viernes, 27 de febrero de 2009

dnsmap - Subdomain Bruteforcer for Stealth Enumeration

Main features
I know that bruteforcing subdomains is nothing new, and I also know that there are at least 3 tools out there that allow you to do this
(probably many many more :-D ). However, I couldn't find a subdomain brute-forcer that allows me to:

  • - obtain all IP addresses (A records) associated to each successfully bruteforced subdomain, rather than just one IP address per subdomain
  • - abort the bruteforcing process in case the target domain uses wildcards (subdomain enumeration becomes unfeasible in this case as far as I know)
  • - be able to run the tool without providing a wordlist by using a built-in list of keywords (however I also wanted to be able to run the tool using a wordlist file as an option)

Version 0.22 improvements
Version 0.22 added some improvements such as:

  • - saving the results in human-readable and CSV format for easy processing
  • - fixed bug that disallowed reading wordlists with DOS CRLF format
  • - improved built-in subdomains wordlist
  • - it also includes a bash script - - for running dnsmap against a list of domains from a user-supplied file. i.e.: bruteforcing several domains in a bulk fashion
  • - bypassing of signature-based dnsmap detection by generating a proper pseudo-random subdomain when checking for wildcards

Web y descarga

No hay comentarios: