Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: New version of dnsmap out!

From: Adrian P <unknown.pentester () gmail com>
Date: Tue, 3 Mar 2009 21:52:43 +0000
thanks to user feedback i've fixed a few bugs, so version 0.22.2 has
been released:

http://lab.gnucitizen.org/projects/dnsmap

On Tue, Feb 24, 2009 at 8:11 PM, Adrian P <unknown.pentester () gmail com> wrote:

We just released a new version of dnsmap [1]. dnsmap is a subdomain
bruteforcer for stealth enumeration.

Originally released in 2006, dnsmap is mainly meant to be used by
pentesters during the information gathering/enumeration phase of
infrastructure security assessments. During the enumeration stage, the
security consultant would typically discover the target company’s IP
netblocks, domain names, phone numbers, etc. dnsmap was included [2]
in Backtrack 2 and 3, although the version included is the now dated
version 0.1.

Subdomain brute-forcing is another technique that should be used in
the enumeration stage, as it’s especially useful when other domain
enumeration techniques such as zone transfers don’t work (I rarely see
zone transfers being publicly allowed these days by the way).

Original Features of Version 0.1

   * obtain all IP addresses (A records) associated to each
successfully bruteforced subdomain, rather than just one IP address
per subdomain
   * abort the bruteforcing process in case the target domain uses wildcards
   * ability to be able to run the tool without providing a wordlist
by using a built-in list of keywords
   * bruteforcing by using a user-supplied wordlist (as opposed to
the built-in wordlist)

New Improvements in Version 0.22

   * saving the results in human-readable and CSV format for easy processing
   * fixed bug that disallowed reading wordlists with DOS CRLF format
   * improved built-in subdomains wordlist
   * new bash script (dnsmap-bulk.sh) included which allows running
dnsmap against a list of domains from a user-supplied file. i.e.:
bruteforcing several domains in a bulk fashion
   * bypassing of signature-based dnsmap detection [3] by generating
a proper pseudo-random subdomain when checking for wildcards

More info including usage and example on live domain:
http://www.gnucitizen.org/blog/new-version-of-dnsmap-out/

Download:
http://www.gnucitizen.org/static/blog/2009/02/dnsmap-022.tar

[1] http://lab.gnucitizen.org/projects/dnsmap-1
[2] http://backtrack.offensive-security.com/index.php?title=Tools
[3] https://lists.dns-oarc.net/pipermail/dns-operations/2006-September/001047.html

--
Adrian "pagvac" Pastor | GNUCITIZEN
gnucitizen.org
Previous By Date Next
Previous By Thread Next

Current thread: