xmap icon indicating copy to clipboard operation
xmap copied to clipboard

Published 20 hours ago verified publisher icon idealeer

DNS Probing Module

Open idealeer opened this issue 1 year ago • 2 comments

Help

Type xmap -4 -h -M dnsx -O json to show the help information.

This module sends out DNS queries and parses basic responses. By default, the module performs an A record lookup for www.qq.com. You can specify other queries using the --probe-args argument in the form: label_type:input_src:type,query;type,query, e.g., raw:text:A,qq.com;NS,qq.com. The module supports sending the the following types of queries: A, NS, CNAME, SOA, PTR, MX, TXT, AAAA, RRSIG, ANY, SIG, SRV, DS, DNSKEY, TLSA, SVCB, HTTPS, CAA, and HTTPSSVC. The module will accept and attempt to parse all DNS responses. There is currently support for parsing out full data from A, NS, CNAME, MX, TXT, and AAAA. Query format: label_type:recurse:input_src:type,query;type,query Any other types will be output in raw form.  label_type: raw, str, time, random, dst-ip   raw: do nothing to the query domain, e.g., qq.com   str: add the 'str' subdomain www, e.g., www.qq.com   time: add the s+μs subdomain, e.g., 1620027515-568043.qq.com   random: add random subdomain lefzwnrq, e.g., lefzwnrq.qq.com   dst-ip: add probe num + src ip, e.g., 1.1-2-3-4.qq.comrecurse: recurse, no-recurse   recurse: recursive query   no-recurse: non-recursive query  input_src: text, file   text: like A,qq.com;AAAA,qq.com   file: each line is like a text  type: A, NS, CNAME, SOA, PTR, MX, TXT, AAAA, RRSIG, ANY, SIG,   SRV, DS, DNSKEY, TLSA, SVCB, HTTPS, CAA, and HTTPSSVCquery: A,qq.com;AAAA,qq.com Examples:  --probe-args="raw/time/random:recurse/no-recurse:text:type,query"  --probe-args="raw/time/random:recurse/no-recurse:file:file_name"  --probe-args="str:SomeText:recurse/no-recurse:text:type,query"  --probe-args="str:SomeText:recurse/no-recurse:file:file_name"  --probe-args="dst-ip:recurse/no-recurse:text:type,query"  --probe-args="dst-ip:recurse/no-recurse:file:file_name"

Usage Examples

  1. Query qq.com A targeting 8.8.8.8:

xmap -4 -x 32 -p 53 -M dnsx -O json --output-fields="*" --output-filter="success = 1 || success = 0" -P 1 --probe-args="raw:recurse:text:A,qq.com" -R 1000 -o result.txt 8.8.8.8

  1. Query qq.com A and baidu.com NS targeting 8.8.8.8:

xmap -4 -x 32 -p 53 -M dnsx -O json --output-fields="*" --output-filter="success = 1 || success = 0" -P 2 --probe-args="raw:recurse:text:A,qq.com;NS,baidu.com" -R 1000 -o result.txt 8.8.8.8

  1. Query each domain from a domain.txt targeting all IPs from a ip.txt:

xmap -4 -x 32 -p 53 -M dnsx -O json --output-fields="*" --output-filter="success = 1 || success = 0" -P domain_number --probe-args="raw:recurse:file:domain.txt" -R 1000 -o result.txt -I ip.txt

Note: Each line in domain.txt is in the form like A,qq.com and -P domain_number = the number of domains.

idealeer avatar Oct 20 '22 01:10 idealeer