dns_wildcard_check
Detect wildcard DNS configuration on domains by resolving random subdomains to identify potential security misconfigurations during reconnaissance.
Instructions
Check if a domain has wildcard DNS configured by resolving a random subdomain.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| domain | Yes | Domain to check for wildcard DNS |
Implementation Reference
- src/dns/index.ts:404-414 (handler)The implementation of the dns_wildcard_check tool, which performs a DNS lookup on a random subdomain to check for a wildcard configuration.
export async function dnsWildcardCheck(domain: string): Promise<WildcardCheckResult> { const randomSub = crypto.randomBytes(8).toString("hex"); const testSubdomain = `${randomSub}.${domain}`; try { const ips = await dns.resolve4(testSubdomain); return { domain, wildcard: true, testSubdomain, resolvedIps: ips }; } catch { return { domain, wildcard: false, testSubdomain }; } } - src/dns/index.ts:62-67 (schema)Result type definition for dns_wildcard_check.
interface WildcardCheckResult { domain: string; wildcard: boolean; testSubdomain: string; resolvedIps?: string[]; } - src/protocol/tools.ts:77-83 (registration)Registration of the dns_wildcard_check tool.
const dnsWildcardCheckTool: ToolDef = { name: "dns_wildcard_check", description: "Check if a domain has wildcard DNS configured by resolving a random subdomain.", schema: { domain: z.string().describe("Domain to check for wildcard DNS"), }, execute: async (args) => json(await dnsWildcardCheck(args.domain as string)),