A DNS Bruteforcing Wordlist Generator.

There are multiple levels of changes that can be performed, specified by "-level". A level of "1" or above modifies the results to use a - as well as everything else. A level of 0 wouldn't use -. Level defaults to level 1.

At level 2 integer substituions start to take place, using a set range.

Append works by adding a new subdomain, as well as the word with a - and without (unless level is 0). So, for example:

A target list of:

example.com help.example.com 

With an append list of:

dev test 

With command line as:

DNSCewl -tL targets.txt -a append.txt 

Would provide the output:

example-dev.com example-test.com help-dev.example.com help-test.example.com example.dev.com example.test.com help.dev.example.com help.test.example.com 

If the flag --subs was passed then this would limit results to new subdomains only, and output the following:

dev.example.com devhelp.example.com dev-help.example.com dev.help.example.com test.example.com testhelp.example.com test-help.example.com test.help.example.com 

Prepend is the same as append, but at the beginning of a domain (or subdomain).

Using as:

DNSCewl -tL targets.txt -p append.txt 

Would result in:

devexample.com dev-example.com dev.example.com devhelp.example.com dev-help.example.com dev.help.example.com testexample.com test-example.com test.example.com testhelp.example.com test-help.example.com test.help.example.com 

If level 1 was spefied, results with - wouldn't be used. For example:

DNSCewl -tL targets.txt -p append.txt --level=0 

Would result in:

devexample.com dev.example.com devhelp.example.com dev.help.example.com testexample.com test.example.com testhelp.example.com test-help.example.com test.help.example.com 

Subs limits results to subdomains only. For example:

DNSCewl -tL targets.txt -p append.txt --level=0 --subs 

Would result in:

dev.example.com dev.help.example.com test.example.com test-help.example.com test.help.example.com 

No repeats prevents the same term being used twice in a domain.

For example, using test.example.com with an prepended list of:

test 

With the following:

DNSCewl -tL targets.txt -p append.txt --no-repeats 

Would result in:

test.example.com test.testexample.com 

Note that test.test.example.com isn't included, as it's a repeated subdomain. It's important to note that test.testexample.com is still possible here, as --no-repeats shouldn't prevent a subdomain and a top level domain from repeating.

A set list is a series of words to perform a replacement on when one word in a set is discovered.

For example, an input of:

one.example.com b.example.com 

When provided a set list of:

one two three 

Would output:

two.example.com three.example.com 

If set than the original domains, from source lists are included in outputted results. If not then they will be excluded.

By default if level=2 is set then any integers in a domain would be incremented and decremented by 100. For example,

101.example.com 

Would generate domains from 1.example.com to 200.example.com as output.

Range allows you to override this setting. By default range will adjust to be both negative and positive. For example:

--range=10 

Would generate domians from 91.example.com to 111.example.com. You can however specify + or - on range. So for example,

--range=+10 

Would only generate domains from 101.example.com to 111.example.com as our output.

Takes a list of domain extensions and replaces extensions on final results with them.

For example,

example.com sub.example.com 

When combined with a list of extentions that includes:

.com.au .co.uk 

Would result in a list of domains:

example.com.au example.co.uk sub.example.com.au sub.example.co.uk