fess_up

Fess Up is an unintelligent DNS record guesser in Python. It offers both a library and a command line tool to scan specific domains for (currently) one layer of subdomains. The scan is dictionary based and it will attempt to avoid superfluous queries by basing subsequent queries off of previously discovered records.

fess_up's scanning wordlist is based on files installed in the fess_up/dnsnames/ directory. To expand this list, either edit default.txt or add another .txt file to the directory and it will be automatically loaded.

Command line tool

To scan a domain using the fess_up.py (installed as fess_up when using the Debian package) command line tool, simply provide the domain as an argument:

fess_up nosmo.me
nosmo.me
{'@': {'A': ['92.51.245.61'],
        'MX': [('nosmo.me.', 10)],
        'TXT': ['v=spf1 mx -all']},
 'www': {'A': ['92.51.245.61'],
        'CNAME': ['nosmo.me.'],
        'MX': [('nosmo.me.', 10)],
        'TXT': ['v=spf1 mx -all']}}

fess_up can also output in a bind-like fashion when using the -B flag.

fess_up.py nosmo.me -B
nosmo.me
@       IN      A       92.51.245.61
@       IN      TXT     v=spf1 mx -all
@       IN      MX      10      nosmo.me.
www     IN      A       92.51.245.61
www     IN      CNAME   nosmo.me.
www     IN      MX      10      nosmo.me.
www     IN      TXT     v=spf1 mx -all

Library

fess_up's domain scan can be used as a library:

>>> from fess_up import dnsnames, DomainScan
>>> domain_scanner = DomainScan("nosmo.me", dnsnames.dnsnames)
>>> domain_scanner.runScan()
>>> dict(domain_scanner.data)
{'www': {'A': ['92.51.245.61'], 'CNAME': ['nosmo.me.'], 'MX': [('nosmo.me.', 10)], 'TXT': ['v=spf1 mx -all']}, None: {'A': ['92.51.245.61'], 'TXT': ['v=spf1 mx -all'], 'MX': [('nosmo.me.', 10)]}}