dnspy is a tool designed to find subdomains and detect potential subdomain takeovers through automated scanning and analysis.
Find subdomains and takeovers.
This tool is primarily used by security researchers and vulnerability management teams to identify subdomains that may be vulnerable to takeover attacks. It automates the process of gathering subdomains, resolving DNS records, and interpreting results to highlight possible takeover risks, helping organizations proactively secure their external assets.
Ensure massdns is installed on your system before running the resolver daemon. It is recommended to run the daemons on a dedicated server with a stable internet connection and use terminal multiplexers like screen or tmux to keep processes running in the background. Always perform manual verification of flagged subdomains before reporting, as the tool provides heuristic-based results with varying confidence levels.
git clone https://github.com/gwen001/dnspy
cd dnspy
pip3 install -r requirements.txt./daemon_grabber.py
Runs the grabber daemon which executes the subdomain grabbing bash script and feeds the resolver queue.
./daemon_resolver.py
Runs the resolver daemon which uses massdns to resolve subdomains and feeds the interpreter queue.
./daemon_interpreter.py
Runs the interpreter daemon that analyzes massdns output to detect subdomain takeovers.
interpreter.py [-h] [-s SOURCE] [-f FINGERPRINTS] [-r] [-v VERBOSE]
Manually run the interpreter script to check for subdomain takeovers with options for source file, fingerprints, re-resolving, and verbosity.
qinterpreter2.sh
Manually launch the interpreter with enhanced output formatting and fingerprint customization.