RapidDNS
v1.0.0DNS reconnaissance and subdomain enumeration using rapiddns-cli (RapidDNS API). Use when: searching subdomains of a domain, reverse IP lookup, CIDR enumerati...
⭐ 0· 100·0 current·0 all-time
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (DNS reconnaissance, subdomain enumeration) align with the SKILL.md and references. No unrelated credentials, binaries, or config paths are requested by the skill metadata that would be inconsistent with DNS recon.
Instruction Scope
Runtime instructions are limited to installing/using the rapiddns-cli binary, running search/export commands, and configuring an API key via the CLI. The instructions do not direct reading unrelated local files, accessing unrelated services, or transmitting data to unexpected endpoints.
Install Mechanism
The skill is instruction-only (no install spec). It recommends downloading pre-built releases from GitHub or using 'go install', both common for CLI tools. The README shows curl | tar extraction and a sudo mv step — standard but requires the user to trust the GitHub release artifacts.
Credentials
No environment variables are declared in the registry metadata, which is reasonable because the API key is managed via the CLI ('rapiddns-cli config set-key'). Full functionality requires a RapidDNS API key; this is proportional to the described features. Users should be aware the key will be stored locally by the CLI (the SKILL.md does not state the storage location or format).
Persistence & Privilege
The skill does not request persistent/system-wide privileges in the registry (always:false) and does not modify other skills or global agent settings. Allowing the agent to invoke the skill autonomously is the platform default and not by itself concerning.
Assessment
This skill is internally consistent: it documents installing a third‑party CLI and using a RapidDNS API key to perform DNS reconnaissance. Before installing or running commands: 1) verify the GitHub repository and release artifacts (use checksums/signatures if available) before running curl | tar | sudo mv; 2) avoid running binaries from unknown sources as root; 3) confirm where rapiddns-cli stores the API key (local config file) and whether it is stored encrypted; 4) use a dedicated RapidDNS API key with minimal permissions and be prepared to revoke it if needed; 5) be aware the CLI will contact rapiddns.io (see references/api.md) — do not supply other unrelated secrets to the tool. If you need greater assurance, ask the skill author for the repository URL, release checksums, or the exact config file path used to store API keys.Like a lobster shell, security has layers — review code before you run it.
latest
rapiddns — DNS Reconnaissance via RapidDNS
Installation
rapiddns-cli is cross-platform. Install via pre-built binary (recommended) or Go.
Option 1: Pre-built Binary (Recommended)
Download from GitHub Releases:
| Platform | File |
|---|---|
| macOS (Intel) | rapiddns_*_darwin_amd64.tar.gz |
| macOS (Apple Silicon) | rapiddns_*_darwin_arm64.tar.gz |
| Linux (x86_64) | rapiddns_*_linux_amd64.tar.gz |
| Linux (ARM64) | rapiddns_*_linux_arm64.tar.gz |
| Windows (x86_64) | rapiddns_*_windows_amd64.zip |
# Linux/macOS example
VERSION="1.0.2"
OS="linux" # or "darwin" for macOS
ARCH="amd64" # or "arm64"
curl -sL "https://github.com/rapiddns/rapiddns-cli/releases/download/v${VERSION}/rapiddns_v${VERSION}_${OS}_${ARCH}.tar.gz" | tar xz
sudo mv rapiddns /usr/local/bin/
rapiddns-cli --help
Option 2: Go Install
Requires Go 1.24+:
go install github.com/rapiddns/rapiddns-cli@latest
Binary is placed in $GOPATH/bin (usually ~/go/bin). Add to PATH:
echo 'export PATH=$PATH:$(go env GOPATH)/bin' >> ~/.bashrc # Linux
# or ~/.zshrc on macOS
API Key Configuration
Full features (export, unlimited search) require an API key from https://rapiddns.io/user/profile
rapiddns-cli config set-key <API_KEY>
rapiddns-cli config get-key # verify
Without a key, search results are limited and export is disabled.
Common Workflows
Subdomain Search
# Basic — all records for a domain
rapiddns-cli search example.com
# Force search type (when auto-detect fails)
rapiddns-cli search 1.2.3.4 --type ip
# Auto-paginate up to 5000 records
rapiddns-cli search example.com --max 5000
Extract Subdomains / IPs
# Subdomains only (deduplicated text list)
rapiddns-cli search example.com --extract-subdomains
# IPs only + subnet statistics
rapiddns-cli search example.com --extract-ips
# Both
rapiddns-cli search example.com --extract-subdomains --extract-ips
Reverse IP & CIDR
# Reverse IP — what domains point to this IP?
rapiddns-cli search 1.2.3.4
# CIDR range — enumerate an entire subnet
rapiddns-cli search 129.134.0.0/16 --max 10000
Advanced Query
Use Elasticsearch-style syntax for complex queries:
# All A records for apple.com subdomains (domain = 2nd-level only!)
rapiddns-cli search "domain:apple AND type:A" --type advanced
# Specific subdomain pattern
rapiddns-cli search "subdomain:admin.* AND tld:com" --type advanced
# MX records for a domain
rapiddns-cli search "type:MX AND domain:baidu" --type advanced
# Exact subdomain lookup
rapiddns-cli search 'subdomain:"mail.google.com"' --type advanced
Export (Requires API Key)
Automated workflow: trigger → poll → download → extract:
# Full export with subdomain + IP extraction
rapiddns-cli export start example.com --max 100000 --extract-subdomains --extract-ips
# Advanced query export
rapiddns-cli export start "domain:example AND type:A" --type advanced
Results saved to result/ directory.
Output Formats & Piping
# JSON (default)
rapiddns-cli search example.com -o json
# CSV
rapiddns-cli search example.com -o csv -f results.csv
# Text — pipe-friendly (stdout = clean data, stderr = status)
rapiddns-cli search example.com --column subdomain -o text | sort -u > subdomains.txt
# Silent mode — extract to files only, no console output
rapiddns-cli search example.com --extract-subdomains --silent
Field Reference
| Field | Description |
|---|---|
| subdomain | The subdomain (e.g. www.example.com) |
| type | DNS record type (A, AAAA, CNAME, MX, NS, TXT, etc.) |
| value | Record value (IP, target, etc.) |
| timestamp | Last observation timestamp |
| date | Date of last observation |
Advanced Query Syntax
| Operator | Example |
|---|---|
| Domain (2nd-level only) | domain:apple ⚠️ NOT domain:apple.com |
| Type filter | type:A, type:MX, type:CNAME |
| TLD filter | tld:com, tld:cn |
| Subdomain match | subdomain:apple.com* (trailing wildcard) |
| Exact subdomain | subdomain:"a.ns.example.com" |
| Value/IP | value:"1.1.1.1" |
| Boolean | domain:apple AND type:A |
| Negation | domain:apple AND NOT subdomain:www.* |
Available fields: domain, tld, subdomain, value, type, is_root
⚠️ domain 字段是二级域名(不含 TLD):用 domain:baidu,不要用 domain:baidu.com
Important: Date Accuracy
- Use
-o textfor displaying results with dates — includes subdomain, type, value, date. - Use
--column subdomain -o textfor pure subdomain lists (pipe to other tools). - JSON output (
-o json) also includes dates but needs parsing; prefer-o textfor display. - Dates come directly from the API and match the rapiddns.io website exactly.
Response Language
- Match the user's language. If they ask in Chinese, respond in Chinese. If English, respond in English.
- CLI output (tables, lists) stays as-is (machine output). Summaries and explanations follow the user's language.
Display results
# Tab-separated table with dates (sorted newest first by default)
rapiddns-cli search <target> --max 5000 -o text 2>/dev/null
# Pure subdomain list for piping
rapiddns-cli search <target> --max 5000 --column subdomain -o text 2>/dev/null | sort -u
Tips
- Use
--silentwhen piping or saving to file to suppress console output - Note:
--silentwith--extract-subdomainsstill prints the extracted file path to stdout (CLI behavior) --maxauto-paginates — no need to manually loop pages- Without API key: search works but limited results; export disabled
- For large-scale recon, combine
--extract-subdomainswith other tools via pipe
Comments
Loading comments...