altdns
Subdomain discovery tool that generates altered and mutated potential subdomains from known subdomains and wordlists for DNS bruteforcing.
Description
Altdns is a DNS reconnaissance tool designed for discovering subdomains that follow specific patterns. It takes two inputs: a list of known subdomains for a target domain and a wordlist containing potential subdomain components like 'test', 'dev', or 'staging'.
The tool generates a massive list of potential subdomains by combining and permuting the input data, creating 'altered' or 'mutated' subdomain variations. This output can then be fed into DNS bruteforcing tools to validate which subdomains actually exist.
Altdns is particularly useful in the early stages of reconnaissance when mapping a target's attack surface through subdomain enumeration. It helps uncover hidden infrastructure that follows predictable naming conventions.
How It Works
Altdns operates by taking a list of discovered subdomains and a wordlist of common subdomain prefixes/suffixes. It systematically generates permutations by replacing, prepending, and appending wordlist entries to base subdomains, creating potential subdomain variants. These can optionally be resolved via DNS queries to filter valid entries. The tool leverages python3-dnspython for DNS operations and supports multithreading for efficient resolution.
Installation
sudo apt install altdnsFlags
Examples
altdns -haltdns -i subdomains.txt -o output.txt -w wordlist.txtaltdns -i known.txt -o mutated.txt -w common_words.txt -raltdns -i subs.txt -o results.txt -w words.txt -naltdns -i input.txt -o output.txt -w dict.txt -r -t 50altdns -i discovered.txt -o bruteforce.txt -w permutations.txt