Author: pagvac
License: GNU General Public License v2.0
dnsmap was originally released back in 2006 and was inspired by the fictional story "The Thief No One Saw" by Paul Craig, which can be found in the book "Stealing the Network – How to 0wn the Box".
dnsmap is mainly meant to be used by pentesters during the information gathering/enumeration phase of infrastructure security assessments. During the enumeration stage, the security consultant would typically discover the target company's IP netblocks, domain names, phone numbers...
Subdomain brute-forcing is another technique that should be used in the enumeration stage, as it's especially useful when other domain enumeration techniques such as zone transfers don't work.
Tools included in the dnsmap
dnsmap – DNS domain name brute forcing tool dnsmap-bulk.sh – DNS domain name brute forcing tool
dnsmap usage example
dnsmap: Scan a website like example.com with a wordlist like /usr/share/wordlists/dnsmap.txt:
dnsmap-bulk: Create a file containing domain names like domains.txt to scan and pass it to dnsmap-bulk.sh
Install dnsmap
Note: dnsmap is already installed on Kali Linux, Parrot Security OS, BlackArch, DracOS and other pentesting OS.
Screenshots of dnsmap
No comments:
Post a Comment