In the recon world, there are several techniques to obtain information about a domain, discover subdomains, and run vulnerability discovery and identification processes. Until today we had only focused on doing it passively, that is, we only used information collected from public and private APIs through Findomain + itself and third-party tools such as Amass and Subfinder.
Today we decided to include DNS permutations within our service.
Note: Black Friday deals are available! Check our deals.
How does it work?
After thoroughly investigating how DNS permutations work and seeing various tools like DNSGen and AltDNS, which are incredibly efficient and good at their work, but we still felt that some things were missing as they generated invalid subdomains, for example, testing..example.com, .testing..example.com and others, we decided to write our own permutations generator and based on a list of words configurable by the user we generate as many permutations as possible including second level permutations, that is, if the subdomain test.example.com is found as valid in the main permutations process, we will generate permutations on it as well.
We will include a list of default words, taken from these two repositories: DNSGen words.txt | AltDNS words.txt
Whats Next?
This does not end here, we are implementing an engine that will be responsible for analyzing the data found for each domain, and based on the subdomain names most used by the company we will generate an additional list of more possible words.
Will the DNS permutations generation tool be open source?
Probably, when we consider that it is mature enough to be used worldwide.
We hope you enjoy it! If you have any questions or ideas Email us, send us a Twitter DM, or chat with us on Discord. Check out our Monitoring and vulnerability discovery service.
Regards,
Findomain Team
