File tree 2 files changed +77
-6
lines changed
2 files changed +77
-6
lines changed Original file line number Diff line number Diff line change 1+ # ettu
2+
3+ ettu is a recursive DNS brute-forcer that tries to avoid dead-ends.
4+
5+ Like all tools in my hacks repo it's alpha-quality (at best) so you're
6+ likely to find rough edges. I'd still like to hear about issues with
7+ it though.
8+
9+ ## Install
10+
11+ ```
12+ go get -u github.com/tomnomnom/hacks/ettu
13+ ```
14+
15+ ## Usage
16+
17+ ```
18+ usage: ettu [--depth=<int>] <domain> [<wordfile>|-]
19+ ```
20+
21+ ### Examples
22+
23+ ```
24+ ▶ cat wordlist | ettu --depth=2 example.com
25+ ```
26+
27+ ```
28+ ▶ ettu example.com wordlist
29+ ```
30+
31+
32+ ## Dead-end Avoidance
33+
34+ Ordinarily if there are no records to return for a DNS name you might expect an ` NXDOMAIN ` error:
35+
36+ ```
37+ ▶ host four.tomnomnom.uk
38+ Host four.tomnomnom.uk not found: 3(NXDOMAIN)
39+ ```
40+
41+ You may have noticed that sometimes you get an empty response instead though:
42+
43+ ```
44+ ▶ host three.tomnomnom.uk
45+ ```
46+
47+ The difference in the latter case is often that another name - one that has your queried name as a suffix -
48+ exists and has records to return:
49+
50+ ```
51+ ▶ host one.two.three.tomnomnom.uk
52+ one.two.three.tomnomnom.uk has address 46.101.59.42
53+ ```
54+
55+ This difference in response can be used to help avoid dead-ends in recursive DNS
56+ brute-forcing by not recursing in the former situation:
57+
58+ ```
59+ ▶ echo -e "www\none\ntwo\nthree" | ettu tomnomnom.uk
60+ one.two.three.tomnomnom.uk
61+ ```
Original file line number Diff line number Diff line change 44 "bufio"
55 "flag"
66 "fmt"
7+ "io"
78 "net"
89 "os"
910 "sync"
@@ -13,21 +14,30 @@ func main() {
1314
1415 var depth int
1516 flag .IntVar (& depth , "depth" , 4 , "max recursion depth" )
17+ flag .IntVar (& depth , "d" , 4 , "max recursion depth" )
1618
1719 flag .Parse ()
1820
1921 suffix := flag .Arg (0 )
2022 wordListFile := flag .Arg (1 )
2123
22- if wordListFile == "" || suffix == "" {
23- fmt .Fprintln (os .Stderr , "usage: ettu [--depth=<int>] <domain> <wordfile>" )
24+ if suffix == "" {
25+ fmt .Fprintln (os .Stderr , "usage: ettu [--depth=<int>] <domain> [ <wordfile>|-] " )
2426 return
2527 }
2628
27- f , err := os .Open (wordListFile )
28- if err != nil {
29- fmt .Fprintf (os .Stderr , "failed to open word list: %s\n " , err )
30- return
29+ var f io.Reader
30+ var err error
31+
32+ // default to stdin for the wordlist
33+ f = os .Stdin
34+
35+ if wordListFile != "" && wordListFile != "-" {
36+ f , err = os .Open (wordListFile )
37+ if err != nil {
38+ fmt .Fprintf (os .Stderr , "failed to open word list: %s\n " , err )
39+ return
40+ }
3141 }
3242
3343 sc := bufio .NewScanner (f )
You can’t perform that action at this time.
0 commit comments