다운주소 : http://www.txdns.net/bin/txdns-r-2.1.5.zip
By ‘digging’, you are querying DNS name servers for information about host addresses, mail exchanges, name servers, and related information. You might think where can I use DNS digging and the information gained thereafter. Here are the possible uses for the same-
Fill the reconnaissance gap left due to DNS servers hardening, as dns-zone transfers are much likely to fail.
Dig a given domain name for possible phishing variations based on common well-known typo algorithms and return dns queries on both used and not used names.
Stress-test DNS servers and check how it might act under such circumstances.
If you are interested in knowing more about ‘dig’, then you can check this page out.
Now, getting back to the point, TXDNS is a Win32 aggressive multithreaded DNS digger. Capable of placing, on the wire, thousands of DNS queries per minute. The main goal of TXDNS is to expose a domain namespace through a number of techniques:
Typos
TLD rotation
Dictionary attack
Brute force
<noscript></noscript>
TXDNS provides some cool options, such as:
Perform queries only for a given Resource Record type:
A, CNAME, HINFO, NS, TXT & SOA
Perform non-recursive queries.
Perform queries against a given DNS server.
An interesting page that might interest you is: http://80.247.230.136/dns.htm
==== 옵션 ==
TXDNS 2.1.5 (http://www.txdns.net) by Arley Silveira
Usage: [options] {target domain}
TYPO
-t, --typo Checks for missed, wrong, double and transposed
keystroke typos.
-rt, --rot-tld Rotate between IANA's top-level domains.
Ref: http://www.iana.org/cctld/cctld-whois.htm
http://www.iana.org/gtld/gtld.htm
DICTIONARY
-f[m], --wordlist <FILE> Perform dictionary attack using input FILE.
[-fm] will pre-load the file on memory.
This will improve performance w/ large files.
Parser will loop (0..9) when tag # is found.
Word 'web#' will render 'web0', 'web1'...'web9.'
Multiple tags like 'w#eb#' will be ignored.
BRUTE FORCE
-bb, --be-brute Perform brute-force lookup
--min Min brute string size. Defaults 1 (1-250)
--max Max brute string size. Defaults 4 (1-250)
--charset <TYPE> Specify charset to use. Defaults 1.
1 {a..z}, 2 {0..9} or 3 {a..z,0..9}
QUERY OPTIONS
-rr, --record <TYPE> Specify RR type to query for. Defaults 'A'.
A, CNAME, HINFO, MX, NS, SOA or TXT.
-n, --no-recur Forces DNS server to perform interactive query.
-s[l], --server <IP> Lookup against especified DNS server.
[-sl] Will use a list of servers from specified
file and round-robin queries between them.
-x, --threads <N> Defines how many threads will fire. Defaults 5.
<N> may have a min of 1 :-) and a max of 50.
-w, --wait <N> Force sleep of <N> seconds between queries.
--rnd Randomize sleep interval.
-cd, --countdown <N> Countdown <N> seconds before firing the job.
Defaults 5.
CLIENT/SERVER MODE
-c[r], --connect <IP> Connect on specified IP.
[-cr] Redirects server's output to the client.
-l, --listening Enter slave mode for incoming jobs.
--keep-alive Keeps listening for new jobs. Server only.
-p --port Port number to listen/connect. Defaults 5353.
..the following MUST MATCH on both client and server for authentication..
-k --key <STRING> Key to authenticate & encrypt the channel.
Key can be up to 32(256-bit) characters.
--clear Disable further channel encryption.
Key will be used only for authentication.
OUTPUT
-v, --verbose Tell me, tell me, tell me...
-i, --inverse Return failed queries.
-h, --hostlist <FILE> Generates file w/ host labels(leftmost part) of
all resolved names. If the file already exists
names will be appended to the end of the file.
If '-bb --brute' or '-f[m] --wordlist' is mixed
along with '-t --typo' or '-r --rot-tld'
many duplicates names may be found on the list.
Tip: You may further use this list as a
'-f[m] --wordlist' input file along with
'-s --server' and '--no-reverse' to lookup
against different name/cache servers.
MISC
-V, Version information.
-H, This help summary page.
Usage examples:
> txdns foo.com -rt -t -v -rr CNAME --countdown 0
> txdns foo.com -fm namelist.txt -rt -v -rr SOA -x 15
> txdns foo.com -bb --min 1 --max 9 --charset 3 -x 50
> txdns foo.com -bb --min 1 --max 3 -rt -sl dnslist.txt -x 50