Description
dnsReaper is a subdomain takeover detection tool that prioritizes accuracy and speed. It checks for dangling DNS records pointing to services that can be claimed by attackers (e.g., unconfigured S3 buckets, deprovisioned Azure services, deleted GitHub pages).
Installation
BASH
pip3 install dnsreaper
# Docker
docker pull punksecurity/dnsreaperBasic Usage
BASH
# Scan single domain
dnsreaper single --domain target.com
# Scan from file
dnsreaper file --filename subdomains.txtAdvanced Usage
BASH
# Custom threads
dnsreaper single --domain target.com --threads 50
# JSON output
dnsreaper single --domain target.com --out json --out-file results.json
# With subdomain enumeration
dnsreaper single --domain target.com --enumerate
# AWS credentials for verification
AWS_ACCESS_KEY_ID=xxx AWS_SECRET_ACCESS_KEY=xxx dnsreaper single --domain target.comCommon Workflows
BASH
# Full takeover scan pipeline
subfinder -d target.com -silent > subs.txt
dnsreaper file --filename subs.txt --threads 30 --out json --out-file takeover_results.json
# Continuous monitoring
dnsreaper single --domain target.com --enumerate --out json --out-file scan_$(date +%Y%m%d).json