Penetration Testing mailing list archives
dnsmap: subdomain bruteforcer for stealth enumeration
From: pagvac <unknown.pentester () gmail com>
Date: Sun, 17 Sep 2006 21:58:49 +0100
I know that bruteforcing subdomains is nothing new, and I also know that there are at least 3 tools out there that allow you to do this (probably many many more :-D ). However, I couldn't find a subdomain bruteforcer that allows me to: - obtain *all* IP addresses (A records) associated to each successfully bruteforced subdomain, rather than just one IP address per subdomain - abort the bruteforcing process in case the target domain uses wildcards (subdomain enumeration becomes unfeasible in this case as far as I know) - be able to run the tool *without* providing a wordlist by using a built-in list of keywords (however I also wanted to be able to run the tool using a wordlist file as an option) I attached 2 real examples using google.com. Why google? Because everyone loves google :-D GNU/Linux version: http://ikwt.com/projects/dnsmap/dnsmap-latest.tar win32 version: http://ikwt.com/projects/dnsmap/dnsmap-win32-latest.zip P.S.: please, remember all this tool does is resolve subdomains. *No* packets are sent to the bruteforced subdomains. -- pagvac [http://ikwt.com/]
Attachment:
subdomain-bf-using-built-in-wordlist.txt
Description:
Attachment:
subdomain-bf-using-external-wordlist.txt
Description:
------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------
Current thread:
- dnsmap: subdomain bruteforcer for stealth enumeration pagvac (Sep 17)