0.工具介绍
dnsmap is mainly meant to be used by pentesters during the information gathering/enumeration phase of infrastructure security assessments. During the enumeration stage, the security consultant would typically discover the target company's IP netblocks, domain names, phone numbers, etc ...
Subdomain brute-forcing is another technique that should be used in the enumeration stage, as it's especially useful when other domain enumeration techniques such as zone transfers don't work (I rarely see zone transfers being publicly allowed these days by the way).
1.工具位置
命令行 root@bt:/pentest/enumeration/dns/dnsmap#
dir查看目录dnsmap dnsmap-bulk.sh use_cases.txt wordlist_TLAs.txt,其中wordlist_TLAs.txt为字典文件,dnsmap为可执行程序
图形界面 Applications --> BackTrack --> Information Gathering --> Network Analysis --> Dnsanalysis --> Dnsmap
2.工具参数
-w wordlist_TLAs.txt 指定字典文件
-c cisco.csv 输出文件
cisco.com 目标域名
3.使用示例
root@bt:/pentest/enumeration/dns/dnsmap# ./dnsmap cisco.com -w wordlist_TLAs.txt -c cisco.csv
我的测试:
root@bt:/pentest/enumeration/dns/dnsmap# ./dnsmap gzu.edu.cn -w wordlist_TLAs.txt -c gzu.csv
results:
acc.gzu.edu.cn,210.40.3.97 agr.gzu.edu.cn,210.40.3.3 ams.gzu.edu.cn,210.40.3.92 amt.gzu.edu.cn,210.40.3.63 art.gzu.edu.cn,210.40.3.3 bbs.gzu.edu.cn,210.40.3.28 cce.gzu.edu.cn,210.40.3.3 cdo.gzu.edu.cn,210.40.3.3 cjg.gzu.edu.cn,210.40.3.36 cjs.gzu.edu.cn,210.40.3.3 cpc.gzu.edu.cn,210.40.3.29 cst.gzu.edu.cn,210.40.3.3 cyl.gzu.edu.cn,210.40.3.228 dns.gzu.edu.cn,210.40.0.33 dpo.gzu.edu.cn,210.40.3.3 dsa.gzu.edu.cn,210.40.32.40 ecb.gzu.edu.cn,210.40.3.59 eda.gzu.edu.cn,210.40.3.225 ehr.gzu.edu.cn,210.40.3.237 eol.gzu.edu.cn,210.40.0.56 ese.gzu.edu.cn,210.40.3.111 fcc.gzu.edu.cn,210.40.3.55 fcm.gzu.edu.cn,210.40.3.64 gia.gzu.edu.cn,210.40.3.3 gsa.gzu.edu.cn,210.40.3.222 gsr.gzu.edu.cn,210.40.0.58 hss.gzu.edu.cn,210.40.3.3 hum.gzu.edu.cn,210.40.3.3 inf.gzu.edu.cn,210.40.0.59 ipe.gzu.edu.cn,210.40.3.248 isr.gzu.edu.cn,210.40.3.249 kst.gzu.edu.cn,210.40.3.3 law.gzu.edu.cn,210.40.3.243 lib.gzu.edu.cn,210.40.3.3 mdc.gzu.edu.cn,210.40.3.3 mnh.gzu.edu.cn,210.40.3.89 nab.gzu.edu.cn,210.40.3.247 nic.gzu.edu.cn,210.40.0.38 noc.gzu.edu.cn,210.40.0.38 oas.gzu.edu.cn,210.40.2.55 oir.gzu.edu.cn,210.40.3.75 org.gzu.edu.cn,210.40.3.41 phc.gzu.edu.cn,210.40.3.246 psl.gzu.edu.cn,210.40.3.3 rso.gzu.edu.cn,210.40.3.57 sci.gzu.edu.cn,210.40.3.3 sec.gzu.edu.cn,210.40.3.31 snt.gzu.edu.cn,210.40.3.27 stc.gzu.edu.cn,210.40.3.100 sva.gzu.edu.cn,210.40.3.90 vod.gzu.edu.cn,210.40.0.121 web.gzu.edu.cn,210.40.3.19 www.gzu.edu.cn,210.40.0.58
好像挺少的,可是花了很久的时间。
用的是wordlist_TLAs.txt来扫描。