awesome

permDNS - Subdomain discovery through alterations and permutations

permDNS is a a rewrite of the popular DNS recon tool altDNS by @infosec-au. It allows for the discovery of subdomains that conform to patterns. permDNS takes in words that could be present in subdomains under a domain (such as test, dev, staging) as well as takes in a list of subdomains that you know of.

From these two lists that are provided as input to permDNS, the tool then generates a massive output of "altered" or "mutated" potential subdomains that could be present. It saves this output so that it can then be used by your favourite DNS bruteforcing tool.

Alternatively, the -r flag can be passed to permDNS so that once this output is generated, the tool can then resolve these subdomains (multi-threaded) and save the results to a file.

permDNS works best with large datasets. Having an initial dataset of 200 or more subdomains should churn out some valid subdomains via the alterations generated.

Installation

pip install -r requirements.txt

Usage

# ./permDNS.py -i subdomains.txt -o data_output -w words.txt -r -s results_output.txt

Screenshots

<img src="https://i.imgur.com/fkfZqkl.png" width="600px"/> <img src="https://i.imgur.com/Jyfue26.png" width="600px"/>