Logo

Nothing like 127.0.0.1

domRecon Tool

June 22nd, 2009 in Networking, Security

I have decided to port a script I done in C to PHP which I have made available online. I called it domRecon, it basically “hunts” for sub-domains for a domain that you provide.

It works by trying to get lucky by preforming a DNS zone transfer (AXFR) but on most domains this will fail. It will then use a list of about 2000 common sub-domain names and try see if it has a A record lookup on each sub-domain . Once that has finished it will scan 254 IP address (/24) of the networks looking for any more sub-domains.

A normal a complete scan would take about 20secs when checking 2000 sub-domains and scanning about 5 networks. However, large networks will take a lot longer. Status messages are displayed which will update you on the progress of the scan.

You can use the script by going to the following URL:
domrecon.jayscott.co.uk

← Star Article Vulnerability
AT&T / GAS Syntax SciTE →

3 Responses to “ domRecon Tool ”

  1. # 1 Jonathan Yarbor Says:
    May 2nd, 2010 at 5:02 pm

    Are you sharing the code you used to do this?

  2. # 2 ontak Says:
    June 10th, 2010 at 7:00 am

    how do use it?

  3. # 3 Jay Says:
    June 11th, 2010 at 5:44 pm

    Just type in the domain name @ http://domrecon.jayscott.co.uk that you want to find sub domains for.

Leave a Reply

  • Menu

    • Home
    • Security Advisories
    • Projects
    • Scripts
    • Docs

  • Tools

    • domRecon

  • Categories

    • Linux (3)
    • Networking (1)
    • Programming (1)
    • Security (5)

Jayscott.co.uk © 2010
Process in 28 queries. 0.297 seconds.