nsec3map
nsec3map copied to clipboard
anonion0
a tool to enumerate the resource records of a DNS zone using its DNSSEC NSEC or NSEC3 chain
Currently, the tool fails in case responses are truncated. Therefore, this commit adds support for falling back to TCP. `artcom.de` and `defcon.org` are examples of zones that are now walkable...
It's impossible for NSEC zones, but there is a neat and super-fast trick for NSEC3-signed zones! https://blog.apnic.net/2017/03/10/surprising-connection-hyperloglog-dnssec-nsec3/ C++ implementation: https://github.com/ahupowerdns/pdns/blob/dnssecmeasure/pdns/dnssecmeasure.cc
Given that most zones usually only change slightly when they are updated, it could be interesting to record the query that yielded any given NSEC3 record, so when restarting a...
It would be nice if the status line could indicate the number of still open gaps in the zone coverage (their total size is indirectly given by the coverage percentage)....
Another similar project has detection for white/black lies which nsec3map doesn't seem to have https://github.com/Harrison-Mitchell/NSEC-3-Walker/blob/main/nsec-walker.py#L113 With nsec3map we get "hit an existing owner name" over and over and nothing happens,...
