feat: add --auto-wildcard flag for automatic wildcard DNS detection

[zhaog100]

Summary

Adds --auto-wildcard flag for automatic wildcard DNS detection across multiple domains, addressing #924.

Changes

• New file: internal/runner/autowildcard.go — Auto-wildcard detection engine
• Modified: internal/runner/options.go — Added AutoWildcard option and --auto-wildcard flag
• Modified: internal/runner/runner.go — Integration with existing resolution pipeline

How it works

1. After initial DNS resolution, extracts root domains from all resolved hosts
2. Probes 3 random subdomains per root domain
3. If all probes resolve to the same IPs → domain is marked as wildcard
4. Hosts whose IPs match wildcard IPs are automatically filtered out

Usage

# Auto-detect wildcards across all domains in input
echo -e "sub1.example.com\nsub2.test.com" | dnsx --auto-wildcard

# With bruteforce
dnsx -d example.com -w wordlist.txt --auto-wildcard

Key Design Decisions

• Non-breaking: Existing -wd behavior unchanged; --auto-wildcard is opt-in
• Simple heuristic: 3 probes, all must resolve with common IPs → wildcard
• Per-domain detection: Works across multiple domains in a single run
• Reuses existing storage/output infrastructure (same as -wd path)

Closes #924

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 9d419961-f1b7-43ab-bb55-2993083aa342

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Tip

You can make CodeRabbit's review stricter and more nitpicky using the `assertive` profile, if that's what you prefer.

Change the reviews.profile setting to assertive to make CodeRabbit's nitpick more issues in your PRs.

[Mzack9999]

Thank you for the work! This PR has a clean scope, but the extractBaseDomain function only takes the last two labels of a hostname, which breaks for multi-level TLDs like .co.uk or .com.au. The issue has been resolved via #966, which uses publicsuffix.EffectiveTLDPlusOne for correct TLD handling, includes comprehensive tests, and extracts shared logic into projectdiscovery/utils. Closing in favor of that merged solution.