A free web tool which checks your domain's servers for common DNS and mail errors and generates a report with explanations how to fix them.
Has an RSS feed.
DNS Reaper is yet another sub-domain takeover tool, but with an emphasis on accuracy, speed and the number of signatures in our arsenal!
We can scan around 50 subdomains per second, testing each one with over 50 takeover signatures. This means most organisations can scan their entire DNS estate in less than 10 seconds.
Currently only supports Route53, Cloudflare, and Azure.
A simple-to-use network-wide ad- and tracking blocking system. Set up something like a single-board computer (a spare RasPi or old laptop is fine), run the script, and it converts it into a DNS-level adblocking system. Then configure your local router to use it as its upstream DNS instead of your ISP. Has an easy to use and interpret dashboard. Also has a REST API but I haven't experimented with it yet.
A blocklist for QAnon, conspiracy, fake news, nazi websites for multiple applications, including web browser adblockers, DNSes, and even /etc/hosts. It looks like the lists (which are substantially identical in content) could be used to compile a database of known-bad domains. IPv4 and IPv6 supported.
doggo is a modern command-line DNS client (like dig) written in Golang. It outputs information in a neat concise manner and supports protocols like DoH, DoT and DNSCrypt as well. It's totally inspired from dog which is written in Rust. I wanted to add some features to it but since I don't know Rust, I found it as a nice opportunity to experiment with writing a DNS Client from scratch. Human-readable output, optional JSON output. Multiple transport protocols. Supports multiple resolvers at once, IPv4 and IPv6 simultaneously.
In the AUR.
Technitium DNS Server is an open source authoritative as well as recursive DNS server that can be used for self hosting a DNS server for privacy & security. It works out-of-the-box with no or minimal configuration and provides a user friendly web console accessible using any modern web browser. Implements not only ad- and malware blocking but DNS-over-TLS and DNS-over-HTTPS. Authoritative server as well as recursive resolver. Implements HTTP and SOCKS5 proxy support for tunneling resolution requests through Tor as well as proxy servers.
Written in Csharp. :(
When performing passive recon on a target, there are dozens of tools we can use to gather various pieces of intel on our target. This tool will allow us to parse these utilities easily.
Transparent domain information, from AAAA records to WHOIS. Free DNS record, IP address hostname, and WHOIS lookups.
Reproducibly verify assumptions about your network: DNS, available hosts, open ports, TLS configuration; nmap, testssl, and dig/kdig in an Ansible-shaped trench coat.
Rysiek calls it a poor being's personal SHODAN.
Blocky is a DNS proxy for the local network written in Go with following features:
Blocking of DNS queries with external lists (Ad-block) with whitelisting
Definition of black and white lists per client group (Kids, Smart home devices etc) -> for example: you can block some domains for you Kids and allow your network camera only domains from a whitelist
periodical reload of external black and white lists
blocking of request domain, response CNAME (deep CNAME inspection) and response IP addresses (against IP lists)
Caching of DNS answers for queries -> improves DNS resolution speed and reduces amount of external DNS queries
Custom DNS resolution for certain domain names
Serves DNS over UDP, TCP and HTTPS (DNS over HTTPS, aka DoH)
Supports UDP, TCP and TCP over TLS DNS resolvers with DNSSEC support
Supports DNS over HTTPS (DoH) resolvers
An organization of hobbyists who run an alternative DNS network, also provides access to domains not administered by ICANN.
Free service that gives wildcard DNS for anybody for free. Including RFC-1918 IP's. Pretty cool how they did it. Software is an add-on for PowerDNS.
An OSINT collection utility which gathers information about domains. Hunts for subdomains, searches SHODAN for hits, grabs banners and headers, web UI. Don't know if there's an API yet.
Bot that can be joined to the Mastodon network. Listens for people to send DNS resolution requests to it, sends back the canonical replies.
A website that can extract many different sorts of information pertaining to IP addresses and networks, least of all querying several dozen blacklists to see if an address has been flagged as a spammer's.
A utility that digs through DNS domain records to find things that aren't obvious, such as subdomains, hostnames with more than one kind of record associated with them, and IP address range calculation. It even Google scrapes to gather intelligence.
Enter an IP address, get a four little words-compatible hostname. Does the reverse, also.