DNSGen is a powerful and flexible DNS name permutation tool designed for security researchers and penetration testers. It generates intelligent domain name variations to assist in subdomain discovery and security assessments.

• 🔍 Smart domain name permutation engine
• 🚄 Fast generation mode for quick assessments
• 📝 Support for custom wordlists with comments
• 🎯 Intelligent word extraction from existing domains
• 🔧 Multiple permutation techniques
• 🌍 Cloud-aware patterns and modern naming conventions

# Using pip python -m pip install dnsgen # Using uv (recommended for development) git clone https://github.com/AlephNullSK/dnsgen cd dnsgen/ python -m pip install uv uv sync

# Basic domain permutation dnsgen domains.txt # With custom wordlist and output file dnsgen -w custom_wordlist.txt -o results.txt domains.txt # Using fast mode for quick assessment dnsgen -f domains.txt # Pipe with massdns for resolution cat domains.txt | dnsgen - | massdns -r resolvers.txt -t A -o J --flush 2>/dev/null

DNSGen 2.0 implements multiple sophisticated permutation techniques:

1. Word Insertion

   • Inserts words between domain levels
   • Example: api.example.com → staging.api.example.com

2. Number Manipulation

   • Intelligently modifies existing numbers
   • Example: api2.example.com → api1.example.com, api3.example.com

3. Word Affixing

   • Prepends/appends words to levels
   • Example: api.example.com → devapi.example.com, api-dev.example.com

4. Cloud Provider Patterns

   • Adds cloud-specific naming patterns
   • Example: example.com → api-aws.example.com, storage-azure.example.com

5. Region Prefixes

   • Adds geographical region patterns
   • Example: api.example.com → us-east.api.example.com

6. Microservice Patterns

   • Generates microservice-style names
   • Example: example.com → auth-service.example.com, user-api.example.com

7. Internal Tooling

   • Adds common internal tool subdomains
   • Example: example.com → jenkins.internal.example.com

8. Port Prefixing

   • Adds common port numbers
   • Example: api.example.com → 8080.api.example.com

dnsgen [OPTIONS] FILENAME Options: -l, --wordlen INTEGER Min length of custom words (default: 6) -w, --wordlist PATH Path to custom wordlist -f, --fast Fast generation mode -o, --output PATH Output file path -v, --verbose Enable verbose logging --help Show this message and exit

DNSGen 2.0 supports commented wordlists for better organization:

# Environment Names dev staging prod # Cloud Providers aws azure gcp # Tools and Services jenkins gitlab grafana 

Get clean resolved domains:

# Generate and resolve dnsgen hosts.txt > wordlist.txt massdns -r resolvers.txt -o S wordlist.txt | grep -e ' A ' | \ cut -d 'A' -f 1 | rev | cut -d "." -f1 --complement | \ rev | sort | uniq > resolved_domains.txt

Contributions are welcome! Here's how you can help:

1. Fork the repository
2. Create a feature branch: git checkout -b feature/amazing-feature
3. Commit your changes: git commit -m 'Add amazing feature'
4. Push to the branch: git push origin feature/amazing-feature
5. Open a Pull Request

See CONTRIBUTING.md for more details.

• Subdomain Enumeration: 2019 Workflow
• Subdomain Enumeration: Doing it a Bit Smarter
• Project Documentation

This project is licensed under the MIT License - see the LICENSE file for details.

• Original concept by Aleph Null s.r.o.
• Inspired by altdns
• massdns for DNS resolution

• ✅ Core functionality complete
• 🏗️ Adding more permutation techniques
• 📝 Improving documentation
• 🧪 Adding tests

Made with ❤️ by the security community