This tool enables brute-forcing DKIM keys of a domain to identify weak keys or detect a lack of proper key rotation practices. This is a tool similar to https://github.com/vavkamil/dkimsc4n or https://github.com/ryancdotorg/dkimscan.
It is more efficient than existing tools since:
- It generates a custom list of DKIM selectors based on the domain name.
- It uses massdns to retrieve the records from the DNS servers.
- Python 3 + tldextract + cryptography
- massdns
You can run bash setup.sh to install the required python library (tldextract) and clone + build massdns.
To generate the bruteforce list:
python3 generate_dkim_selectors.py <domain> > dkim_selectors.txt
To bruteforce a domain's DKIM keys and detect weak RSA keys:
python3 get_dkim_from_domain.py <domain>
