Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] dnsmap: subdomain bruteforcer for stealth enumeration

from [pagvac] Network Security [Permanent Link]
Subject: [Full-disclosure] dnsmap: subdomain bruteforcer for stealth enumeration
Date: Sun, 17 Sep 2006 21:58:49 +0100 
I know that bruteforcing subdomains is nothing new, and I also know
that there are at least 3 tools out there that allow you to do this
(probably many many more :-D ). However, I couldn't find a subdomain
bruteforcer that allows me to:

- obtain *all* IP addresses (A records) associated to each
successfully bruteforced subdomain, rather than just one IP address
per subdomain
- abort the bruteforcing process in case the target domain uses
wildcards (subdomain enumeration becomes unfeasible in this case as
far as I know)
- be able to run the tool *without* providing a wordlist by using a
built-in list of keywords (however I also wanted to be able to run the
tool using a wordlist file as an option)

I attached 2 real examples using google.com. Why google? Because
everyone loves google :-D

GNU/Linux version: http://ikwt.com/projects/dnsmap/dnsmap-latest.tar
win32 version: http://ikwt.com/projects/dnsmap/dnsmap-win32-latest.zip


P.S.: please, remember all this tool does is resolve subdomains. *No*
packets are sent to the bruteforced subdomains.

--
pagvac
[http://ikwt.com/]

Attachment: subdomain-bf-using-built-in-wordlist.txt
Description: Text document

Attachment: subdomain-bf-using-external-wordlist.txt
Description: Text document

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] dnsmap: subdomain bruteforcer for stealth enumeration, pagvac <=
Previous by Date:  RE: https web crawler, Erin Carroll
Next by Date:  Re: Penetration Testing work effort, Christine Kronberg
Previous by Thread:  https web crawler, Leece, Doug
Next by Thread:  Pen-Test setup, netangle
Indexes:  [Date] [Thread] [Top] [All Lists]