MassDNS is a high-performance DNS stub resolver designed for bulk lookups and reconnaissance in penetration testing scenarios. Its capability to handle thousands of queries per second makes it an invaluable tool for security researchers and network administrators.
Table of Contents
Features of MassDNS
- Highly efficient handling of large volumes of DNS queries
- Supports a wide range of DNS record types
- Flexible output format for easy integration with other tools
- Resilience to DNS-based rate limitations
Installation Steps
To install MassDNS, follow these steps:
1. Clone the repository from GitHub: git clone https://github.com/blechschmidt/massdns.git 2. Navigate to the MassDNS directory: cd massdns 3. Compile the source code: make
Usage Examples
Below are 20 distinct usage examples of MassDNS in various scenarios:
- Resolving a single domain:
./bin/massdns -r lists/resolvers.txt -q example.com
Output:
example.com. A 93.184.216.34
- Resolving multiple domains from a file:
./bin/massdns -r lists/resolvers.txt domains.txt
Output:
example.com. A 93.184.216.34 example.net. A 195.20.41.179
- Querying for MX (Mail Exchange) records:
./bin/massdns -r lists/resolvers.txt -t MX example.com
Output:
example.com. MX 10 mail.example.com.
- Specifying a custom output file:
./bin/massdns -r lists/resolvers.txt -o S results.txt domains.txt
Output: The output is saved to results.txt
- Performing a subdomain enumeration:
./bin/massdns -r lists/resolvers.txt -q -s subdomains.txt example.com
Output:
shop.example.com. A 93.184.216.45
- Resolving domains with wildcard filtering:
./bin/massdns -r lists/resolvers.txt -w resolved.txt --wildcard domains.txt
Output: The resolved domains without wildcarded responses will be in resolved.txt
- Using a SOCKS5 proxy for DNS queries:
./bin/massdns -r lists/resolvers.txt --socks5 127.0.0.1:9050 example.com
Output:
example.com. A 93.184.216.34
- Querying for TXT records:
./bin/massdns -r lists/resolvers.txt -t TXT example.com
Output:
example.com. TXT "v=spf1 -all"
- Bruteforcing subdomains using a wordlist:
./bin/massdns -r lists/resolvers.txt -q -s wordlist.txt example.com
Output: Outputs the subdomains found using the given wordlist
- Limiting the number of concurrent threads:
./bin/massdns -r lists/resolvers.txt -t A -c 100 example.com
Output:
example.com. A 93.184.216.34
- Resolving CNAME records:
./bin/massdns -r lists/resolvers.txt -t CNAME www.example.com
Output:
www.example.com. CNAME example.com.
- Reverse DNS lookup of an IP range:
./bin/massdns -r lists/resolvers.txt -t PTR 198.51.100.0/24
Output: Outputs PTR records for the IPs within the specified range
- Resolving names with a custom query timeout:
./bin/massdns -r lists/resolvers.txt -t A -o S --timeout 3 example.com
Output:
example.com. A 93.184.216.34
- Ignoring non-responsive resolvers:
./bin/massdns -r lists/resolvers.txt --ignore nonresponsive.txt example.com
Output:
example.com. A 93.184.216.34
- Querying for SRV records:
./bin/massdns -r lists/resolvers.txt -t SRV _sip._tcp.example.com
Output:
_sip._tcp.example.com. SRV 0 5 5060 sipserver.example.com.
- Resolving domains to IPv6 addresses:
./bin/massdns -r lists/resolvers.txt -t AAAA example.com
Output:
example.com. AAAA 2606:2800:220:1:248:1893:25c8:1946
- Checking DNSSEC validation:
./bin/massdns -r lists/resolvers.txt --dnssec example.com
Output: Outputs whether DNSSEC validation is in place for the domain
- Using a retry count for failed queries:
./bin/massdns -r lists/resolvers.txt -t A --retry 5 example.com
Output:
example.com. A 93.184.216.34
- Performing a zone transfer (AXFR):
./bin/massdns -r lists/resolvers.txt -t AXFR example.com
Output: Outputs the records obtained via AXFR, if successful
- Discovering subdomains with a dictionary attack:
./bin/massdns -r lists/resolvers.txt -q --flush dictionary.txt example.com
Output: Outputs discovered subdomains using the provided dictionary file
References
Conclusive Summary
MassDNS is a versatile DNS resolution tool that provides vast capabilities for handling DNS queries at scale. With the ability to process large lists of domains rapidly and support diverse DNS record types, it’s an essential tool for network reconnaissance and security research. This tutorial presented the core features of MassDNS, installation steps, and a series of examples to showcase its flexibility and power. Whether you’re performing targeted lookups or extensive subdomain enumeration, MassDNS can be tailored to fit your needs and enhance your workflow.