dnsmap: subdomain bruteforcer for stealth enumeration

[pagvac <unknown.pentester () gmail com>]

I know that bruteforcing subdomains is nothing new, and I also know
that there are at least 3 tools out there that allow you to do this
(probably many many more :-D ). However, I couldn't find a subdomain
bruteforcer that allows me to:

- obtain *all* IP addresses (A records) associated to each
successfully bruteforced subdomain, rather than just one IP address
per subdomain
- abort the bruteforcing process in case the target domain uses
wildcards (subdomain enumeration becomes unfeasible in this case as
far as I know)
- be able to run the tool *without* providing a wordlist by using a
built-in list of keywords (however I also wanted to be able to run the
tool using a wordlist file as an option)

I attached 2 real examples using google.com. Why google? Because
everyone loves google :-D

GNU/Linux version: http://ikwt.com/projects/dnsmap/dnsmap-latest.tar
win32 version: http://ikwt.com/projects/dnsmap/dnsmap-win32-latest.zip


P.S.: please, remember all this tool does is resolve subdomains. *No*
packets are sent to the bruteforced subdomains.

--
pagvac
[http://ikwt.com/]

Attachment: subdomain-bf-using-built-in-wordlist.txt
Description:

Attachment: subdomain-bf-using-external-wordlist.txt
Description:

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------