Offensive Sec Blog

Security of Information, Threat Intelligence, Hacking, Offensive Security, Pentest, Open Source, Hackers Tools, Leaks, Pr1v8, Premium Courses Free, etc

Saturday, January 23, 2016

Passive DNS Network Mapper - dnsmap

           , ,       No comments    


dnsmap is mainly meant to be used by pentesters during the information gathering/enumeration phase of infrastructure security assessments. During the enumeration stage, the security consultant would typically discover the target company’s IP netblocks, domain names, phone numbers, etc …

Subdomain brute-forcing is another technique that should be used in the enumeration stage, as it’s especially useful when other domain enumeration techniques such as zone transfers don’t work (I rarely see zone transfers being publicly allowed these days by the way).




Passive DNS Network Mapper:

ºIPv6 support
ºMakefile included
ºdelay option (-d) added. This is useful in cases where dns map is killing your bandwidth
ºignore IPs option (-i) added. This allows ignoring user-supplied IPs from the results. Useful for domains which cause dns map to produce false positives
ºchanges made to make it compatible with OpenDNS
ºdisclosure of internal IP addresses (RFC 1918) are reported
ºupdated built-in wordlist
ºincluded a standalone three-letter acronym (TLA) subdomains wordlist
ºdomains susceptible to “same site” scripting are reported
ºcompletion time is now displayed to the user
ºmechanism to attempt to bruteforce wildcard-enabled domains
ºunique filename containing timestamp is now created when no specific output filename is supplied by user
ºvarious minor bugs fixed


Installation

$ cd /data/src/
$ wget http://dnsmap.googlecode.com/files/dnsmap-0.30.tar.gz
$ tar xzvf dnsmap-0.30.tar.gz
$ mkdir -p /pentest/enumeration/dns/
$ mv dnsmap-0.30/ /pentest/enumeration/dns/dnsmap/

Compile:

$ cd /pentest/enumeration/dns/dnsmap/
$ gcc -Wall dnsmap.c -o dnsmap

You should now have executable in your directory

Then test that you don’t have any error:

$ ./dnsmap -h

Usage

Basic syntax

$ ./dnsmap <target-domain> [options]

Options

º-w <wordlist-file>Input file to use for brute force
º-r <regular-results-file>Export results as text format
º-c <csv-results-file>Save files as csv format
º-d <delay-millisecs>Maximum delay (in ms) between 2 DNS lookups(default: 10 ms)
º-i <ips-to-ignore>Useful if you’re obtaining false positives

Share:

0 comentários:

Post a Comment

Note: Only a member of this blog may post a comment.

Copyright © Offensive Sec Blog | Powered by OffensiveSec
Design by OffSec | Theme by Nasa Records | Distributed By Pirate Edition