Skip to content
/ dns-zone-transfer-test Public

Automates Domain Name System (DNS) zone transfer testing. Checks for CVE-1999-0532 by automatically finding a given domains nameservers, and tests for zone transfers, if successful, subdomains are printed to standard output.

License

LGPL-2.1 license
3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Rodney-O-C-Melby/dns-zone-transfer-test

BranchesTags

Repository files navigation

DNS Zone Transfer Test

Automates Domain Name System (DNS) zone transfer testing.

Automatically finds a given domains nameservers, and tests for zone transfers, if successfully, identified A records are printed to standard output.

Usage

dztt zonetransfer.me
dztt -f domains.txt
dztt -n 1.1.1.1 zonetransfer.me

Requirements

git >= 2.36.0
python >= 3.9
pip >= 20.3.4

Use without System Installation

Ensure system packages in requirements are installed, Download the repository.

sudo pacman -Syu git python pip | sudo apt install git python pip
git clone https://github.com/Rodney-O-C-Melby/zone-transfer-tester.git

Install pip dependancies, and run program.

pip install dnspython
python dns-zone-transfer-test/src/dns-zone-transfer-test/dztt

Or create a virtual enviroment, install pip dependancies into virtual enviroment, run program from virtual enviroment.

python -m venv test
test/bin/pip install dnspython
test/bin/python dns-zone-transfer-test/src/dns-zone-transfer-test/dztt

System Installation of dztt

Download the repository change to the relevant directory, and install the PIP package.

git clone https://github.com/Rodney-O-C-Melby/zone-transfer-tester.git  
cd dns-zone-transfer-test
pip install .

Then add the python scripts directory to your PATH environment variable.

python get_scripts_path.py

Add the output to PATH or only use dztt within this directory using:

python src/dns-zone-transfer-test/dztt

Help

usage: dztt [-h] [-f FILE] [-n NAMESERVER] target

DNS Zone Transfer Test: dztt tests IP's or domains for zone transfers. (XFR)

positional arguments:
  target                Target IP or Domain name to test

options:
  -h, --help            show this help message and exit
  -f FILE, --file FILE  file of domain names to test, one per line
  -n NAMESERVER, --nameserver NAMESERVER
                        DNS IP for target DNS query, defaults to local DNS

### EXAMPLES ###
dztt  
dztt zonetransfer.me
dztt -f domains.txt  
dztt -n 1.1.1.1 zonetransfer.me  
dztt -f domains.txt -n 1.1.1.1

Output

A domain that is vulnerable to zone transfers will print the following message to standard out, and print each identified subdomain.

zonetransfer.me is VULNERABLE to DNS Zone Transfers!!!  
Found 34 subdomains at zonetransfer.me

A domain that is not vulnerable to zone transfers will print the following message to standard out.

nmap.org is SECURE against DNS Zone Transfers :-)

or

nmap.org is VERY SECURE against DNS Zone Transfers :-)

Input

Accepts a file containing domain names to test, one per line.

dztt -f domains.txt

PIP Requirements

dnspython >= 2.2.1

About

Automates Domain Name System (DNS) zone transfer testing. Checks for CVE-1999-0532 by automatically finding a given domains nameservers, and tests for zone transfers, if successful, subdomains are printed to standard output.

Resources

Readme

License

LGPL-2.1 license
Activity

Stars

3 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases 1

DZTT version 1.0 Latest
May 2, 2022

Packages

No packages published

Languages