Help

Type xmap -4 -h -M dnsx -O json to show the help information.

This module sends out DNS queries and parses basic responses.
By default, the module performs an A record lookup for www.qq.com.
You can specify other queries using the --probe-args argument
in the form: label_type:input_src:type,query;type,query, e.g.,
raw:text:A,qq.com;NS,qq.com. The module supports
sending the the following types of queries: A, NS, CNAME, SOA, PTR,
MX, TXT, AAAA, RRSIG, ANY, SIG, SRV, DS, DNSKEY, TLSA, SVCB, HTTPS,
CAA, and HTTPSSVC. The module will accept and attempt
to parse all DNS responses. There is currently support for parsing
out full data from A, NS, CNAME, MX, TXT, and AAAA.
Query format: label_type:recurse:input_src:type,query;type,query
Any other types will be output in raw form.
 label_type: raw, str, time, random, dst-ip
  raw: do nothing to the query domain, e.g., qq.com
  str: add the 'str' subdomain www, e.g., www.qq.com
  time: add the s+μs subdomain, e.g., 1620027515-568043.qq.com
  random: add random subdomain lefzwnrq, e.g., lefzwnrq.qq.com
  dst-ip: add probe num + src ip, e.g., 1.1-2-3-4.qq.com
 recurse: recurse, no-recurse
  recurse: recursive query
  no-recurse: non-recursive query
 input_src: text, file
  text: like A,qq.com;AAAA,qq.com
  file: each line is like a text
 type: A, NS, CNAME, SOA, PTR, MX, TXT, AAAA, RRSIG, ANY, SIG,
  SRV, DS, DNSKEY, TLSA, SVCB, HTTPS, CAA, and HTTPSSVC
 query: A,qq.com;AAAA,qq.com
Examples:
 --probe-args="raw/time/random:recurse/no-recurse:text:type,query"
 --probe-args="raw/time/random:recurse/no-recurse:file:file_name"
 --probe-args="str:SomeText:recurse/no-recurse:text:type,query"
 --probe-args="str:SomeText:recurse/no-recurse:file:file_name"
 --probe-args="dst-ip:recurse/no-recurse:text:type,query"
 --probe-args="dst-ip:recurse/no-recurse:file:file_name"

Usage Examples

1. Query qq.com A targeting 8.8.8.8:

xmap -4 -x 32 -p 53 -M dnsx -O json --output-fields="*" --output-filter="success = 1 || success = 0" -P 1 --probe-args="raw:recurse:text:A,qq.com" -R 1000 -o result.txt 8.8.8.8

2. Query qq.com A and baidu.com NS targeting 8.8.8.8:

xmap -4 -x 32 -p 53 -M dnsx -O json --output-fields="*" --output-filter="success = 1 || success = 0" -P 2 --probe-args="raw:recurse:text:A,qq.com;NS,baidu.com" -R 1000 -o result.txt 8.8.8.8

3. Query each domain from a domain.txt targeting all IPs from a ip.txt:

xmap -4 -x 32 -p 53 -M dnsx -O json --output-fields="*" --output-filter="success = 1 || success = 0" -P domain_number --probe-args="raw:recurse:file:domain.txt" -R 1000 -o result.txt -I ip.txt

Note: Each line in domain.txt is in the form like A,qq.com and -P domain_number = the number of domains.