Description
dnscan is a fast, lightweight DNS scanner that performs wordlist-based subdomain brute forcing. It supports zone transfer attempts, subdomain brute forcing with concurrency, and outputs in multiple formats. Simple and effective for focused DNS enumeration.
Installation
BASH
git clone https://github.com/rbsec/dnscan.git
cd dnscan
pip3 install -r requirements.txtBasic Usage
BASH
# Brute force subdomains
python3 dnscan.py -d target.com -w subdomains.txt
# Zone transfer attempt
python3 dnscan.py -d target.com -z
# Recursive brute force
python3 dnscan.py -d target.com -w subdomains.txt -rAdvanced Usage
BASH
# Custom threads
python3 dnscan.py -d target.com -w subdomains.txt -t 32
# Specific DNS server
python3 dnscan.py -d target.com -w subdomains.txt -R 8.8.8.8
# Output to file
python3 dnscan.py -d target.com -w subdomains.txt -o results.txt
# Include TLD brute force
python3 dnscan.py -d target.com -w subdomains.txt -T
# No color output (for piping)
python3 dnscan.py -d target.com -w subdomains.txt -NCommon Workflows
BASH
# Quick zone transfer check
python3 dnscan.py -d target.com -z
# Thorough DNS brute force
python3 dnscan.py -d target.com -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -t 64 -o dns_results.txt
# Combine outputs
python3 dnscan.py -d target.com -w subdomains.txt -o results.txt && cat results.txt | httpx -silent