DioNiSio is a DNS scanner written in ANSI C without any dependencies on other libraries than system sockets library or libc. It implements three types of scan methods (dictionary, massive reverse lookup and recursive zone transfers) and can detect DNS misconfigurations or anomalities. Its main targets are portability, rational resources usage, and easy use.
DioNiSio also can manage a big pool of recursive DNS servers making possible distributed DNS scans that hide the identity of the auditor.
The three scan types:
Dictionary scan. DioNiSio, with bruteforce and a dictionary, can try to resolve part or totallity of machine names and subdomains of a target domain. And, if DioNiSio discovers some subdomain, it will repeat the dictionary attack against this new subdomain. In spite of the simplicity of this method its results can be impressive.
Massive reverse lookup scan. DioNiSio can make mass inverse resolutions in a network. A lot of administrators configure their DNS servers so they make the inverse address resolution of any host. This can be used to gather a lot of information in a network; the final result is like a network scan but using only DNS questions, so it is not easy to detect and sometimes gives a lot of information extra that you cannot obtain simply with a traditional network scanner like nmap.
Recursive zone transfer. This scan is developed specially for penetration tests. Usually DNS servers doesn't allow zone transfers to external IP addresses, but a lof of administrators allow zone transfer to any machine in their networks. When an auditor gets control on a machine, and he is working under the black-box paradigm, he will need surely to gather more information from her/his new point of view and one good way could be to make an agressive zone transfers. The problem is that a compromised machine usually have not installed the necessary tools; DioNiSio is targeted to be completely independent from system libraries, easy to port and it has a low memory and CPU consumption.
I wrote it because there are so few tools for DNS auditing and analyzing. It is not complete because I want to write more scan types and more functionalities (DNS question forging, DNS fingerprinting, optimizations, ...) but I have not very much time and the development is slow.
DioNiSio currently have been tested on
Probably it will run smoothly on any more modern version of these operating systems, but I haven't tested them yet.
Compilation and installation is built on Autoconf/Automake so not only is easy to port to new platforms, but also it is easy to build and to do strange things like cross-compilings.