DNSCewl

A DNS Bruteforcing Wordlist Generator.

Level

There are multiple levels of changes that can be performed, specified by "-level". A level of "1" or above modifies the results to use a - as well as everything else. A level of 0 wouldn't use -. Level defaults to level 1.

At level 2 integer substituions start to take place, using a set range.

Append

Append works by adding a new subdomain, as well as the word with a - and without (unless level is 0). So, for example:

A target list of:

example.com
help.example.com

With an append list of:

dev
test

With command line as:

DNSCewl -tL targets.txt -a append.txt

Would provide the output:

example-dev.com
example-test.com
help-dev.example.com
help-test.example.com
example.dev.com
example.test.com
help.dev.example.com
help.test.example.com

If the flag --subs was passed then this would limit results to new subdomains only, and output the following:

dev.example.com
devhelp.example.com
dev-help.example.com
dev.help.example.com
test.example.com
testhelp.example.com
test-help.example.com
test.help.example.com

Prepend

Prepend is the same as append, but at the beginning of a domain (or subdomain).

Using as:

DNSCewl -tL targets.txt -p append.txt

Would result in:

devexample.com
dev-example.com
dev.example.com
devhelp.example.com
dev-help.example.com
dev.help.example.com
testexample.com
test-example.com
test.example.com
testhelp.example.com
test-help.example.com
test.help.example.com

Level Usage Example

If level 1 was spefied, results with - wouldn't be used. For example:

DNSCewl -tL targets.txt -p append.txt --level=0

Would result in:

devexample.com
dev.example.com
devhelp.example.com
dev.help.example.com
testexample.com
test.example.com
testhelp.example.com
test-help.example.com
test.help.example.com

Subs Usage Example

Subs limits results to subdomains only. For example:

DNSCewl -tL targets.txt -p append.txt --level=0 --subs

Would result in:

dev.example.com
dev.help.example.com
test.example.com
test-help.example.com
test.help.example.com

No repeats example

No repeats prevents the same term being used twice in a domain.

For example, using test.example.com with an prepended list of:

test

With the following:

DNSCewl -tL targets.txt -p append.txt --no-repeats

Would result in:

test.example.com
test.testexample.com

Note that test.test.example.com isn't included, as it's a repeated subdomain. It's important to note that test.testexample.com is still possible here, as --no-repeats shouldn't prevent a subdomain and a top level domain from repeating.

Set List (-sL) Example

A set list is a series of words to perform a replacement on when one word in a set is discovered.

For example, an input of:

one.example.com
b.example.com

When provided a set list of:

one
two
three

Would output:

two.example.com
three.example.com

Include originals (-i)

If set than the original domains, from source lists are included in outputted results. If not then they will be excluded.

Range Example

By default if level=2 is set then any integers in a domain would be incremented and decremented by 100. For example,

101.example.com

Would generate domains from 1.example.com to 200.example.com as output.

Range allows you to override this setting. By default range will adjust to be both negative and positive. For example:

--range=10

Would generate domians from 91.example.com to 111.example.com. You can however specify + or - on range. So for example,

--range=+10

Would only generate domains from 101.example.com to 111.example.com as our output.

Domain Extensions (-eX)

Takes a list of domain extensions and replaces extensions on final results with them.

For example,

example.com
sub.example.com

When combined with a list of extentions that includes:

.com.au
.co.uk

Would result in a list of domains:

example.com.au
example.co.uk
sub.example.com.au
sub.example.co.uk