{"id":13816635,"url":"https://github.com/makefu/dnsmap","last_synced_at":"2025-03-16T15:30:41.309Z","repository":{"id":3087033,"uuid":"4111303","full_name":"makefu/dnsmap","owner":"makefu","description":"fork of http://code.google.com/p/dnsmap/source/checkout","archived":false,"fork":false,"pushed_at":"2017-09-11T16:50:45.000Z","size":71,"stargazers_count":110,"open_issues_count":0,"forks_count":32,"subscribers_count":11,"default_branch":"master","last_synced_at":"2024-05-23T10:31:25.246Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/makefu.png","metadata":{"files":{"readme":"README.txt","changelog":"Changelog.txt","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2012-04-23T09:10:35.000Z","updated_at":"2024-03-19T08:41:19.000Z","dependencies_parsed_at":"2022-09-10T20:40:59.712Z","dependency_job_id":null,"html_url":"https://github.com/makefu/dnsmap","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/makefu%2Fdnsmap","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/makefu%2Fdnsmap/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/makefu%2Fdnsmap/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/makefu%2Fdnsmap/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/makefu","download_url":"https://codeload.github.com/makefu/dnsmap/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":221665169,"owners_count":16860187,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T05:00:48.262Z","updated_at":"2024-10-27T10:49:09.448Z","avatar_url":"https://github.com/makefu.png","language":"C","funding_links":[],"categories":["Tools"],"sub_categories":[],"readme":"INTRODUCTION\n\ndnsmap was originally released back in 2006 and was inspired by the\nfictional story \"The Thief No One Saw\" by Paul Craig, which can be found\nin the book \"Stealing the Network - How to 0wn the Box\"\n\ndnsmap is mainly meant to be used by pentesters during the information\ngathering/enumeration phase of infrastructure security assessments. During the\nenumeration stage, the security consultant would typically discover the target\ncompany's IP netblocks, domain names, phone numbers, etc ...\n\nSubdomain brute-forcing is another technique that should be used in the\nenumeration stage, as it's especially useful when other domain enumeration\ntechniques such as zone transfers don't work (I rarely see zone transfers\nbeing *publicly* allowed these days by the way).\n\nIf you are interested in researching stealth computer intrusion techniques,\nI suggest reading this excellent (and fun) chapter which you can find for\n*free* on the web:\n\nhttp://www.ethicalhacker.net/content/view/45/2/\n\nI'm happy to say that dnsmap was included in Backtrack 2, 3 and 4 and has\nbeen reviewed by the community:\n\nhttp://backtrack.offensive-security.com/index.php?title=Tools\nhttp://www.networkworld.com/community/node/57543\nhttp://forums.remote-exploit.org/tutorials-guides/12746-dnsmap-tutorial.html\nhttp://www.linuxhaxor.net/2007/07/14/backtrack-2-information-gathering-all-dnsmap/\nhttp://www.darknet.org.uk/2009/03/dnsmap-022-released-subdomain-bruteforcing-tool/\n\n\nCOMPILING\n\nCompiling should be straightforward:\n\n$ make\n\nOr:\n\n$ gcc -Wall dnsmap.c -o dnsmap\n\n\nINSTALLATION\n\n# make install\n\nOr:\n\n# cp ./dnsmap /usr/local/bin/dnsmap\n\nIf you wish to bruteforce several target domains in bulk fashion, you can use the\nincluded dnsmap-bulk.sh script. Just copy the script to /usr/local/bin/ so you can \ncall it from any location. e.g.:\n\n# cp ./dnsmap-bulk.sh /usr/local/bin/\n\nAnd set execute permissions. e.g.:\n\n# chmod ugo+x /usr/local/bin/dnsmap-bulk.sh\n\n\nLIMITATIONS\n\nLack of multi-threading. This speed issue will hopefully be resolved in future versions.\n\n\nFUN THINGS THAT CAN HAPPEN\n\n1. Finding interesting remote access servers (e.g.: https://extranet.targetdomain.com)\n\n2. Finding badly configured and/or unpatched servers (e.g.: test.targetdomain.com)\n\n3. Finding new domain names which will allow you to map non-obvious/hard-to-find netblocks\n   of your target organization (registry lookups - aka whois is your friend)\n\n4. Sometimes you find that some bruteforced subdomains resolve to internal IP addresses\n   (RFC 1918). This is great as sometimes they are real up-to-date \"A\" records which means\n   that it *is* possible to enumerate internal servers of a target organization from the\n   Internet by only using standard DNS resolving (as oppossed to zone transfers for instance).\n\n5. Discover embedded devices configured using Dynamic DNS services (e.g.: linksys-cam.com).\n   This method is an alternative to finding devices via Google hacking techniques\n\nUSAGE\n\nBruteforcing can be done either with dnsmap's built-in wordlist or a user-supplied wordlist.\nResults can be saved in CSV and human-readable format for further processing. dnsmap does\nNOT require root privileges to be run, and should NOT be run with such privileges for\nsecurity reasons.\n\nThe usage syntax can be obtained by simply running dnsmap without any parameters:\n\n$ ./dnsmap\n\ndnsmap 0.30 - DNS Network Mapper by pagvac (gnucitizen.org)\n\nusage: dnsmap \u003ctarget-domain\u003e [options]\noptions:\n-w \u003cwordlist-file\u003e\n-r \u003cregular-results-file\u003e\n-c \u003ccsv-results-file\u003e\n-d \u003cdelay-millisecs\u003e\n-i \u003cips-to-ignore\u003e (useful if you're obtaining false positives)\n\nNote: delay value is a maximum random value. e.g.: if you enter 1000, each DNS request\nwill be delayed a *maximum* of 1 second. By default, dnsmap uses a value of 10 milliseconds\nof maximum delay between DNS lookups\n\n\nEXAMPLES\nSubdomain bruteforcing using dnsmap's built-in word-list:\n\n$ ./dnsmap targetdomain.foo\n\nSubdomain bruteforcing using a user-supplied wordlist:\n\n$ ./dnsmap targetdomain.foo -w wordlist.txt\n\nSubdomain bruteforcing using the built-in wordlist and saving the results to /tmp/ :\n\n$ ./dnsmap targetdomain.foo -r /tmp/\n\nSince no filename was provided in the previous example, but rather only a path, dnsmap would\ncreate an unique filename which includes the current timestamp. e.g.:\n/tmp/dnsmap_targetdomain_foo_2009_12_15_234953.txt\n\nExample of subdomain bruteforcing using the built-in wordlist, saving the results to /tmp/,\nand waiting a random maximum of 3 milliseconds between each request:\n\n$ ./dnsmap targetdomain.foo -r /tmp/ -d 300\n\nIt is recommended to use the -d (delay in milliseconds) option in cases where dnsmap is\ninterfering with your online experience. i.e.: killing your bandwidth\n\nSubdomain bruteforcing with 0.8 seconds delay, saving results in regular and CSV format,\nfiltering 2 user-provided IP and using a user-supplied wordlist:\n\n$ ./dnsmap targetdomain.foo -d 800 -r /tmp/ -c /tmp/ -i 10.55.206.154,10.55.24.100 -w ./wordlist_TLAs.txt\n\nFor bruteforcing a list of target domains in a bulk fashion use the bash script provided. e.g.:\n\n$ ./dnsmap-bulk.sh domains.txt /tmp/results/\n\n\nWORDLISTS\n\nhttp://packetstormsecurity.org/Crackers/wordlists/dictionaries/\nhttp://www.cotse.com/tools/wordlists1.htm\nhttp://wordlist.sourceforge.net/\n\n\nOTHER SIMILAR TOOLS - choice is freedom!\n\nWS-DNS-BFX\nhttp://ws.hackaholic.org/tools/WS-DNS-BFX.tgz\n\nDNSDigger\nhttp://www.ernw.de/download/dnsdigger.zip\n\nFierce Domain Scan\nhttp://ha.ckers.org/fierce/\n\nDesperate\nhttp://www.sensepost.com/research_misc.html\n\nDNSenum\nhttp://dnsenum.googlecode.com/files/dnsenum1.2.tar.gz\n\nReverseRaider\nhttp://complemento.sourceforge.net/\n\nKnock\nhttp://knock.gianniamato.it/\n\n\n--\npagvac | GNUCITIZEN.org\nFeb 2010\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmakefu%2Fdnsmap","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmakefu%2Fdnsmap","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmakefu%2Fdnsmap/lists"}