Simple GoLang tool for domain recon.
The purpose of this tool is to provide fast overview of a target domain setup. Several active scanning techniques are employed for this purpose like DNS ping-pong, TLS certificate scraping, WHOIS banner parsing and more. Some tools on the other hand are not - intentionally (e.g. nmap, brute-force, search engines etc.). This is not a full-blown DNS enumerator, but rather something more unobtrusive and fast which can be deployed in long-term experiments with lots of targets.
Feature set:
- Resolves a given domain to all DNS records of interest
- Resolves a given domain to a set of WHOIS contacts (selected properties only)
- Resolves a given domain to a TLS certificate chain
- Supports automatic NS discovery with custom override
- Dissects domains from resolutions and resolves them recursively
- Unobtrusive human-readable CLI output as well as machine readable JSON
- Supports multiple domains on the input
- Colorized output
- Parses domains in HTTP headers
- Parses domains in Certificate Transparency logs
- Parses IPs found in SPF record
- Looks up BGP AS for each discovered IP
- Looks up GeoIP record for each discovered IP
- Attempts to detect DNS wildcards
- Supports graph output
go get github.com/netrixone/udig
dig := udig.NewUdig()
resolutions := dig.Resolve("example.com")
for _, res := range resolutions {
...
} +------------+
| |
+------+ Udig +-----------------------------------+
Delegates: | | | |
| +------------+ |
|* |*
+------------------+ +------------+
| DomainResolver | | IPResolver |
+----------------------> +------------------+ <------------------+ +------------+
| ^ ^ ^ | ^ ^
Implements: | +-----+ | | | | +-------+
| | | | | | |
+-------------+ +-------------+ +--------------+ +---------------+ +------------+ +-------------+ +---------------+
| DNSResolver | | TLSResolver | | HTTPResolver | | WhoisResolver | | CTResolver | | BGPResolver | | GeoipResolver |
+-------------+ +-------------+ +--------------+ +---------------+ +------------+ +-------------+ +---------------+
| | | | | | |
| | | | | | |
Produces: | | | | | | |
| | | | | | |
|* |* |* |* |* |* |*
+-----------+ +----------------+ +------------+ +--------------+ +-------+ +----------+ +-------------+
| DNSRecord | | TLSCertificate | | HTTPHeader | | WhoisContact | | CTLog | | ASRecord | | GeoipRecord |
+-----------+ +----------------+ +------------+ +--------------+ +-------+ +----------+ +-------------+
go get github.com/netrixone/udig/cmd/udig
make or make install
This will also download the latest GeoIP database (IPLocation-lite).
udig [-h|--help] [-v|--version] [-V|--verbose] [-s|--strict]
[-d|--domain "<value>"] [--ct:expired] [--ct:from "<value>"]
[--json]
ÜberDig - dig on steroids v1.5 by stuchl4n3k
Arguments:
-h --help Print help information
-v --version Print version and exit
-V --verbose Be more verbose
-s --strict Strict domain relation (TLD match)
-d --domain Domain to resolve
--ct:expired Collect expired CT logs
--ct:from Date to collect logs from. Default: 1 year ago (2022-11-10)
--json Output payloads as JSON objects
- https://github.com/akamensky/argparse - Argparse for golang
- https://github.com/miekg/dns - DNS library in Go
- https://github.com/domainr/whois - Whois client for Go
- https://github.com/ip2location/ip2location-go - GeoIP localization package. This product uses IP2Location LITE data available from https://lite.ip2location.com.
- https://www.team-cymru.com/IP-ASN-mapping.html - IP to ASN mapping service by Team Cymru
