Hey friends, Hackingloops is back with another Know Your Backtrack Tutorial. In this tutorial we will be learning DNSMAP Tool for DNS information gathering. DNSMAP as the name suggest is DNS Network Mapper which is used for multiple purposes. Basically DNSMAP is an passive Network Mapper and often called as Sub domain brute force tool. This tool is mainly used by penetration testers and Hackers for DNS and sub domain information gathering. This is like most other DNS information gathering tools except one unique feature and that itself a worth to appreciate. Unlike other tools, where we use brute force technology to gather all sub domains we don’t have a feature to abort the brute forcing if domain uses wildcards technically you can say it producing false positives while enumerating sub domain data. So friends lets first discuss the key features of DNSMAP and what all we can gather using it.
|DNSMAP Tutorial KYB 3 Hackingloops|
- Obtain all A records (i.e. IP addresses) associated to each successfully brute forced sub domain, rather than just one IP address per sub domain.
- Abort the brute forcing process in case the target domain uses wildcards.
- Ability to be able to run the tool without providing a word list by using a built-in list of keywords.
- Brute forcing by using a user-supplied word list (as opposed to the built-in word list).
- Saving the results in human-readable and CSV format for easy processing.
- Improved built-in subdomains wordlist.
- New bash script (dnsmap-bulk.sh) included which allows running Dnsmap against a list of domains from a user-supplied file. i.e.: brute forcing several domains in a bulk fashion.
- Bypassing of signature-based Dnsmap detection by generating a proper pseudo-random sub domain when checking for wildcards (Unique Feature).
|DNSMAP Tutorial – 1|
|DNSMAP Tutorial – 2|
|DNSMAP Tutorial – 3|
Input file to use for brute force
Export results as text format
Save files as csv format
Maximum delay (in ms) between 2 DNS lookups(default: 10 ms)
Useful if you’re obtaining false positives
./dnsmap google.com -w yourwordlist.txt -r /tmp/domainbf_results.txt
./dnsmap google.com -r /tmp/ -d 3000
./dnsmap google.com -r ./subdomainbruteforce_results.txt
That’s all friends. If you have any queries ask us in form of comments. Feel free to contact us and Happy Learning.