все параметры
bullseye  ] [  bullseye-backports  ] [  bookworm  ] [  trixie  ] [  sid  ]
[ Источник: dnsmap  ]

Пакет: dnsmap (0.36-3 и другие)

Ссылки для dnsmap

Screenshot

Ресурсы Debian:

Исходный код dnsmap:

Сопровождающие:

Внешние ресурсы:

Подобные пакеты:

DNS domain name brute forcing tool

dnsmap scans a domain for common subdomains using a built-in or an external wordlist (if specified using -w option). The internal wordlist has around 1000 words in English and Spanish as ns1, firewall servicios and smtp. So will be possible search for smtp.example.com inside example.com automatically. Results can be saved in CSV and human-readable format for further processing. dnsmap does NOT require root privileges to be run, and should NOT be run with such privileges for security reasons.

dnsmap was originally released back in 2006 and was inspired by the fictional story "The Thief No One Saw" by Paul Craig, which can be found in the book "Stealing the Network - How to 0wn the Box".

dnsmap is mainly meant to be used by pentesters during the information gathering/enumeration phase of infrastructure security assessments. During the enumeration stage, the security consultant would typically discover the target company's IP netblocks, domain names, phone numbers, etc.

Subdomain brute-forcing is another technique that should be used in the enumeration stage, as it's especially useful when other domain enumeration techniques such as zone transfers don't work (I rarely see zone transfers being publicly allowed these days by the way).

Fun things that can happen: 

  1) Finding interesting remote access servers
     (e.g.: https:://extranet.example.com).
  2) Finding badly configured and/or unpatched servers
     (e.g.: test.example.com).
  3) Finding new domain names which will allow you to map
     non-obvious/hard-to-find netblocks of your target organization
     (registry lookups - aka whois is your friend).
  4) Sometimes you find that some bruteforced subdomains resolve to internal IP
     addresses (RFC 1918). This is great as sometimes they are real up-to-date
     "A" records which means that it is possible to enumerate internal servers
     of a target organization from the Internet by only using standard DNS
     resolving (as opposed to zone transfers for instance).
  5) Discover embedded devices configured using Dynamic DNS services
     (e.g.: IP Cameras). This method is an alternative to finding devices via
     Google hacking techniques.

This package provides two possible commands: dnsmap and dnsmap-bulk.

This program is useful for pentesters, ethical hackers and forensics experts. It also can be used for security tests.

Другие пакеты, относящиеся к dnsmap

  • зависимости
  • рекомендации
  • предложения
  • enhances

Загрузка dnsmap

Загрузить для всех доступных архитектур
Архитектура Версия Размер пакета В установленном виде Файлы
alpha (неофициальный перенос) 0.36-3 25,5 Кб300,0 Кб [список файлов]
amd64 0.36-3 26,7 Кб256,0 Кб [список файлов]
arm64 0.36-3 27,4 Кб300,0 Кб [список файлов]
armel 0.36-3 27,1 Кб299,0 Кб [список файлов]
armhf 0.36-3 26,1 Кб299,0 Кб [список файлов]
hppa (неофициальный перенос) 0.36-3 27,6 Кб252,0 Кб [список файлов]
i386 0.36-3 26,6 Кб255,0 Кб [список файлов]
ia64 (неофициальный перенос) 0.36-3 28,8 Кб266,0 Кб [список файлов]
m68k (неофициальный перенос) 0.36-3 27,0 Кб259,0 Кб [список файлов]
mips64el 0.36-3 27,6 Кб301,0 Кб [список файлов]
ppc64 (неофициальный перенос) 0.36-3 28,1 Кб300,0 Кб [список файлов]
ppc64el 0.36-3 28,3 Кб300,0 Кб [список файлов]
riscv64 0.36-3+b1 26,5 Кб253,0 Кб [список файлов]
s390x 0.36-3 26,2 Кб256,0 Кб [список файлов]
sh4 (неофициальный перенос) 0.36-3 30,3 Кб300,0 Кб [список файлов]
sparc64 (неофициальный перенос) 0.36-3 27,4 Кб1 261,0 Кб [список файлов]
x32 (неофициальный перенос) 0.36-3 26,7 Кб256,0 Кб [список файлов]