Harvest Subdomains with DNSHarvester

We’re back again with another banger from Dan Miessler so if you liked the post about his seclists tool, you may want to stick around. First thing first some backstory on how I found this tool. I was in the footprinting room on HTB Academy and needed to enumerate a domain to get a certain FQDN of an IP. The walkthough had been using DNSEnum — stay tuned if you dont know what that is– with a wordlist from the Seclists tool and I was stuck like sap on a tree. So I started looking around in familiar places for something, anything that could help me achieve my goal. I wandered over to GitHub and stumbled across this little gem.

About DNSHarvester

DNSHarvester is a simple script, and by simple I mean just 40 lines of python code. The package include 2 wordlists, one long one short but it can also utilize seclists for domain enumeration. The purpose of this tool is to query the Google API or the provided lists to harvest valid subdomains from a given domain. It utilizes socket and simplejson python modules and calls the socket.gethostbyaddr function to check the validity of the prefix against the wordlists. When the name cannot be resolved they are removed from the array.

The long prefix text file contains over 2500 possible prefixes and the short list contains about 60. With a little bit of tweaking you can add some of the Seclists Discovery text files to where you save the repo and utilize those wordlists as well. This came in handy on my Academy room I was working on and I was able to get some of the same info i was using DNSEnum.

DNSHarvester Conclusion and Rating

This tool needed a little tweaking as it is almost 10 years old. If you want the tool to work effectively you need to change a few lines of the initil code and change the address of the Google API but other than that DNSHarvester is definitely a banger! Im giving this one a 3 out of 5 bunnies.

Want to learn more about ethical hacking?

We have a  networking hacking course that is of a similar level to OSCP, get an exclusive discount here

Help support LHN by buying a T-shirt or a mug?

Check out our selection here

Do you know of another GitHub related hacking tool?

Get in touch with us via the contact form if you would like us to look at any other GitHub ethical hacking tools.

Related posts

BruteDum- A network attack bruteforce tool

MHDDoS – A DDoS Attack Script With Over 50 Different Methods

A Review of DNS Enumeration Tool: DNSEnum