Quick Tip #2 – dnsmap

dnsmap – command line utility to map out DNS records, bypassing the prohibition on zone transfers…

dnsmap is a great little tool to enumerate as many sub-domains on a target as possible. It’s very easy to use and add to a script. Here’s the parameters:

[root@legolas /]# dnsmap
dnsmap 0.30 – DNS Network Mapper by pagvac (gnucitizen.org)
usage: dnsmap [options]
options:
-w
-r
-c
-d
-i (useful if you’re obtaining false positives)
e.g.:
dnsmap target-domain.foo
dnsmap target-domain.foo -w yourwordlist.txt -r /tmp/domainbf_results.txt
dnsmap target-fomain.foo -r /tmp/ -d 3000
dnsmap target-fomain.foo -r ./domainbf_results.txt

Now a quick run for the wired.com domain… I stopped it before it completed as this was just an example for educational purposes only

[root@legolas /]# dnsmap wired.com           
dnsmap 0.30 – DNS Network Mapper by pagvac (gnucitizen.org)
[+] searching (sub)domains for wired.com using built-in wordlist
[+] using maximum random delay of 10 millisecond(s) between requests
accounts.wired.com
IP address #1: 199.232.64.239
al.wired.com
IP address #1: 206.221.206.72
ar.wired.com
IP address #1: 209.202.221.208
beta.wired.com
IP address #1: 199.232.66.194
blog.wired.com
IP address #1: 3.91.111.80
IP address #2: 52.206.152.173
br.wired.com
IP address #1: 209.202.221.209
bw.wired.com
IP address #1: 206.221.206.104
cl.wired.com
IP address #1: 209.202.221.208
co.wired.com
IP address #1: 209.202.221.208
cr.wired.com
IP address #1: 209.202.221.208
demo.wired.com
IP address #1: 192.168.243.17
[+] warning: internal IP address disclosed
do.wired.com
IP address #1: 209.202.221.208
downloads.wired.com
IP address #1: 199.232.64.239
e.wired.com
IP address #1: 184.51.156.42
f.wired.com
IP address #1: 52.206.152.173
IP address #2: 3.91.111.80
gp.wired.com
IP address #1: 206.221.207.10
gt.wired.com
IP address #1: 209.202.221.208
hl.wired.com
IP address #1: 206.221.207.17
hn.wired.com
IP address #1: 209.202.221.208
home.wired.com
IP address #1: 52.206.152.173
IP address #2: 3.91.111.80
labs.wired.com
IP address #1: 10.91.34.27
[+] warning: internal IP address disclosed
m.wired.com
IP address #1: 3.91.111.80
IP address #2: 52.206.152.173
mc.wired.com
IP address #1: 206.221.206.157
media.wired.com
IP address #1: 199.232.64.239
^C
[root@legolas /]#


*** This is a Security Bloggers Network syndicated blog from JeffSoh on NetSec authored by JeffSoh. Read the original post at: https://jeffsoh.blogspot.com/2020/04/quick-tip-2-dnsmap.html