NSEC[3] Walking for DNSSEC

dns dns-walk nsec nsec3 nsec3-walk nsec3-walking nsec-walk nsec-walking

Go to file

Dionysus d7c0c075c2 Pull the root tlds from a root nameserver instead		2023-11-06 21:17:31 -05:00
LICENSE	Initial commit	2023-11-04 23:43:03 -04:00
README.md	Added RFC reference to README	2023-11-04 23:55:35 -04:00
nsec	Initial commit	2023-11-04 23:43:03 -04:00
tldsec	Pull the root tlds from a root nameserver instead	2023-11-06 21:17:31 -05:00

README.md

NSECX

Rsearch project on NSEC[3] walking for DNSSEC enabled Zones

Work in progress: Come back later

The repository contains utilities for DNSSEC zone enumeration and subdomain discovery via NSEC/NSEC3 walking. It focuses on extracting and analyzing DNSSEC records for TLDs and specific target domains. Meant for educational purposes, security research, and sanctioned penetration testing, these tools aid in uncovering the underlying mechanisms of DNS security.

Statistics

Based on my research at the time of writing this repository, after mapping 1,458 TLD zones, 89.37% use NSEC3, and 3.70% use NSEC, and 6.93% do not have DNSSEC features at all.

References

https://www.rfc-editor.org/rfc/rfc5155.html

Mirrors

acid.vegas • GitHub • GitLab • SuperNETs