Information is very important for performing penetration testing, on a vary first step ethical hackers/penetration tester try to get the maximum information about the target.
The steps required for information gathering or footprinting has been discussed on earlier article click here to read.
After all there are some automatic tools present to gather the information and these tools also help out to map the victim network by using their officials websites.In this article we will cover about DNSMAP.
Dnsmap is a passive network mapper and normally known as subdomain brute forcer, it originally released on 2006, it used by pentesters during the information gathering/enumeration phase of infrastructure security assessments. Dnsmap is a open source and tested on linux based operating system although it can be used on FreeBSD and windows plate form by using Cygwin, dnsmap was included in Backtrack 2, 3 and 4
- IPv6 support
- Makefile included
- delay option (-d) added. This is useful in cases where dnsmap is killing your bandwidth
- ignore IPs option (-i) added. This allows ignoring user-supplied IPs from the results. Useful for domains which cause dnsmap to produce false positives
- changes made to make dnsmap compatible with OpenDNS
- disclosure of internal IP addresses (RFC 1918) are reported
- updated built-in wordlist
- included a standalone three-letter acronym (TLA) subdomains wordlist
- domains susceptible to “same site” scripting are reported
- completion time is now displayed to the user
- mechanism to attempt to bruteforce wildcard-enabled domains
- unique filename containing timestamp is now created when no specific output filename is supplied by user
- various minor bugs fixed
After downloading extract it now open terminal and go on the place where you have extract dnsmap and follow these steps:
- Type gcc dnsmap.c -o dnsmap or g++ dnsmap.c -o dnsmap make sure you have installed C compiler
- After this make it executable type chmod +x dnsmap
- And than run it by typing ./dnsmap domain.com
$ dnsmap baidu.com dnsmap 0.22 - DNS Network Mapper by pagvac (gnucitizen.org) [+] searching (sub)domains for baidu.com using built-in wordlist accounts.baidu.com IP address #1: 10.11.252.74 events.baidu.com IP address #1: 126.96.36.199 finance.baidu.com IP address #1: 188.8.131.52