--- 工具名稱: dnsmap 所屬分類: Information Gathering 標簽: [information gathering,recon,dnsmap,dns,kali linux] 創建時間: 2016-10-20 17:55:00 --- 0x00 dnsmap介紹 ------------- dnsmap起源于2006年，是受到一個叫做“The Thief No One Saw”的小故事的啟發后開發的，這個小故事能在Paul Craig的書《Stealing the Network - How to Own the Bow》中找到。 dnsmap 主要用來在滲透測試的信息收集階段來協助測試網絡的基礎設施的安全性，它能發現目標的網段，域名，甚至是電話號碼等等。 子域名窮舉在窮舉子域名方面也是一項新的技術，尤其是在域傳送技術失效的時候。（在最近我很少看到公開允許域傳輸的例子) 工具來源：http://code.google.com/p/dnsmap/ [dnsmap主頁][1] | [Kali dnsmap Repo倉庫][2] - 作者：pagvac - 證書：GPLv2 0x01 dnsmap功能 --------------- dnsmap - DNS域名蠻力窮舉工具 ```shell root@kali:~# dnsmap dnsmap 0.30 - DNS Network Mapper by pagvac (gnucitizen.org) 用法: dnsmap <目標域> [選項] 選項: -w <指定字典文件> -r <指定結果以常規格式輸出文件> -c <指定結果以csv格式輸出文件> -d <設置延遲(毫秒)> -i <忽略的IP> (當你遇到一個虛假的IP地址時很有用) 示例: dnsmap target-domain.com dnsmap target-domain.com -w yourwordlist.txt -r /tmp/domainbf_results.txt dnsmap target-fomain.com -r /tmp/ -d 3000 dnsmap target-fomain.com -r ./domainbf_results.txt ``` <!--more--> 0x02 dnsmap用法示例 ----------------- ```shell root@kali:~# dnsmap example.com -w /usr/share/wordlists/dnsmap.txt dnsmap 0.30 - DNS Network Mapper by pagvac (gnucitizen.org) [+] searching (sub)domains for example.com using /usr/share/wordlists/dnsmap.txt [+] using maximum random delay of 10 millisecond(s) between requests ``` 0x02 dnsmap-bulk用法示例 -------------------- ```shell root@kali:~# dnsmap-bulk.sh domain.txt dnsmap 0.30 - DNS Network Mapper by pagvac (gnucitizen.org) [+] searching (sub)domains for acm.cuit.edu.cn using built-in wordlist [+] using maximum random delay of 10 millisecond(s) between requests [+] 0 (sub)domains and 0 IP address(es) found [+] completion time: 17 second(s) dnsmap 0.30 - DNS Network Mapper by pagvac (gnucitizen.org) [+] error: entered domain is not valid! dnsmap 0.30 - DNS Network Mapper by pagvac (gnucitizen.org) [+] error: entered domain is not valid! dnsmap 0.30 - DNS Network Mapper by pagvac (gnucitizen.org) [+] error: entered domain is not valid! dnsmap 0.30 - DNS Network Mapper by pagvac (gnucitizen.org) [+] searching (sub)domains for 210.41.225.250 using built-in wordlist [+] using maximum random delay of 10 millisecond(s) between requests ... ... ``` [1]: http://code.google.com/p/dnsmap/ [2]: http://git.kali.org/gitweb/?p=packages/dnsmap.git;a=summary