Scan result difference and text output

Question

Scan result difference and text output

Vincent-Millane opened this issue 2 years ago · comments

Hello,

Thank you for your work.

I am testing dnscan to find some valid domains with all existing tlds.
But for domains that I checked by hand for which I found several hundred matches dnsscan found me only 16 with the command.

./dnscan.py -d example -R 1.1.1.1 -T --output example_domains.txt

then

with my DNS server (DNSSEC active)

 python3 dnscan.py -d google -R 127.0.0.1 -T --output google_domains.txt

 python3 dnscan.py -d google -R 1.1.1.1 -T --output google_domains.txt

I have 286 domains on the screen but the google_domains.txt file contains:

[] Processing domain google
[] Using specified resolvers: 1.1.1.1
[+] TLD Scan

With the command

 python3 dnscan.py -d google -R 1.1.1.1 -T > google_domains.txt

My file is well populated but with several line breaks like this
...
google.ac - ns1.google.com

google.af - ns1.google.com

google.aero - ns1.101domain.com

google.ad - ns1.google.com
...

NS outputs are not useful to me and will generate a workload.

What are the tips to understand to help me?
Thank you for your help.
__

rbsec · Answer 1 · Sun May 22 2022 01:46:30 GMT+0800 (China Standard Time)

Good spot, the TLD results are missing in the output. That should be fixed in 7839c2b.

Vincent Millane · Answer 2 · Sun May 22 2022 05:23:57 GMT+0800 (China Standard Time)

Thanks it works much better.

Except that I still have a scan problem, the script detects 18 tlds whereas by hand (1 by 1) being on a source that does not have all the tlds, I found 163 matching tlds.

An idea ?

Vincent Millane · Answer 3 · Sun May 22 2022 05:25:13 GMT+0800 (China Standard Time)

for extole...

rbsec · Answer 4 · Sun May 22 2022 05:44:15 GMT+0800 (China Standard Time)

Is this when you're running dnscan -T -d google, or some other command?

It's possible your traffic is getting dropped by the DNS server, so try reducing the threads with -t 2 and see if that makes any difference.

Vincent Millane · Answer 5 · Sun May 22 2022 06:29:39 GMT+0800 (China Standard Time)

I am trying
By the way, can dnscan detect tlds that are in "Pre-register" mode?
Do I count them since they can be in production at any time?
The difference could be explained as follows.

rbsec · Answer 6 · Sun May 22 2022 16:25:25 GMT+0800 (China Standard Time)

Dnscan looks to see if the domain has any NS records - because if it doesn't then it's not really usable on the public Internet. Of course, the fact that it has NS records doesn't necessarily mean that it has any A records, so you may get domains that don't resolve.

Vincent Millane · Answer 7 · Mon May 23 2022 03:13:04 GMT+0800 (China Standard Time)

I tested dnscan with different options with no better results.
I tested DNSrecon which gave me more results.
I documented myself on the Icann site which indicates that the sites are pre-reserved and will be allocated on a kind of fifo or auction between candidates.
If you have better information or utilities to share with me, I will be happy to hear from you.
My PM is on my profile.