top of page
  • FC

Scraping DNS records with BlueDanube

DNS is the heart of all things on the internet. It is the system that lets us type in amazon.com rather than 176.32.98.166 to do our shopping, and making it much easier for us to find Google than if we had to remember it as 216.58.206.142. This is not going to be a post on how DNS works, there are many explanations of it online already. This post is about how to use the vast amount of data held in DNS records for helping with all sorts of things.

We have created a lot of tools in-house to help us with our penetration and ethical hacking assessments. As these tools are updated and improved, we try to release the original version, where possible, to help other companies perform their work faster and more thoroughly. It's part of our Go-Giver philosophy within Cygenta.

This week we have released BlueDanube a tool written to query and scrape DNS records on a mass scale. We shall get onto some of the findings we can release publicly in a minute but for now let's look at the tool and some of the real world uses for it.

BlueDanube, as some of you may recognise, is the name of a Waltz written by Struass and made famous by being used as the docking music to the brilliant computer game series of Elite. However, BlueDanube was also the codename for the first working British Nuclear Hydrogen bomb, based on the physics package of Hurricane. It was not designed as a weapon but more of a science experiment, hence the name of the tool we first created to help with a specific issue that has now found its own tree of software in-house to grow and change.

BlueDanube has helped Cygenta to provide invaluable information to our clients and to our internal teams on penetration assesments. Here are a few of the things you can use BlueDanube for:

1) domain reconnaissance - for example thesun.co.uk has the following domain listed in its records

archerfield.wearegifted.co.uk. 60 IN CNAME admin.wearegifted.co.uk.

It is absolutely the fastest way to find subdomains for your target.

2) you can work out name servers used by domains, particularly good if you want to try doing Zone Transfer testing, for example;

newportbeachca.gov. 60 IN NS ns1.cityofnewportbeach.net.

3) listing mailservers, find out who is running their own MX server, for example;

mowerphoto.com. 60 IN MX 0 mowerphoto.com.

4) find email addresses; self explanatory really

5) IPv6 endpoints

cheetah3d.com. 60 IN AAAA 2a01:488:42:1000:53a9:1db0:4e:b113

6) Internal IP addresses

prometheusbooks.com. 60 IN NS 192.168.1.100.

Or find those that have broken their sites!

ci.salinas.ca.us. 60 IN A 192.168.0.12ci.salinas.ca.us. 60 IN A 192.168.0.17

7) Technology stacks

critgames.com. 60 IN TXT "firebase=game-on-e543c"

There is a ton of other incredible information available in DNS records that we leave as an exercise for the reader.

Cygenta maintains a live record set of over 10 million domains, resulting in gigabytes of text kept in a mysql database for easy querying. We have found some interesting statistics and lists from this vast swathe of data.

For example, out of those 10 million domains, 663,525 unique name servers are in use and we also see 2,164,306 unique mail servers in use across the web. Many domains have internal IP addresses as their A record and for IPV6 we can see almost 500,000 addresses in use. We even found a few .onion addresses revealing some TOR endpoints.

Go and try it out and let us know what you find on twitter @CygentaHQ

1,505 views

Related Posts

See All

2 comentários


Agnes Lizzy
Agnes Lizzy
14 de out. de 2023

Contact him for any type of hacking, he is a professional hacker that specializes in exposing cheating spouses, and every other hacking related issues. he is a cyber guru, he helps catch cheating spouses by hacking their communications like call, Facebook, text, emails, Skype, whats-app and many more. I have used this service before and he did a very good job, he gave me every proof I needed to know that my fiancee was cheating. You can contact him on his email to help you catch your cheating spouse, or for any other hacking related problems, like hacking websites, bank statement, grades and many more. he will definitely help you, he has helped a lot of people, contact him on,…

Curtir

Janet Lucy
Janet Lucy
12 de out. de 2023

I’m excited to write about Henry Hacker, he is a great and brilliant hacker who penetrated my spouse’s phone without a physical installation app. And I was able to access my spouse’s phone, SMS, Whatsapp, Instagram, Facebook, Wechat, Snapchat, Call Logs, Kik, Twitter and all social media. The most amazing thing there is that he restores all phone deleted text messages. And I also have access to everything including the phone gallery without touching the phone.I can see the whole secret of my spouse. Contact him for any hacking service. He is also a genius in repairing Credit Score, increasing school grade, Clear Criminal Record etc. His service is fast. Contact:, Henryclarkethicalhacker@gmail.com and you can text, call him on whatsapp…


Curtir
bottom of page