DNSChef alternatives

Looking for an alternative tool to replace DNSChef? During the review of DNSChef we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. aiodnsbrute (asynchronous brute forcing DNS domain names)
  2. DNSteal (exfiltration tool via DNS requests)
  3. Fierce (DNS reconnaissance tool)

These tools are ranked as the best alternatives to DNSChef.

Alternatives (by score)

85

aiodnsbrute (Async DNS Brute)

Introduction

When a project requires resolving or guessing host names, then this tool is a great addition to the toolkit. It focuses on 'fast' by using asynchronous operations. The list of names to try is provided with a wordlist.

Project details

aiodnsbrute is written in Python.

Strengths and weaknesses

  • + Very low number of dependencies
  • + The source code of this software is available

    Typical usage

    • Network scanning
    • Penetration testing

    aiodnsbrute review

    64

    DNSteal

    Introduction

    DNSteal allows you to extract files from a machine through DNS requests. This can be used to circumvent security measures and test them against data leakage. The tool supports compression and allows for multiple files to be transferred.

    Project details

    DNSteal is written in Python.

    Strengths and weaknesses

    • + More than 500 GitHub stars
    • + The source code of this software is available
    • - No releases on GitHub available
    • - Full name of author is unknown

    Typical usage

    • Application security
    • Data hiding

    DNSteal review

    84

    Fierce

    Introduction

    Fierce is a security tool that helps with DNS reconnaissance. It can locate non-contiguous IP space, but using DNS information.

    Project details

    Fierce is written in Python.

    Strengths and weaknesses

    • + The source code of this software is available

      Typical usage

      • Information gathering
      • Reconnaissance
      • Security assessment

      Fierce review

      64

      QuickScan

      Introduction

      Although there are many port scanning utilities, sometimes it is specific functionality that makes a tool really powerful. For example, QuickScan saves the results of a scan, which then can be processed later for follow-up.

      Project details

      QuickScan is written in Python.

      Strengths and weaknesses

      • + Very low number of dependencies
      • + The source code of this software is available
      • - No releases on GitHub available
      • - Full name of author is unknown

      Typical usage

      • Network scanning

      QuickScan review

      60

      SubBrute (subdomain-bruteforcer)

      Introduction

      SubBrute is a DNS meta-query spider that enumerates DNS records and subdomains. This can be useful during penetration tests and security assessments.

      Project details

      SubBrute is written in Python.

      Strengths and weaknesses

      • + More than 1000 GitHub stars
      • + The source code of this software is available
      • - Full name of author is unknown

      Typical usage

      • Information gathering
      • Penetration testing
      • Security assessment

      SubBrute review

      60

      SubFinder

      Introduction

      SubFinder is a tool to scan domains and discover subdomains. This may be useful during the reconnaissance phase of penetration testing where information is collected. Some subdomains may reveal sensitive data or point to interesting targets such as a backup location.

      Project details

      SubFinder is written in Golang.

      Strengths and weaknesses

      • + Tool is modular and extendable
      • + More than 500 GitHub stars
      • + The source code of this software is available

        Typical usage

        • Discovery of sensitive information
        • Information gathering
        • Penetration testing
        • Reconnaissance
        • Security assessment

        SubFinder review

        63

        ArpON

        Introduction

        ArpOn protects a system by running as a daemon and guard against a Man in the Middle (MitM) attack due to ARP spoofing, cache poisoning, or an ARP poison routing attack.

        The tool works by using three types of inspection to detect a related attack.

        • SARPI (Static ARP Inspection), statically configured networks (without DHCP)
        • DARPI (Dynamic ARP Inspection), dynamically configured networks (with DHCP)
        • HARPI (Hybrid ARP Inspection), statically and dynamically configured networks (with DHCP)

        Project details

        ArpON is written in C.

        Strengths and weaknesses

        • + The source code of this software is available

          ArpON review

          100

          BetterCAP

          Introduction

          BetterCAP is often used by those who perform penetration testing and security assessments. This tool and framework is in particular useful for attempting man-in-the-middle attacks (MitM).

          Project details

          BetterCAP is written in Golang.

          Strengths and weaknesses

          • + More than 25 contributors
          • + More than 2000 GitHub stars
          • + The source code of this software is available

            Typical usage

            • Bypassing security measures
            • Penetration testing
            • Security assessment

            BetterCAP review

            78

            mitmproxy (mitmproxy)

            Introduction

            The mitmproxy tool allows to intercept, inspect, modify, and replay traffic flows. It may be used for pentesting, troubleshooting, or learning about SSL/TLS.

            Project details

            mitmproxy is written in Python.

            Strengths and weaknesses

            • + More than 200 contributors
            • + More than 10000 GitHub stars
            • + The source code of this software is available

              Typical usage

              • Network analysis
              • Penetration testing
              • Security assessment

              mitmproxy review

              60

              Nili

              Introduction

              This tool performs multiple types of scanning and attacks, which can be useful during penetration tests and security assignments.

              Project details

              Nili is written in Python.

              Strengths and weaknesses

              • + The source code of this software is available

                Typical usage

                • Network scanning
                • Penetration testing
                • Security assessment

                Nili review

                64

                Seth

                Introduction

                Seth is a security tool to perform a man-in-the-middle (MitM) attack and extract clear text credentials from RDP connections.

                Project details

                Seth is written in Python, shell script.

                Strengths and weaknesses

                • + The source code of this software is available

                  Typical usage

                  • Penetration testing
                  • Security assessment

                  Seth review

                  60

                  SSH MITM

                  Introduction

                  This tool would most likely be used to intercept traffic during security assessments. Plaintext passwords and session data can be intercepted with it.

                  Project details

                  SSH MITM is written in Python.

                  Strengths and weaknesses

                  • + More than 1000 GitHub stars
                  • + The source code of this software is available

                    Typical usage

                    • Password discovery
                    • Security assessment
                    • Session hijacking

                    SSH MITM review

                    60

                    sslcaudit

                    Introduction

                    Sslcaudit is a tool that focuses on the niche of testing SSL/TLS clients.

                    Project details

                    sslcaudit is written in Python.

                    Strengths and weaknesses

                    • + The source code of this software is available

                      Typical usage

                      • Security assessment
                      • Software testing

                      sslcaudit review

                      81

                      SSLsplit

                      Introduction

                      SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.

                      SSLsplit supports plain TCP, plain SSL, HTTP and HTTPS connections over both IPv4 and IPv6. For SSL and HTTPS connections, SSLsplit generates and signs forged X509v3 certificates on-the-fly, based on the original server certificate subject DN and subjectAltName extension. SSLsplit fully supports Server Name Indication (SNI) and is able to work with RSA, DSA and ECDSA keys and DHE and ECDHE cipher suites. Depending on the version of OpenSSL, SSLsplit supports SSL 3.0, TLS 1.0, TLS 1.1 and TLS 1.2, and optionally SSL 2.0 as well. SSLsplit can also use existing certificates of which the private key is available, instead of generating forged ones. SSLsplit supports NULL-prefix CN certificates and can deny OCSP requests in a generic way. For HTTP and HTTPS connections, SSLsplit removes response headers for HPKP in order to prevent public key pinning, for HSTS to allow the user to accept untrusted certificates, and Alternate Protocols to prevent switching to QUIC/SPDY. As an experimental feature, SSLsplit supports STARTTLS mechanisms in a generic manner.

                      Project details

                      SSLsplit is written in C.

                      Strengths and weaknesses

                      • + The source code of this software is available

                        Typical usage

                        • Learning
                        • Network analysis
                        • Penetration testing
                        • Security assessment

                        SSLsplit review

                        Some relevant tool missing as an alternative to DNSChef? Please contact us with your suggestion.