Threat Level: green Handler on Duty: Deborah Hale

SANS ISC: InfoSec Handlers Diary Blog - New version of dnsmap InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

New version of dnsmap

Published: 2010-02-26
Last Updated: 2010-02-26 01:33:11 UTC
by Rick Wanner (Version: 1)
0 comment(s)

dnsmap v0.30 has been released.  For those of you who are not familiar with dnsmap it is a DNS reconnaissance tool useful in the reconnaissance phase of penetration tests.  dnsmap can be used to reduce the amount of manual effort required to do DNS enumeration and discovery and often reduces or eliminates the traditional whois lookups and scanning. 

More information is available at the GnuCitizen Blog

From the blog, here is a list of some of the new features.

  • IPv6 support
  • delay option (-d) added. This is useful in cases where dnsmap is killing your bandwidth
  • ignore IPs option (-i) added. This allows ignoring user-supplied IPs from the results. Useful for domains which cause dnsmap to produce false positives
  • changes made to make dnsmap compatible with OpenDNS
  • disclosure of internal IP addresses (RFC 1918) are reported
  • updated built-in wordlist
  • included a standalone three-letter acronym (TLA) subdomains wordlist
  • domains susceptible to “same site” scripting are reported
  • completion time is now displayed to the user
  • mechanism to attempt to bruteforce wildcard-enabled domains
  • unique filename containing timestamp is now created when no specific output filename is supplied by user

-- Rick Wanner - rwanner at isc dot sans dot org

Keywords: dnsmap
0 comment(s)
Diary Archives