Skip to content

monji024/GhostDns

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

GhostDNS

  ██████╗ ██╗  ██╗ ██████╗ ███████╗████████╗██████╗ ███╗   ██╗███████╗
 ██╔════╝ ██║  ██║██╔═══██╗██╔════╝╚══██╔══╝██╔══██╗████╗  ██║██╔════╝
 ██║  ███╗███████║██║   ██║███████╗   ██║   ██║  ██║██╔██╗ ██║███████╗
 ██║   ██║██╔══██║██║   ██║╚════██║   ██║   ██║  ██║██║╚██╗██║╚════██║
 ╚██████╔╝██║  ██║╚██████╔╝███████║   ██║   ██████╔╝██║ ╚████║███████║
  ╚═════╝ ╚═╝  ╚═╝ ╚═════╝ ╚══════╝   ╚═╝   ╚═════╝ ╚═╝  ╚═══╝╚══════╝
  DNS Intelligence & Reconnaissance Framework — by monji024

DNS intelligence and active reconnaissance framework for security researchers and red teams.


Features

Passive Recon

  • Full DNS record enumeration (A, AAAA, MX, TXT, NS, CNAME, SOA, CAA, SRV)
  • SPF, DMARC, DKIM extraction and policy analysis
  • Infrastructure fingerprinting (Cloudflare, AWS, Azure, GCP, Fastly, Akamai, and more)
  • DNS hygiene and email security scoring (0–100)

Active Recon

  • Zone transfer attempt (AXFR) against all nameservers
  • Subdomain bruteforce with 60+ common names
  • Wildcard DNS detection
  • TLD enumeration (20+ TLDs)
  • Reverse DNS on discovered IPs
  • Port hints based on detected infrastructure

Analysis

  • Drift detection — compare scans over time
  • Detect added, removed, and modified records
  • Infrastructure DNA confidence scoring

Output

  • Terminal (ANSI colored, cyberpunk UI)
  • JSON export
  • Markdown report
  • HTML report

Installation

git clone https://github.com/monji024/GhostDns.git
cd GhostDns

chmod +x install.sh
chmod +x ghostdns.pl
./install.sh

Screenshot

GhostDNS

Requirements:

  • Perl 5.16+
  • Net::DNS
  • JSON::PP (included in Perl core since 5.14)

Usage

# Basic DNS recon
perl ghostdns.pl -d example.com

# Full offensive recon
perl ghostdns.pl -d example.com --brute --axfr --reverse --port-hint

# Stealth mode with custom resolver
perl ghostdns.pl -d example.com -r 1.1.1.1 --stealth

# Save state for drift tracking
perl ghostdns.pl -d example.com --save scan_jan.json

# Drift detection
perl ghostdns.pl -d example.com --drift scan_jan.json --save scan_feb.json

# Export all formats
perl ghostdns.pl -d example.com --json out.json --md out.md --html out.html

# TLD enumeration
perl ghostdns.pl -d example.com --enum-tld

# Wildcard detection
perl ghostdns.pl -d example.com --wildcard

Options

Flag Description
-d, --domain Target domain
-r, --resolver Custom DNS resolver (default: 8.8.8.8)
--drift <file> Compare against previous scan JSON
--json <file> Export to JSON
--md <file> Export to Markdown
--html <file> Export to HTML
--save <file> Save scan state
--stealth Slow down queries (IDS evasion)
--brute Bruteforce common subdomains
--axfr Attempt zone transfer
--enum-tld Enumerate TLD variations
--wildcard Detect wildcard DNS
--reverse Reverse DNS on discovered IPs
--port-hint Show likely open ports for detected infra
--no-color Disable ANSI colors
-v, --verbose Verbose output

Architecture

GhostDNS/
│
├── ghostdns.pl          
│
├── install.sh
├
├── analyzers/
│   ├── records.pm     
│   ├── dna.pm       
│   └── drift.pm         
│
├── core/
│   ├── dns.pm          
│   ├── score.pm       
│   └── report.pm        
│
└── README.md

Scoring

Category Weight Description
DNS Hygiene 35% A, AAAA, NS, SOA, CAA presence
Email Security 45% SPF policy strength, DMARC policy, DKIM
Infra Confidence 20% Number of detected infrastructure providers

Grades: A (80+) B (60+) C (40+) D (20+) F (<20)


Infrastructure Detection

Detects and fingerprints:

  • Cloudflare
  • Amazon AWS / CloudFront
  • Microsoft Azure / M365
  • Google Cloud / Workspace
  • Fastly CDN
  • Akamai
  • DigitalOcean
  • Hetzner
  • Shopify
  • SendGrid / Mailgun
  • Proofpoint / Mimecast
  • GitHub Pages / Vercel / Netlify

Roadmap

  • ASN lookup integration
  • Certificate transparency log search
  • Passive DNS history via API
  • DNSSEC validation check
  • Shodan/Censys IP enrichment
  • Multi-domain batch mode
  • Rate-limited recursive brute (deep mode)
  • WHOIS integration
  • Slack/webhook alerting for drift

Legal

This tool is intended for authorized security testing and research only. Do not use against systems you do not have permission to test.


GhostDNS — by monji024

About

DNS Intelligence, Infrastructure Fingerprinting and Threat Visibility Toolkit.

Resources

License

Stars

7 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors