██████╗ ██╗ ██╗ ██████╗ ███████╗████████╗██████╗ ███╗ ██╗███████╗
██╔════╝ ██║ ██║██╔═══██╗██╔════╝╚══██╔══╝██╔══██╗████╗ ██║██╔════╝
██║ ███╗███████║██║ ██║███████╗ ██║ ██║ ██║██╔██╗ ██║███████╗
██║ ██║██╔══██║██║ ██║╚════██║ ██║ ██║ ██║██║╚██╗██║╚════██║
╚██████╔╝██║ ██║╚██████╔╝███████║ ██║ ██████╔╝██║ ╚████║███████║
╚═════╝ ╚═╝ ╚═╝ ╚═════╝ ╚══════╝ ╚═╝ ╚═════╝ ╚═╝ ╚═══╝╚══════╝
DNS Intelligence & Reconnaissance Framework — by monji024
DNS intelligence and active reconnaissance framework for security researchers and red teams.
Passive Recon
- Full DNS record enumeration (A, AAAA, MX, TXT, NS, CNAME, SOA, CAA, SRV)
- SPF, DMARC, DKIM extraction and policy analysis
- Infrastructure fingerprinting (Cloudflare, AWS, Azure, GCP, Fastly, Akamai, and more)
- DNS hygiene and email security scoring (0–100)
Active Recon
- Zone transfer attempt (AXFR) against all nameservers
- Subdomain bruteforce with 60+ common names
- Wildcard DNS detection
- TLD enumeration (20+ TLDs)
- Reverse DNS on discovered IPs
- Port hints based on detected infrastructure
Analysis
- Drift detection — compare scans over time
- Detect added, removed, and modified records
- Infrastructure DNA confidence scoring
Output
- Terminal (ANSI colored, cyberpunk UI)
- JSON export
- Markdown report
- HTML report
git clone https://github.com/monji024/GhostDns.git
cd GhostDns
chmod +x install.sh
chmod +x ghostdns.pl
./install.shRequirements:
- Perl 5.16+
Net::DNSJSON::PP(included in Perl core since 5.14)
# Basic DNS recon
perl ghostdns.pl -d example.com
# Full offensive recon
perl ghostdns.pl -d example.com --brute --axfr --reverse --port-hint
# Stealth mode with custom resolver
perl ghostdns.pl -d example.com -r 1.1.1.1 --stealth
# Save state for drift tracking
perl ghostdns.pl -d example.com --save scan_jan.json
# Drift detection
perl ghostdns.pl -d example.com --drift scan_jan.json --save scan_feb.json
# Export all formats
perl ghostdns.pl -d example.com --json out.json --md out.md --html out.html
# TLD enumeration
perl ghostdns.pl -d example.com --enum-tld
# Wildcard detection
perl ghostdns.pl -d example.com --wildcard| Flag | Description |
|---|---|
-d, --domain |
Target domain |
-r, --resolver |
Custom DNS resolver (default: 8.8.8.8) |
--drift <file> |
Compare against previous scan JSON |
--json <file> |
Export to JSON |
--md <file> |
Export to Markdown |
--html <file> |
Export to HTML |
--save <file> |
Save scan state |
--stealth |
Slow down queries (IDS evasion) |
--brute |
Bruteforce common subdomains |
--axfr |
Attempt zone transfer |
--enum-tld |
Enumerate TLD variations |
--wildcard |
Detect wildcard DNS |
--reverse |
Reverse DNS on discovered IPs |
--port-hint |
Show likely open ports for detected infra |
--no-color |
Disable ANSI colors |
-v, --verbose |
Verbose output |
GhostDNS/
│
├── ghostdns.pl
│
├── install.sh
├
├── analyzers/
│ ├── records.pm
│ ├── dna.pm
│ └── drift.pm
│
├── core/
│ ├── dns.pm
│ ├── score.pm
│ └── report.pm
│
└── README.md
| Category | Weight | Description |
|---|---|---|
| DNS Hygiene | 35% | A, AAAA, NS, SOA, CAA presence |
| Email Security | 45% | SPF policy strength, DMARC policy, DKIM |
| Infra Confidence | 20% | Number of detected infrastructure providers |
Grades: A (80+) B (60+) C (40+) D (20+) F (<20)
Detects and fingerprints:
- Cloudflare
- Amazon AWS / CloudFront
- Microsoft Azure / M365
- Google Cloud / Workspace
- Fastly CDN
- Akamai
- DigitalOcean
- Hetzner
- Shopify
- SendGrid / Mailgun
- Proofpoint / Mimecast
- GitHub Pages / Vercel / Netlify
- ASN lookup integration
- Certificate transparency log search
- Passive DNS history via API
- DNSSEC validation check
- Shodan/Censys IP enrichment
- Multi-domain batch mode
- Rate-limited recursive brute (deep mode)
- WHOIS integration
- Slack/webhook alerting for drift
This tool is intended for authorized security testing and research only. Do not use against systems you do not have permission to test.
GhostDNS — by monji024
