Information Gatheringsubdomaindiscoverydnsreconbruteforce

altdns

Subdomain discovery tool that generates altered and mutated potential subdomains from known subdomains and wordlists for DNS bruteforcing.

Description

Altdns is a DNS reconnaissance tool designed for discovering subdomains that follow specific patterns. It takes two inputs: a list of known subdomains for a target domain and a wordlist containing potential subdomain components like 'test', 'dev', or 'staging'.

The tool generates a massive list of potential subdomains by combining and permuting the input data, creating 'altered' or 'mutated' subdomain variations. This output can then be fed into DNS bruteforcing tools to validate which subdomains actually exist.

Altdns is particularly useful in the early stages of reconnaissance when mapping a target's attack surface through subdomain enumeration. It helps uncover hidden infrastructure that follows predictable naming conventions.

How It Works

Altdns operates by taking a list of discovered subdomains and a wordlist of common subdomain prefixes/suffixes. It systematically generates permutations by replacing, prepending, and appending wordlist entries to base subdomains, creating potential subdomain variants. These can optionally be resolved via DNS queries to filter valid entries. The tool leverages python3-dnspython for DNS operations and supports multithreading for efficient resolution.

Installation

bash

sudo apt install altdns

Flags

-i, --inputList of subdomains input

-o, --outputOutput location for altered subdomains

-w, --wordlistList of words to alter the subdomains with

-r, --resolveResolve all altered subdomains

-n, --add-number-suffixAdd number suffix to every domain (0-9)

-e[...more flags — see man page...]

-d DNSSERVER[...more flags — see man page...]

-s SAVE[...more flags — see man page...]

-t THREADS[...more flags — see man page...]

Examples

Show help message and usage information

altdns -h

Generate altered subdomains from input subdomain list and wordlist, save to output file

altdns -i subdomains.txt -o output.txt -w wordlist.txt

Generate and resolve altered subdomains using DNS queries

altdns -i known.txt -o mutated.txt -w common_words.txt -r

Generate subdomains with number suffixes (0-9) added to each domain

altdns -i subs.txt -o results.txt -w words.txt -n

Generate and resolve subdomains using 50 threads for faster DNS resolution

altdns -i input.txt -o output.txt -w dict.txt -r -t 50

Create large permutation list for subsequent DNS bruteforcing with other tools

altdns -i discovered.txt -o bruteforce.txt -w permutations.txt

Updated 2026-04-16kali.org ↗