NSEC[3] Walking for DNSSEC
Go to file
2024-03-18 13:48:32 -04:00
output Updated mirrors and LICENSE 2024-01-20 19:23:34 -05:00
LICENSE Updated mirrors and LICENSE 2024-01-20 19:23:34 -05:00
nsec Updates 2023-11-14 18:32:29 -05:00
nsec3 Added full dnssec data for all tlds and started improving nsec/nsec3 walks 2023-11-13 23:01:08 -05:00
nsec.txt Updated mirrors and LICENSE 2024-01-20 19:23:34 -05:00
nwalk updated nsec walker 2024-03-18 13:48:32 -04:00
README.md Updated mirrors and LICENSE 2024-01-20 19:23:34 -05:00
tldsec Updated mirrors and LICENSE 2024-01-20 19:23:34 -05:00

NSECX

Rsearch project on NSEC[3] walking for DNSSEC enabled Zones

Work in progress: Come back later

The repository contains utilities for DNSSEC zone enumeration and subdomain discovery via NSEC/NSEC3 walking. It focuses on extracting and analyzing DNSSEC records for TLDs and specific target domains. Meant for educational purposes, security research, and sanctioned penetration testing, these tools aid in uncovering the underlying mechanisms of DNS security.

Statistics

Based on my research at the time of writing this repository, after mapping 1,458 TLD zones, 89.78% use NSEC3, and 3.50% use NSEC, and 6.72% do not have DNSSEC features at all.

NSEC Pitfalls

  • Results inconsistent, must hop dns servers on ALL issues to continue the crawl.

  • Running into \000 (null) characters in sub-domains (strange bind version issue missing "w" character in the charmap)

  • Running into *.domain.tld issues creates a crawling loop :

Next domain: myfreedom.auto.
Next domain: ne.auto.
Next domain: neom.auto.
Next domain: netdirector.auto.
Next domain: netprophet.auto.
Next domain: netto.auto.
Next domain: newjersey.auto.
Next domain: nexteer.auto.
Next domain: nextev.auto.
Next domain: nh.auto.
Next domain: nic.auto.
Next domain: *.nic.auto.
Next domain: _c311ff38bcd400b0adf7fa2b71732858.nic.auto.
Next domain: a.nic.auto.
Next domain: b.nic.auto.
Next domain: c.nic.auto.
Next domain: d.nic.auto.
Next domain: web1.nic.auto.
Next domain: web2.nic.auto.
Next domain: whois.nic.auto.
Next domain: _aa5536969dd3a62238209b6b2b750c1c.whois.nic.auto.
Next domain: www.nic.auto.
Next domain: _b529263a31adafb2e3be5d632e66c16b.www.nic.auto.
Next domain: nic.auto.
Next domain: *.nic.auto.
Next domain: _c311ff38bcd400b0adf7fa2b71732858.nic.auto.
Next domain: a.nic.auto.
Next domain: b.nic.auto.
Next domain: c.nic.auto.
Next domain: d.nic.auto.
Next domain: web1.nic.auto.
Next domain: web2.nic.auto.
Next domain: whois.nic.auto.
Next domain: _aa5536969dd3a62238209b6b2b750c1c.whois.nic.auto.
Next domain: www.nic.auto.
Next domain: _b529263a31adafb2e3be5d632e66c16b.www.nic.auto.
Next domain: nic.auto.
Next domain: *.nic.auto.
Next domain: _c311ff38bcd400b0adf7fa2b71732858.nic.auto.

References


Mirrors for this repository: acid.vegasSuperNETsGitHubGitLabCodeberg