Dnsmap

From aldeid
Jump to navigation Jump to search

Description

Dnsmap is mainly meant to be used by pentesters during the information gathering/enumeration phase of infrastructure security assessments. During the enumeration stage, the security consultant would typically discover the target company's IP netblocks, domain names, phone numbers, etc.

The tool enables to discover all subdomains associated to a given domain (e.g. from google.com, it is possible to discover mail.google.com, earth.google.com, sketchup.google.com, desktop.google.com, ...).

Subdomain brute-forcing is another technique that should be used in the enumeration stage, as it's especially useful when other domain enumeration techniques such as zone transfers don't work.

Installation

To install dnsmap, issue following commands:

$ cd /data/src/
$ wget http://dnsmap.googlecode.com/files/dnsmap-0.30.tar.gz
$ tar xzvf dnsmap-0.30.tar.gz
$ mkdir -p /pentest/enumeration/dns/
$ mv dnsmap-0.30/ /pentest/enumeration/dns/dnsmap/

Now compile dnsmap:

$ cd /pentest/enumeration/dns/dnsmap/
$ gcc -Wall dnsmap.c -o dnsmap

You should now have dnsmap executable in your directory:

$ ls dnsmap*
dnsmap  dnsmap-bulk.sh  dnsmap.c  dnsmap.h

Then test that you don't have any error:

$ ./dnsmap -h

Usage

Basic syntax

$ ./dnsmap <target-domain> [options]

Options

-w <wordlist-file>
Input file to use for brute force
-r <regular-results-file>
Export results as text format
-c <csv-results-file>
Save files as csv format
-d <delay-millisecs>
Maximum delay (in ms) between 2 DNS lookups
(default: 10 ms)
-i <ips-to-ignore>
Useful if you're obtaining false positives

Example

$ ./dnsmap google.com
dnsmap 0.30 - DNS Network Mapper by pagvac (gnucitizen.org)                                          
                                                                                                    
[+] searching (sub)domains for google.com using built-in wordlist                                    
[+] using maximum random delay of 10 millisecond(s) between requests                                 
                                                                                                    
ap.google.com
IP address #1: 209.85.135.104
IP address #2: 209.85.135.147
IP address #3: 209.85.135.103
IP address #4: 209.85.135.99
IP address #5: 209.85.135.105
IP address #6: 209.85.135.106

blog.google.com
IP address #1: 209.85.229.191

catalog.google.com
IP address #1: 209.85.229.101
IP address #2: 209.85.229.102
IP address #3: 209.85.229.100

catalogue.google.com
IP address #1: 209.85.229.101
IP address #2: 209.85.229.102
IP address #3: 209.85.229.100

d.google.com
IP address #1: 209.85.229.101
IP address #2: 209.85.229.102
IP address #3: 209.85.229.100

directory.google.com
IP address #1: 209.85.229.100
IP address #2: 209.85.229.101
IP address #3: 209.85.229.102

dl.google.com
IP address #1: 209.85.135.91
IP address #2: 209.85.135.190
IP address #3: 209.85.135.136
IP address #4: 209.85.135.93

download.google.com
IP address #1: 209.85.135.104
IP address #2: 209.85.135.147
IP address #3: 209.85.135.103
IP address #4: 209.85.135.99
IP address #5: 209.85.135.105
IP address #6: 209.85.135.106

downloads.google.com
IP address #1: 209.85.135.99
IP address #2: 209.85.135.105
IP address #3: 209.85.135.106
IP address #4: 209.85.135.104
IP address #5: 209.85.135.147
IP address #6: 209.85.135.103

email.google.com
IP address #1: 209.85.229.100
IP address #2: 209.85.229.101
IP address #3: 209.85.229.102

finance.google.com
IP address #1: 209.85.229.102
IP address #2: 209.85.229.100
IP address #3: 209.85.229.101

gd.google.com
IP address #1: 209.85.135.104
IP address #2: 209.85.135.147
IP address #3: 209.85.135.103
IP address #4: 209.85.135.99
IP address #5: 209.85.135.105
IP address #6: 209.85.135.106
...
... (truncated)
...

Comments