lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <b7a807650609171358v5e043723w8b5179d441ab62e8@mail.gmail.com>
Date: Sun, 17 Sep 2006 21:58:49 +0100
From: pagvac <unknown.pentester@...il.com>
To: pen-test@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: dnsmap: subdomain bruteforcer for stealth
	enumeration

I know that bruteforcing subdomains is nothing new, and I also know
that there are at least 3 tools out there that allow you to do this
(probably many many more :-D ). However, I couldn't find a subdomain
bruteforcer that allows me to:

- obtain *all* IP addresses (A records) associated to each
successfully bruteforced subdomain, rather than just one IP address
per subdomain
- abort the bruteforcing process in case the target domain uses
wildcards (subdomain enumeration becomes unfeasible in this case as
far as I know)
- be able to run the tool *without* providing a wordlist by using a
built-in list of keywords (however I also wanted to be able to run the
tool using a wordlist file as an option)

I attached 2 real examples using google.com. Why google? Because
everyone loves google :-D

GNU/Linux version: http://ikwt.com/projects/dnsmap/dnsmap-latest.tar
win32 version: http://ikwt.com/projects/dnsmap/dnsmap-win32-latest.zip


P.S.: please, remember all this tool does is resolve subdomains. *No*
packets are sent to the bruteforced subdomains.

-- 
pagvac
[http://ikwt.com/]

View attachment "subdomain-bf-using-built-in-wordlist.txt" of type "text/plain" (2975 bytes)

View attachment "subdomain-bf-using-external-wordlist.txt" of type "text/plain" (7369 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ