[dns-operations] dnsmap: subdomain bruteforcer for stealth enumeration (fwd)
John Kristoff
jtk at ultradns.net
Mon Sep 18 21:46:51 UTC 2006
On Mon, 18 Sep 2006 15:53:46 +0000
Paul Vixie <paul at vix.com> wrote:
> (thanks to gadi evron for forwarding a copy of this.)
I took a quick look at the code and it seems pretty basic. It seems
to boil down to this:
#!/bin/sh
if [ $# -ne 2 ]
then
echo $0 zone dictionary_file
exit 1
fi
dom=$1
if [ `host pseudorandsubabcdef1234dnsmap.$dom | grep -c NXDOMAIN` = 0 ]
then
echo Lame wildcard detection triggered, exiting...
exit 1
fi
dict_file=$2
for each in `cat $dict_file`
do
host $each.$dom
done
If you want to see if some newbie is running this tool against a zone,
look for the following first label in queries:
pseudorandsubabcdef1234dnsmap
John
More information about the dns-operations
mailing list