Giters

idealeer / xmap

XMap is a fast network scanner designed for performing Internet-wide IPv6 & IPv4 network research scanning.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

DNS Probing Module

idealeer opened this issue · comments

commented

Help

Type xmap -4 -h -M dnsx -O json to show the help information.

This module sends out DNS queries and parses basic responses.
By default, the module performs an A record lookup for www.qq.com.
You can specify other queries using the --probe-args argument
in the form: label_type:input_src:type,query;type,query, e.g.,
raw:text:A,qq.com;NS,qq.com. The module supports
sending the the following types of queries: A, NS, CNAME, SOA, PTR,
MX, TXT, AAAA, RRSIG, ANY, SIG, SRV, DS, DNSKEY, TLSA, SVCB, HTTPS,
CAA, and HTTPSSVC. The module will accept and attempt
to parse all DNS responses. There is currently support for parsing
out full data from A, NS, CNAME, MX, TXT, and AAAA.
Query format: label_type:recurse:input_src:type,query;type,query
Any other types will be output in raw form.
label_type: raw, str, time, random, dst-ip
  raw: do nothing to the query domain, e.g., qq.com
  str: add the 'str' subdomain www, e.g., www.qq.com
  time: add the s+μs subdomain, e.g., 1620027515-568043.qq.com
  random: add random subdomain lefzwnrq, e.g., lefzwnrq.qq.com
  dst-ip: add probe num + src ip, e.g., 1.1-2-3-4.qq.com
recurse: recurse, no-recurse
  recurse: recursive query
  no-recurse: non-recursive query
input_src: text, file
  text: like A,qq.com;AAAA,qq.com
  file: each line is like a text
type: A, NS, CNAME, SOA, PTR, MX, TXT, AAAA, RRSIG, ANY, SIG,
  SRV, DS, DNSKEY, TLSA, SVCB, HTTPS, CAA, and HTTPSSVC
query: A,qq.com;AAAA,qq.com
Examples:
 --probe-args="raw/time/random:recurse/no-recurse:text:type,query"
 --probe-args="raw/time/random:recurse/no-recurse:file:file_name"
 --probe-args="str:SomeText:recurse/no-recurse:text:type,query"
 --probe-args="str:SomeText:recurse/no-recurse:file:file_name"
 --probe-args="dst-ip:recurse/no-recurse:text:type,query"
 --probe-args="dst-ip:recurse/no-recurse:file:file_name"

Usage Examples

  1. Query qq.com A targeting 8.8.8.8:

xmap -4 -x 32 -p 53 -M dnsx -O json --output-fields="*" --output-filter="success = 1 || success = 0" -P 1 --probe-args="raw:recurse:text:A,qq.com" -R 1000 -o result.txt 8.8.8.8

  1. Query qq.com A and baidu.com NS targeting 8.8.8.8:

xmap -4 -x 32 -p 53 -M dnsx -O json --output-fields="*" --output-filter="success = 1 || success = 0" -P 2 --probe-args="raw:recurse:text:A,qq.com;NS,baidu.com" -R 1000 -o result.txt 8.8.8.8

  1. Query each domain from a domain.txt targeting all IPs from a ip.txt:

xmap -4 -x 32 -p 53 -M dnsx -O json --output-fields="*" --output-filter="success = 1 || success = 0" -P domain_number --probe-args="raw:recurse:file:domain.txt" -R 1000 -o result.txt -I ip.txt

Note: Each line in domain.txt is in the form like A,qq.com and -P domain_number = the number of domains.