Main features
I know that bruteforcing subdomains is nothing new, and I also know that there are at least 3 tools out there that allow you to do this (probably many many more :-D ). However, I couldn't find a subdomain brute-forcer that allows me to:
- - obtain all IP addresses (A records) associated to each successfully bruteforced subdomain, rather than just one IP address per subdomain
- - abort the bruteforcing process in case the target domain uses wildcards (subdomain enumeration becomes unfeasible in this case as far as I know)
- - be able to run the tool without providing a wordlist by using a built-in list of keywords (however I also wanted to be able to run the tool using a wordlist file as an option)
Version 0.22 improvements
Version 0.22 added some improvements such as:
- - saving the results in human-readable and CSV format for easy processing
- - fixed bug that disallowed reading wordlists with DOS CRLF format
- - improved built-in subdomains wordlist
- - it also includes a bash script - dnsmap-bulk.sh - for running dnsmap against a list of domains from a user-supplied file. i.e.: bruteforcing several domains in a bulk fashion
- - bypassing of signature-based dnsmap detection by generating a proper pseudo-random subdomain when checking for wildcards
No hay comentarios:
Publicar un comentario