Home page logo

pen-test logo Penetration Testing mailing list archives

dnsmap: subdomain bruteforcer for stealth enumeration
From: pagvac <unknown.pentester () gmail com>
Date: Sun, 17 Sep 2006 21:58:49 +0100

I know that bruteforcing subdomains is nothing new, and I also know
that there are at least 3 tools out there that allow you to do this
(probably many many more :-D ). However, I couldn't find a subdomain
bruteforcer that allows me to:

- obtain *all* IP addresses (A records) associated to each
successfully bruteforced subdomain, rather than just one IP address
per subdomain
- abort the bruteforcing process in case the target domain uses
wildcards (subdomain enumeration becomes unfeasible in this case as
far as I know)
- be able to run the tool *without* providing a wordlist by using a
built-in list of keywords (however I also wanted to be able to run the
tool using a wordlist file as an option)

I attached 2 real examples using google.com. Why google? Because
everyone loves google :-D

GNU/Linux version: http://ikwt.com/projects/dnsmap/dnsmap-latest.tar
win32 version: http://ikwt.com/projects/dnsmap/dnsmap-win32-latest.zip

P.S.: please, remember all this tool does is resolve subdomains. *No*
packets are sent to the bruteforced subdomains.


Attachment: subdomain-bf-using-built-in-wordlist.txt

Attachment: subdomain-bf-using-external-wordlist.txt

This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

  By Date           By Thread  

Current thread:
  • dnsmap: subdomain bruteforcer for stealth enumeration pagvac (Sep 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]