Dnsmap- DNS Network Mapper

Information is very important for performing penetration testing, on a vary first step ethical hackers/penetration tester try to get the maximum information about the target.
The steps required for information gathering or footprinting has been discussed on earlier article click here to read.
After all there are some automatic tools present to gather the information and these tools also help out to map the victim network by using their officials websites.In this article we will cover about DNSMAP.

Dnsmap is a passive network mapper and normally known as subdomain brute forcer, it originally released on 2006, it used by pentesters during the information gathering/enumeration phase of infrastructure security assessments. Dnsmap is a open source and tested on linux based operating system although it can be used on FreeBSD and windows plate form by using Cygwin, dnsmap was included in Backtrack 2, 3 and 4

Key Features
  • IPv6 support
  • Makefile included
  • delay option (-d) added. This is useful in cases where dnsmap is killing your bandwidth
  • ignore IPs option (-i) added. This allows ignoring user-supplied IPs from the results. Useful for domains which cause dnsmap to produce false positives
  • changes made to make dnsmap compatible with OpenDNS
  • disclosure of internal IP addresses (RFC 1918) are reported
  • updated built-in wordlist
  • included a standalone three-letter acronym (TLA) subdomains wordlist
  • domains susceptible to “same site” scripting are reported
  • completion time is now displayed to the user
  • mechanism to attempt to bruteforce wildcard-enabled domains
  • unique filename containing timestamp is now created when no specific output filename is supplied by user
  • various minor bugs fixed

DNSMAP Tutorial

After downloading extract it now open terminal and go on the place where you have extract dnsmap and follow these steps:
  • Type   gcc dnsmap.c -o dnsmap    or  g++ dnsmap.c -o dnsmap make sure you have installed C compiler  
  • After this make it executable type chmod +x dnsmap 
  • And than run it by typing ./dnsmap domain.com 

$ dnsmap baidu.com
dnsmap 0.22 - DNS Network Mapper by pagvac (gnucitizen.org)

[+] searching (sub)domains for baidu.com using built-in wordlist

IP address #1:

IP address #1:

IP address #1:

Note: If you enjoyed this post, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

The Complete OSINT Tutorial to Find Personal Information About Anyone

This article mainly focuses on how to discover a person's digital footprint and gather personal data by using open-source intelligence (OSINT). So, in its...

How to find the password of hacked email addresses using OSINT

Open-source intelligence or OSINT is a potent technique, and it can give a lot of valuable information, if implemented correctly with the right strategy...

How to Identify Company’s Hacked Email Addresses Using Maltego & HaveIbeenPawned

This article is part of the Maltego OSINT tutorial, where you will learn to identify the already hacked account, and it’s password using the...

5 Key Vulnerabilities in Global Payroll

The cyber threat against payroll is growing in sophistication and frequency, according to the latest FBI cybercrime report. Many of these attacks exploit fixable...