BadDNS is an open-source Python DNS auditing tool designed to detect domain and subdomain takeovers of all types.
“BadDNS does cover some well-explored ground, such as detecting dangling CNAME and NS records—these are areas many other tools also address. However, several features make BadDNS stand out,” Paul Mueller, the developer of BadDNS, told Help Net Security.
BadDNS doesn’t just stop at detecting subdomain takeovers. The references module goes a step further by looking at any domains the target website trusts to find “second-order” takeovers. For example:
“One major challenge in the infosec community is the lack of centralized maintenance for subdomain takeover signatures. The closest thing we have is the repository can-i-take-over-xyz, where researchers share techniques via the GitHub issues page. However, there’s no single entity maintaining a comprehensive, up-to-date signature database,” Mueller explained.
“BadDNS addresses this gap by automating signature updates from the best-known sources. We’ve set up GitHub pipelines to automatically pull new signatures from Nuclei and DNS Reaper, convert them to BadDNS-compatible formats, test them, and create pull requests for review. This allows us to not fall behind, but also not take on the responsibility ourselves (which we don’t have the manpower for) of being the sole authority for the latest signatures. In addition to confirmed takeover techniques, BadDNS flags any dangling records—whether a known exploitation technique exists or not. This provides a foundation for further research into new takeovers which might not have signatures yet, or which may exist in custom internal company infrastructures,” he concluded.
“We will likely eventually support additional DNS record types, such as PTR, CAA, and SRV records, to address the unique risks associated with misconfigured record types. We may also add features to detect DNSSEC-related vulnerabilities like weak or improperly configured DNSSEC signatures,” Mueller concluded.
BadDNS is available for free on GitHub.
Must read:
I have read and agree to the terms & conditions 
About The Author
More Stories
The Shift in Peering Threatening the Internet’s Foundations
Remembering Alan Barrett: A Builder of the African Internet
From Email to Case Study: What We Learned About Connecting Refugee Communities in Just One Year