How to use dnsmap 0.30

Introduction

Hello and welcome to another post, in this one we will go over dnsmap and how it works. I hope you enjoy it!!

What is dnsmap?

dnsmap was originally released back in 2006 and was inspired by the fictional story “The Thief No One Saw” by Paul Craig, which can be found in the book “Stealing the Network – How to 0wn the Box”.

dnsmap is mainly meant to be used by pentesters during the information gathering/enumeration phase of infrastructure security assessments. During the enumeration stage, the security consultant would typically discover the target company’s IP netblocks, domain names, phone numbers, etc …

Subdomain brute-forcing is another technique that should be used in the enumeration stage, as it’s especially useful when other domain enumeration techniques such as zone transfers don’t work (I rarely see zone transfers being publicly allowed these days by the way).

source: https://tools.kali.org/information-gathering/dnsmap

How to install dnsmap

Go to the github: https://github.com/makefu/dnsmap or git clone https://github.com/makefu/dnsmap.git

Now thats its on your system, cd dnsmap

Now compile by “make” or “gcc -Wall dnsmap.c -o dnsmap”

Now install by “make install” or “cp ./dnsmap /usr/local/bin/dnsmap

Setting up dnsmap for bulk bruteforce

The commands are below:

cp ./dnsmap-bulk.sh /usr/local/bin/

Now set permissions:

chmod ugo+x /usr/local/bin/dnsmap-bulk.sh

using dnsmap

Now we load it up and go dnsmap -h

so we going to use hackingarise.com for this, now we had look at the commands. Type dnsmap hackingarise.com and off we go –

As you can see its found some subdomains + ip addresses both ipv4 and ipv6

Awesome, now lets try saving it to a file. To do this type dnsmap hackingarise.com -r /tmp/post_results or whatever directory and name you want.

Lets have a look –

as you can see it saved to our chosen directory. Yay!!

dnsmap Overview

Things you can do with this program:
– find interesting remote access servers.
– find badly configured or unpatched servers.
– find new/un-used/unknowingly used domain names.

Sometimes you find that some bruteforced subdomains resolve to internal IP addresses (RFC 1918). This is great as sometimes they are real up-to-date A records which means that it *is* possible to enumerate internal servers of a target organization from the Internet by only using standard DNS resolving (as opposed to zone transfers for instance).

dnsmap also has built-in wordlists you can use for bruteforcing. So as you can see dnsmap is quite a useful tool and in the wrong hands can be quite bad so make sure you patch your servers and shit.

Thanks for reading this post and I hoped you enjoyed it! If you did then subscribe to our newsletter for daily updates on posts!!

DISCLAIMER

Hackingarise does not take responsiblity for any illegal actions you do with this information! We make these posts for the purpose of educational use and for people to know how attacks are laid out and work!