aeondave/massdns
offensive-tools/recon/massdns/SKILL.md
Auth/lab ref: High-performance DNS resolver for bulk subdomain resolution. For you have a large subdomain list and need to resolve all entries quickly using public resolvers.
$ install --global
skillsauthnpx skillsauth add aeondave/malskill massdnsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 8, 2026, 3:59 AM131.6s2 files scanned
SKILL.md
- name:
- massdns
- description:
- Auth/lab ref: High-performance DNS resolver for bulk subdomain resolution. For you have a large subdomain list and need to resolve all entries quickly using public resolvers.
- license:
- MIT
- compatibility:
- C; Linux/macOS; build from source.
- author:
- AeonDave
- version:
- 1.1
MassDNS
High-speed DNS bulk resolver — resolve millions of subdomains per minute.
Quick Start
git clone https://github.com/blechschmidt/massdns
cd massdns && make
# Resolve subdomain list
./bin/massdns -r resolvers.txt -t A subdomains.txt -o S -w resolved.txt
# Built-in resolver list
./bin/massdns -r lists/resolvers.txt -t A subdomains.txt -o S > resolved.txt
Core Flags
| Flag | Purpose |
|------|---------|
| -r FILE | Resolver list file |
| -t TYPE | DNS type (A/AAAA/MX/NS/CNAME) |
| -o FORMAT | Output format (S=simple, J=JSON, L=list) |
| -w FILE | Write output to file |
| -s N | Concurrent resolvers (default: 500) |
| --root | Use root server for NS lookups |
| --verify-ip | Verify A record IPs |
| --flush | Flush DNS cache per request |
| -q | Quiet mode |
| --status-format <fmt> | Status line format |
| --retry N | Retry failed lookups |
| --resolvers-rnd | Shuffle resolver list |
Output Formats
| Flag | Format | Example Output |
|------|--------|----------------|
| -o S | Simple (default) | sub.target.com. A 1.2.3.4 |
| -o J | JSON | Full DNS response JSON |
| -o L | List | sub.target.com (only names) |
| -o F | Full | All DNS fields |
Common Workflows
Subdomain enumeration pipeline:
# Generate candidates with subfinder
subfinder -d target.com -silent -o subs.txt
# Resolve with massdns
./bin/massdns -r lists/resolvers.txt -t A subs.txt -o S | grep -v NXDOMAIN > live.txt
Extract live IPs:
cat resolved.txt | grep " A " | awk '{print $3}' | sort -u > ips.txt
DNS brute-force (generate + resolve):
# Generate permutations with puredns or subfinder, then resolve at scale
subfinder -d target.com -silent -all | \
massdns -r lists/resolvers.txt -t A -o S 2>/dev/null | \
grep -v "NXDOMAIN\|SERVFAIL" > resolved.txt
CNAME hunting for subdomain takeover:
massdns -r lists/resolvers.txt -t CNAME subs.txt -o J 2>/dev/null | \
jq -r 'select(.answers[0].type=="CNAME") | "\(.name) \(.answers[0].data)"' | \
grep -v "target\.com"
MX record enumeration:
massdns -r lists/resolvers.txt -t MX domains.txt -o S 2>/dev/null | \
grep " MX " | sort -u
Wildcard detection:
# Check if domain has wildcard DNS
python3 scripts/wildcard.py target.com lists/resolvers.txt
# massdns includes wildcard detection scripts in scripts/
Rate-limited run (avoid resolver bans):
massdns -r lists/resolvers.txt -t A subs.txt -o S -s 100 --resolvers-rnd 2>/dev/null
Resources
| File | When to load |
|------|--------------|
| references/resolvers.md | Resolver list sources, rate tuning, wildcard handling, puredns integration |
Related Skills
aeondave/vibe-audit-technique
development
VerifiedTrustedCommunity
White-box auditing methodology for AI-generated ('vibe-coded') applications. Focuses on modern stack misconfigurations (Supabase, Next.js, Vercel).
4SKILL.mdUpdated Jun 12, 2026
aeondave/source-review-technique
development
VerifiedTrustedCommunity
Hybrid AI/Deterministic SAST methodology for discovering zero-day vulnerabilities in source code. Orchestrates structural search with AI-driven data flow and sink validation.
4SKILL.mdUpdated Jun 12, 2026
aeondave/hardware-technique
development
VerifiedTrustedCommunity
Auth assessment: hardware/embedded methodology; UART/JTAG/SWD/SPI/I2C, firmware extraction, boot/debug paths, embedded OS evidence.
4SKILL.mdUpdated Jun 12, 2026
aeondave/container-technique
devops
VerifiedTrustedCommunity
Container methodology: Identifying containerization limits, Docker/K8s misconfigurations, and executing escapes to the host node.
4SKILL.mdUpdated Jun 12, 2026