[dns-operations] dnsmap: subdomain bruteforcer for stealth enumeration (fwd)
Paul Vixie
paul at vix.com
Mon Sep 18 15:53:46 UTC 2006
(thanks to gadi evron for forwarding a copy of this.)
---------- Forwarded message ----------
Date: Sun, 17 Sep 2006 21:58:49 +0100
From: pagvac <unknown.pentester at gmail.com>
To: pen-test at securityfocus.com, full-disclosure at lists.grok.org.uk
Subject: dnsmap: subdomain bruteforcer for stealth enumeration
Resent-Date: Sun, 17 Sep 2006 22:57:21 -0600 (MDT)
Resent-From: pen-test-return-1078482437 at securityfocus.com
I know that bruteforcing subdomains is nothing new, and I also know that there
are at least 3 tools out there that allow you to do this (probably many many
more :-D ). However, I couldn't find a subdomain bruteforcer that allows me
to:
- obtain *all* IP addresses (A records) associated to each successfully
bruteforced subdomain, rather than just one IP address per subdomain
- abort the bruteforcing process in case the target domain uses wildcards
(subdomain enumeration becomes unfeasible in this case as far as I know)
- be able to run the tool *without* providing a wordlist by using a built-in
list of keywords (however I also wanted to be able to run the tool using a
wordlist file as an option)
I attached 2 real examples using google.com. Why google? Because everyone
loves google :-D
GNU/Linux version: http://ikwt.com/projects/dnsmap/dnsmap-latest.tar
win32 version: http://ikwt.com/projects/dnsmap/dnsmap-win32-latest.zip
P.S.: please, remember all this tool does is resolve subdomains. *No*
packets are sent to the bruteforced subdomains.
--
pagvac
[http://ikwt.com/]
-------------------------------------------------------
-------------- next part --------------
$ dnsmap google.com
dnsmap - DNS Network Mapper by pagvac
(http://ikwt.com, http://foro.elhacker.net)
Searching subhosts on domain google.com
blog.google.com
IP Address #1:66.102.15.100
catalog.google.com
IP Address #1:72.14.203.133
catalogue.google.com
IP Address #1:72.14.203.133
directory.google.com
IP Address #1:66.249.93.147
IP Address #2:66.249.93.99
IP Address #3:66.249.93.104
download.google.com
IP Address #1:66.102.11.99
IP Address #2:66.102.11.104
downloads.google.com
IP Address #1:66.102.11.104
IP Address #2:66.102.11.99
email.google.com
IP Address #1:66.249.91.107
finance.google.com
IP Address #1:66.102.11.99
IP Address #2:66.102.11.104
groups.google.com
IP Address #1:64.233.167.99
IP Address #2:64.233.167.104
IP Address #3:64.233.167.147
images.google.com
IP Address #1:64.233.183.103
IP Address #2:64.233.183.104
IP Address #3:64.233.183.99
IP Address #4:64.233.183.147
labs.google.com
IP Address #1:216.239.53.132
IP Address #2:216.239.37.132
mail.google.com
IP Address #1:66.249.91.19
IP Address #2:66.249.91.83
IP Address #3:66.249.91.18
mobile.google.com
IP Address #1:66.249.93.104
IP Address #2:66.249.93.147
IP Address #3:66.249.93.99
news.google.com
IP Address #1:64.233.183.104
IP Address #2:64.233.183.99
IP Address #3:64.233.183.147
IP Address #4:64.233.183.103
proxy.google.com
IP Address #1:64.233.169.4
IP Address #2:64.233.171.4
IP Address #3:64.233.177.4
IP Address #4:64.233.179.4
IP Address #5:64.233.181.4
IP Address #6:64.233.183.4
IP Address #7:64.233.184.4
IP Address #8:66.102.7.4
IP Address #9:66.102.9.4
IP Address #10:216.239.37.5
IP Address #11:216.239.39.5
IP Address #12:216.239.42.4
IP Address #13:216.239.53.4
IP Address #14:216.239.55.5
IP Address #15:216.239.57.4
IP Address #16:216.239.59.4
IP Address #17:64.233.187.4
IP Address #18:66.102.0.4
IP Address #19:66.102.14.225
IP Address #20:66.102.14.241
IP Address #21:64.233.161.4
IP Address #22:64.233.165.4
IP Address #23:64.233.167.4
sandbox.google.com
IP Address #1:216.239.57.81
search.google.com
IP Address #1:66.249.93.99
IP Address #2:66.249.93.104
IP Address #3:66.249.93.147
services.google.com
IP Address #1:216.239.57.110
IP Address #2:216.239.37.110
shopping.google.com
IP Address #1:66.249.93.104
IP Address #2:66.249.93.99
IP Address #3:66.249.93.147
smtp.google.com
IP Address #1:216.239.57.25
sms.google.com
IP Address #1:66.249.93.99
IP Address #2:66.249.93.104
IP Address #3:66.249.93.147
support.google.com
IP Address #1:216.239.57.129
uploads.google.com
IP Address #1:72.14.200.3
vpn.google.com
IP Address #1:64.9.224.70
IP Address #2:64.9.224.68
IP Address #3:64.9.224.69
www.google.com
IP Address #1:66.249.93.99
IP Address #2:66.249.93.104
IP Address #3:66.249.93.147
www2.google.com
IP Address #1:64.233.179.104
www3.google.com
IP Address #1:64.233.179.104
27 subhost(s) found
-------------- next part --------------
$ dnsmap google.com wordlist.txt
dnsmap - DNS Network Mapper by pagvac
(http://ikwt.com, http://foro.elhacker.net)
Searching subhosts on domain google.com
America.google.com
IP Address #1:64.233.183.104
IP Address #2:64.233.183.147
IP Address #3:64.233.183.99
IP Address #4:64.233.183.103
Asia.google.com
IP Address #1:66.102.7.99
IP Address #2:66.102.7.147
IP Address #3:66.102.7.104
Eudora.google.com
IP Address #1:64.233.183.104
IP Address #2:64.233.183.147
IP Address #3:64.233.183.103
IP Address #4:64.233.183.99
Hedwig.google.com
IP Address #1:72.14.200.3
ads.google.com
IP Address #1:64.233.183.112
america.google.com
IP Address #1:64.233.183.104
IP Address #2:64.233.183.147
IP Address #3:64.233.183.99
IP Address #4:64.233.183.103
answer.google.com
IP Address #1:216.239.57.88
IP Address #2:64.233.167.88
answers.google.com
IP Address #1:64.233.167.88
IP Address #2:216.239.57.88
asia.google.com
IP Address #1:66.102.7.99
IP Address #2:66.102.7.147
IP Address #3:66.102.7.104
base.google.com
IP Address #1:66.249.93.104
IP Address #2:66.249.93.99
bernadine.google.com
IP Address #1:216.239.39.143
book.google.com
IP Address #1:72.14.203.133
books.google.com
IP Address #1:72.14.203.133
calendar.google.com
IP Address #1:66.102.11.99
IP Address #2:66.102.11.104
code.google.com
IP Address #1:66.102.11.104
IP Address #2:66.102.11.99
compute.google.com
IP Address #1:64.233.171.134
console.google.com
IP Address #1:216.239.57.128
d.google.com
IP Address #1:64.233.183.147
IP Address #2:64.233.183.104
IP Address #3:64.233.183.99
IP Address #4:64.233.183.103
desktop.google.com
IP Address #1:64.233.183.103
IP Address #2:64.233.183.99
IP Address #3:64.233.183.104
IP Address #4:64.233.183.147
dexter.google.com
IP Address #1:216.239.45.33
directory.google.com
IP Address #1:64.233.183.147
IP Address #2:64.233.183.99
IP Address #3:64.233.183.103
IP Address #4:64.233.183.104
dl.google.com
IP Address #1:66.249.93.91
IP Address #2:66.249.93.93
download.google.com
IP Address #1:66.102.11.99
IP Address #2:66.102.11.104
earth.google.com
IP Address #1:64.233.183.147
IP Address #2:64.233.183.103
IP Address #3:64.233.183.99
IP Address #4:64.233.183.104
email.google.com
IP Address #1:66.249.91.107
eudora.google.com
IP Address #1:64.233.183.104
IP Address #2:64.233.183.147
IP Address #3:64.233.183.103
IP Address #4:64.233.183.99
europe.google.com
IP Address #1:64.233.183.99
IP Address #2:64.233.183.103
IP Address #3:64.233.183.147
IP Address #4:64.233.183.104
fusion.google.com
IP Address #1:66.102.11.99
IP Address #2:66.102.11.104
gap.google.com
IP Address #1:216.239.59.210
gnome.google.com
IP Address #1:64.233.167.25
group.google.com
IP Address #1:64.233.167.104
IP Address #2:64.233.167.99
IP Address #3:64.233.167.147
groups.google.com
IP Address #1:64.233.167.99
IP Address #2:64.233.167.147
IP Address #3:64.233.167.104
ham.google.com
IP Address #1:64.233.179.210
hedwig.google.com
IP Address #1:72.14.200.3
image.google.com
IP Address #1:66.102.9.99
IP Address #2:66.102.9.104
IP Address #3:66.102.9.147
images.google.com
IP Address #1:66.102.9.147
IP Address #2:66.102.9.99
IP Address #3:66.102.9.104
jam.google.com
IP Address #1:64.233.187.210
jump.google.com
IP Address #1:66.102.9.104
IP Address #2:66.102.9.147
IP Address #3:66.102.9.99
kh.google.com
IP Address #1:216.239.59.93
IP Address #2:216.239.59.91
labs.google.com
IP Address #1:216.239.37.132
IP Address #2:216.239.53.132
local.google.com
IP Address #1:66.102.11.104
IP Address #2:66.102.11.99
localhost.google.com
IP Address #1:127.0.0.1
m.google.com
IP Address #1:66.102.9.147
IP Address #2:66.102.9.99
IP Address #3:66.102.9.104
mad.google.com
IP Address #1:66.102.7.210
mail.google.com
IP Address #1:72.14.205.83
IP Address #2:72.14.205.19
map.google.com
IP Address #1:66.102.11.104
IP Address #2:66.102.11.99
maps.google.com
IP Address #1:66.102.11.99
IP Address #2:66.102.11.104
mars.google.com
IP Address #1:66.102.9.104
IP Address #2:66.102.9.99
IP Address #3:66.102.9.147
mini.google.com
IP Address #1:66.102.9.99
IP Address #2:66.102.9.147
IP Address #3:66.102.9.104
moon.google.com
IP Address #1:66.102.9.147
IP Address #2:66.102.9.104
IP Address #3:66.102.9.99
mt.google.com
IP Address #1:216.239.59.104
IP Address #2:216.239.59.99
IP Address #3:216.239.59.103
IP Address #4:216.239.59.147
news.google.com
IP Address #1:64.233.183.99
IP Address #2:64.233.183.103
IP Address #3:64.233.183.147
IP Address #4:64.233.183.104
ns.google.com
IP Address #1:216.239.32.10
ns1.google.com
IP Address #1:216.239.32.10
ns2.google.com
IP Address #1:216.239.34.10
pack.google.com
IP Address #1:66.102.11.104
IP Address #2:66.102.11.99
page.google.com
IP Address #1:64.233.179.93
IP Address #2:64.233.179.91
pages.google.com
IP Address #1:64.233.179.91
IP Address #2:64.233.179.93
paw.google.com
IP Address #1:64.233.167.210
posting.google.com
IP Address #1:64.233.167.99
IP Address #2:64.233.167.147
IP Address #3:64.233.167.104
print.google.com
IP Address #1:66.102.11.99
IP Address #2:66.102.11.104
protocol.google.com
IP Address #1:66.102.9.104
IP Address #2:66.102.9.99
IP Address #3:66.102.9.147
purchase.google.com
IP Address #1:66.102.9.147
IP Address #2:66.102.9.104
IP Address #3:66.102.9.99
reader.google.com
IP Address #1:66.102.11.99
IP Address #2:66.102.11.104
relay.google.com
IP Address #1:216.239.37.126
sb.google.com
IP Address #1:66.102.11.104
IP Address #2:66.102.11.99
scholar.google.com
IP Address #1:64.233.179.99
IP Address #2:64.233.179.104
search.google.com
IP Address #1:66.102.9.147
IP Address #2:66.102.9.104
IP Address #3:66.102.9.99
services.google.com
IP Address #1:216.239.37.110
IP Address #2:216.239.57.110
sms.google.com
IP Address #1:66.102.9.104
IP Address #2:66.102.9.147
IP Address #3:66.102.9.99
support.google.com
IP Address #1:216.239.57.129
survey.google.com
IP Address #1:216.239.45.38
IP Address #2:216.239.45.37
talk.google.com
IP Address #1:66.102.11.125
tools.google.com
IP Address #1:216.239.59.104
IP Address #2:216.239.59.99
IP Address #3:216.239.59.103
IP Address #4:216.239.59.147
transfer.google.com
IP Address #1:216.239.53.22
translate.google.com
IP Address #1:66.102.11.99
IP Address #2:66.102.11.104
trends.google.com
IP Address #1:66.102.9.147
IP Address #2:66.102.9.99
IP Address #3:66.102.9.104
vat.google.com
IP Address #1:216.239.37.210
video.google.com
IP Address #1:66.249.93.99
IP Address #2:66.249.93.104
virgin.google.com
IP Address #1:66.102.9.99
IP Address #2:66.102.9.104
IP Address #3:66.102.9.147
w.google.com
IP Address #1:66.102.9.99
IP Address #2:66.102.9.104
IP Address #3:66.102.9.147
web.google.com
IP Address #1:66.102.9.104
IP Address #2:66.102.9.147
IP Address #3:66.102.9.99
ww.google.com
IP Address #1:66.102.9.147
IP Address #2:66.102.9.99
IP Address #3:66.102.9.104
www.google.com
IP Address #1:66.102.9.147
IP Address #2:66.102.9.99
IP Address #3:66.102.9.104
yp.google.com
IP Address #1:66.102.11.104
IP Address #2:66.102.11.99
85 subhost(s) found
More information about the dns-operations
mailing list