OffSec Blog

Security of Information, Threat Intelligence, Hacking, Offensive Security, Pentest, Open Source, Hackers Tools, Leaks, Pr1v8, Premium Courses Free, etc

Saturday, January 23, 2016

Passive DNS Network Mapper - dnsmap

      , ,       No comments    


dnsmap is mainly meant to be used by pentesters during the information gathering/enumeration phase of infrastructure security assessments. During the enumeration stage, the security consultant would typically discover the target company’s IP netblocks, domain names, phone numbers, etc …

Subdomain brute-forcing is another technique that should be used in the enumeration stage, as it’s especially useful when other domain enumeration techniques such as zone transfers don’t work (I rarely see zone transfers being publicly allowed these days by the way).




Passive DNS Network Mapper:

ÂşIPv6 support
ÂşMakefile included
Âşdelay option (-d) added. This is useful in cases where dns map is killing your bandwidth
Âşignore IPs option (-i) added. This allows ignoring user-supplied IPs from the results. Useful for domains which cause dns map to produce false positives
Âşchanges made to make it compatible with OpenDNS
Âşdisclosure of internal IP addresses (RFC 1918) are reported
Âşupdated built-in wordlist
Âşincluded a standalone three-letter acronym (TLA) subdomains wordlist
Âşdomains susceptible to “same site” scripting are reported
Âşcompletion time is now displayed to the user
Âşmechanism to attempt to bruteforce wildcard-enabled domains
Âşunique filename containing timestamp is now created when no specific output filename is supplied by user
Âşvarious minor bugs fixed


Installation

$ cd /data/src/
$ wget http://dnsmap.googlecode.com/files/dnsmap-0.30.tar.gz
$ tar xzvf dnsmap-0.30.tar.gz
$ mkdir -p /pentest/enumeration/dns/
$ mv dnsmap-0.30/ /pentest/enumeration/dns/dnsmap/

Compile:

$ cd /pentest/enumeration/dns/dnsmap/
$ gcc -Wall dnsmap.c -o dnsmap

You should now have executable in your directory

Then test that you don’t have any error:

$ ./dnsmap -h

Usage

Basic syntax

$ ./dnsmap <target-domain> [options]

Options

Âş-w <wordlist-file>Input file to use for brute force
Âş-r <regular-results-file>Export results as text format
Âş-c <csv-results-file>Save files as csv format
Âş-d <delay-millisecs>Maximum delay (in ms) between 2 DNS lookups(default: 10 ms)
Âş-i <ips-to-ignore>Useful if you’re obtaining false positives

Share:

0 comentários:

Post a Comment

Note: Only a member of this blog may post a comment.

Established in 2015. Offensive Sec Blog has been sharing security research, hacking tools, threat intelligence, and offensive security content since 2015.
Copyright © OffSec Blog | Powered by OffensiveSec
Design by OffSec | Built for the security community