# README
ÜberDig - dig on steroids
Simple GoLang tool for domain recon.
The purpose of this tool is to provide fast overview of a target domain setup. Several active scanning techniques are employed for this purpose like DNS ping-pong, TLS certificate scraping, WHOIS banner parsing and more. Some tools on the other hand are not - intentionally (e.g. nmap, brute-force, search engines etc.). This is not a full-blown DNS enumerator, but rather something more unobtrusive and fast which can be deployed in long-term experiments with lots of targets.
Feature set:
- Resolves a given domain to all DNS records of interest
- Resolves a given domain to a set of WHOIS contacts (selected properties only)
- Resolves a given domain to a TLS certificate chain
- Supports automatic NS discovery with custom override
- Dissects domains from resolutions and resolves them recursively
- Unobtrusive human-readable CLI output as well as machine readable JSON
- Supports multiple domains on the input
- Colorized output
- Parses domains in HTTP headers
- Parses domains in Certificate Transparency logs
- Parses IPs found in SPF record
- Looks up BGP AS for each discovered IP
- Looks up GeoIP record for each discovered IP
- Attempts to detect DNS wildcards
- Supports graph output
Download as dependency
go get github.com/netrixone/udig
Basic usage
dig := udig.NewUdig()
resolutions := dig.Resolve("example.com")
for _, res := range resolutions {
...
}
API
+------------+
| |
+------+ Udig +-----------------------------------+
Delegates: | | | |
| +------------+ |
|* |*
+------------------+ +------------+
| DomainResolver | | IPResolver |
+----------------------> +------------------+ <------------------+ +------------+
| ^ ^ ^ | ^ ^
Implements: | +-----+ | | | | +-------+
| | | | | | |
+-------------+ +-------------+ +--------------+ +---------------+ +------------+ +-------------+ +---------------+
| DNSResolver | | TLSResolver | | HTTPResolver | | WhoisResolver | | CTResolver | | BGPResolver | | GeoipResolver |
+-------------+ +-------------+ +--------------+ +---------------+ +------------+ +-------------+ +---------------+
| | | | | | |
| | | | | | |
Produces: | | | | | | |
| | | | | | |
|* |* |* |* |* |* |*
+-----------+ +----------------+ +------------+ +--------------+ +-------+ +----------+ +-------------+
| DNSRecord | | TLSCertificate | | HTTPHeader | | WhoisContact | | CTLog | | ASRecord | | GeoipRecord |
+-----------+ +----------------+ +------------+ +--------------+ +-------+ +----------+ +-------------+
CLI app
Download app
go get github.com/netrixone/udig/cmd/udig
Build from the sources
make
or make install
This will also download the latest GeoIP database (IPLocation-lite).
Usage
udig [-h|--help] [-v|--version] [-V|--verbose] [-s|--strict]
[-d|--domain "<value>"] [--ct:expired] [--ct:from "<value>"]
[--json]
ÜberDig - dig on steroids v1.5 by stuchl4n3k
Arguments:
-h --help Print help information
-v --version Print version and exit
-V --verbose Be more verbose
-s --strict Strict domain relation (TLD match)
-d --domain Domain to resolve
--ct:expired Collect expired CT logs
--ct:from Date to collect logs from. Default: 1 year ago (2022-11-10)
--json Output payloads as JSON objects
Demo
Dependencies and attributions
- https://github.com/akamensky/argparse - Argparse for golang
- https://github.com/miekg/dns - DNS library in Go
- https://github.com/domainr/whois - Whois client for Go
- https://github.com/ip2location/ip2location-go - GeoIP localization package. This product uses IP2Location LITE data available from https://lite.ip2location.com.
- https://www.team-cymru.com/IP-ASN-mapping.html - IP to ASN mapping service by Team Cymru
License
# Packages
No description provided by the author
# Functions
LogDebug formats and prints a given log on STDOUT.
LogErr formats and prints a given log on STDERR.
LogInfo formats and prints a given log on STDOUT.
LogPanic formats and prints a given log on STDERR and panics.
NewBGPResolver creates a new BGPResolver with sensible defaults.
NewCTResolver creates a new CTResolver with sensible defaults.
NewDNSResolver creates a new DNS resolver instance pre-populated with sensible defaults.
NewGeoResolver creates a new GeoResolver with sensible defaults.
NewHTTPResolver creates a new HTTPResolver with sensible defaults.
NewTLSResolver creates a new TLSResolver with sensible defaults.
NewUdig creates a new Udig instances provisioned with all supported resolvers.
NewWhoisResolver creates a new WhoisResolver instance provisioned with sensible defaults.
# Constants
No description provided by the author
DefaultTimeout is a default timeout used in all network clients.
Logging levels: the smaller value the more verbose the output will be.
Logging levels: the smaller value the more verbose the output will be.
Logging levels: the smaller value the more verbose the output will be.
Logging levels: the smaller value the more verbose the output will be.
TypeBGP is a type of all BGP resolutions.
TypeCT is a type of all CT resolutions.
TypeDNS is a type of all DNS resolutions.
TypeGEO is a type of all GeoIP resolutions.
TypeHTTP is a type of all HTTP resolutions.
TypeTLS is a type of all TLS resolutions.
TypeWHOIS is a type of all WHOIS resolutions.
# Variables
No description provided by the author
No description provided by the author
No description provided by the author
DefaultDNSQueryTypes is a list of default DNS RR types that we query.
No description provided by the author
DefaultHTTPHeaders is a list of default HTTP header names that we look for.
GeoDBPath is a path to IP2Location DB file.
No description provided by the author
LogLevel contains the actual log level setting.
No description provided by the author
SupportedWhoisProperties is a set of WHOIS properties that WhoisResolver honors.
# Structs
ASRecord contains information about an Autonomous System (AS).
BGPResolution is a BGP resolution of a given IP yielding AS records.
BGPResolver is a Resolver which is able to resolve an IP to AS name and ASN.
CTAggregatedLog is a wrapper of a CT log that is aggregated over all logs with the same CN in time.
CTLog is a wrapper for attributes of interest that appear in the CT log.
CTResolution is a certificate transparency project resolution, which yields a CT log.
CTResolver is a Resolver responsible for resolution of a given domain to a list of CT logs.
DNSRecord is a wrapper for the actual DNS resource record.
DNSRecordPair is a pair of DNS record type used in the query and a corresponding record found in the answer.
DNSResolution is a DNS multi-query resolution yielding many DNS records in a form of query-answer pairs.
DNSResolver is a Resolver which is able to resolve a domain to a bunch of the most interesting DNS records.
GeoRecord contains information about a geographical location.
GeoResolution is a GeoIP resolution of a given IP yielding geographical records.
GeoResolver is a Resolver which is able to resolve an IP to a geographical location.
HTTPHeader is a pair of HTTP header name and corresponding value(s).
HTTPResolution is a HTTP header resolution yielding many HTTP protocol headers.
HTTPResolver is a Resolver responsible for resolution of a given domain to a list of corresponding HTTP headers.
ResolutionBase is a shared implementation for all Resolutions (i.e.
TLSCertificate is a wrapper for the actual x509.Certificate.
TLSResolution is a TLS handshake resolution, which yields a certificate chain.
TLSResolver is a Resolver responsible for resolution of a given domain to a list of TLS certificates.
WhoisResolution is a WHOIS query resolution yielding many contacts.
WhoisResolver is a Resolver responsible for resolution of a given domain to a list of WHOIS contacts.
# Interfaces
DomainResolver is an API contract for all Resolver modules that resolve domains.
IPResolver is an API contract for all Resolver modules that resolve IPs.
Resolution is an API contract for all Resolutions (i.e.
Udig is a high-level facade for domain resolution which: 1.
# Type aliases
No description provided by the author
ResolutionType is an enumeration type for resolutions types.
WhoisContact is just a set of key/value pairs.