nueva version de dnsmap: pre-release de version 0.24 para foro.elhacker.net

Hola de nuevo amigos,

Aqui os pongo un ejemplo de una sesion de dnsmap para que los usuarios de foro.elhacker.net se puedan hacer una idea de lo que hace esta herramienta.

Para obtener ayuda sobre la sintasis, ejecutamos dnsmap sin ningun parametro:

Código:

$ ./dnsmap
dnsmap 0.24 - DNS Network Mapper by pagvac (gnucitizen.org)

usage: dnsmap <target-domain> [options]
options:
-w <wordlist-file>
-r <regular-results-file>
-c <csv-results-file>
-d <delay-milliseconds>
e.g.:
dnsmap target-domain.foo
dnsmap target-domain.foo -w yourwordlist.txt -r /tmp/domainbf_results.txt
dnsmap target-fomain.foo -r /tmp/ -d 3000
dnsmap target-fomain.foo -r ./domainbf_results.txt

En el siguiente ejemplo elegimos google.com para enumerar subdominios y sus correspondientes IPs (IPv4 y IPv6 donde se aplique). Vemos que usamos el diccionario incorporado en dnsmap (este es el comportamiento por defecto), guardamos los resultados en '/tmp/' en formato normal y CSV; y finalmente introducimos un retardo the 400 milisegundos (0,4 segundos) entre cada peticion DNS:

Código:

$ ./dnsmap google.com -c /tmp/ -r /tmp/ -d 400
dnsmap 0.24 - DNS Network Mapper by pagvac (gnucitizen.org)

[+] searching (sub)domains for google.com using built-in wordlist
[+] using maximum random delay of 400 millisecond(s) between requests

ap.google.com
IP address #1: 66.102.13.105
IP address #2: 66.102.13.99
IP address #3: 66.102.13.103
IP address #4: 66.102.13.104
IP address #5: 66.102.13.147
IP address #6: 66.102.13.106

blog.google.com
IP address #1: 209.85.227.191

catalog.google.com
IP address #1: 209.85.229.100
IP address #2: 209.85.229.113
IP address #3: 209.85.229.101
IP address #4: 209.85.229.138
IP address #5: 209.85.229.139
IP address #6: 209.85.229.102

catalogue.google.com
IP address #1: 209.85.229.100
IP address #2: 209.85.229.139
IP address #3: 209.85.229.101
IP address #4: 209.85.229.113
IP address #5: 209.85.229.102
IP address #6: 209.85.229.138

directory.google.com
IP address #1: 209.85.227.101
IP address #2: 209.85.227.139
IP address #3: 209.85.227.138
IP address #4: 209.85.227.100
IP address #5: 209.85.227.113

download.google.com
IP address #1: 74.125.79.104
IP address #2: 74.125.79.147
IP address #3: 74.125.79.99

downloads.google.com
IP address #1: 74.125.79.104
IP address #2: 74.125.79.99
IP address #3: 74.125.79.147

email.google.com
IP address #1: 209.85.227.101
IP address #2: 209.85.227.113
IP address #3: 209.85.227.139
IP address #4: 209.85.227.138
IP address #5: 209.85.227.100

finance.google.com
IP address #1: 74.125.79.99
IP address #2: 74.125.79.104
IP address #3: 74.125.79.147

groups.google.com
IP address #1: 66.102.13.139
IP address #2: 66.102.13.113
IP address #3: 66.102.13.102
IP address #4: 66.102.13.100
IP address #5: 66.102.13.138
IP address #6: 66.102.13.101

help.google.com
IP address #1: 209.85.227.101
IP address #2: 209.85.227.100
IP address #3: 209.85.227.138
IP address #4: 209.85.227.139
IP address #5: 209.85.227.113

images.google.com
IP address #1: 209.85.227.106
IP address #2: 209.85.227.104
IP address #3: 209.85.227.103
IP address #4: 209.85.227.99
IP address #5: 209.85.227.147
IP address #6: 209.85.227.105

ipv6.google.com
IPv6 address #1: 2a00:1450:8006::69
IPv6 address #2: 2a00:1450:8006::93
IPv6 address #3: 2a00:1450:8006::67
IPv6 address #4: 2a00:1450:8006::63
IPv6 address #5: 2a00:1450:8006::6a
IPv6 address #6: 2a00:1450:8006::68

labs.google.com
IP address #1: 209.85.227.101
IP address #2: 209.85.227.113
IP address #3: 209.85.227.139
IP address #4: 209.85.227.138
IP address #5: 209.85.227.100

mail.google.com
IP address #1: 209.85.227.83
IP address #2: 209.85.227.17
IP address #3: 209.85.227.18
IP address #4: 209.85.227.19

mobile.google.com
IP address #1: 209.85.227.193

news.google.com
IP address #1: 209.85.227.106
IP address #2: 209.85.227.103
IP address #3: 209.85.227.105
IP address #4: 209.85.227.99
IP address #5: 209.85.227.147
IP address #6: 209.85.227.104

ns.google.com
IP address #1: 216.239.32.10

ns1.google.com
IP address #1: 216.239.32.10

ns2.google.com
IP address #1: 216.239.34.10

ns3.google.com
IP address #1: 216.239.36.10

photo.google.com
IP address #1: 209.85.227.136
IP address #2: 209.85.227.190
IP address #3: 209.85.227.93
IP address #4: 209.85.227.91

photos.google.com
IP address #1: 209.85.227.91
IP address #2: 209.85.227.93
IP address #3: 209.85.227.136
IP address #4: 209.85.227.190

proxy.google.com
IP address #1: 66.102.14.225
IP address #2: 64.233.179.4
IP address #3: 64.233.161.4
IP address #4: 64.233.169.4
IP address #5: 216.239.59.4
IP address #6: 64.233.167.4
IP address #7: 64.233.165.4
IP address #8: 216.239.55.5
IP address #9: 216.239.42.4
IP address #10: 66.102.0.4
IP address #11: 66.102.14.241
IP address #12: 64.233.184.4
IP address #13: 64.233.187.4
IP address #14: 66.102.9.4
IP address #15: 216.239.53.4
IP address #16: 216.239.57.4
IP address #17: 64.233.171.4

research.google.com
IP address #1: 209.85.227.113
IP address #2: 209.85.227.138
IP address #3: 209.85.227.139
IP address #4: 209.85.227.101
IP address #5: 209.85.227.100

sandbox.google.com
IP address #1: 66.102.13.81

search.google.com
IP address #1: 209.85.229.138
IP address #2: 209.85.229.139
IP address #3: 209.85.229.101
IP address #4: 209.85.229.102
IP address #5: 209.85.229.100
IP address #6: 209.85.229.113

services.google.com
IP address #1: 209.85.227.138
IP address #2: 209.85.227.100
IP address #3: 209.85.227.113
IP address #4: 209.85.227.101
IP address #5: 209.85.227.139

shopping.google.com
IP address #1: 209.85.227.138
IP address #2: 209.85.227.100
IP address #3: 209.85.227.113
IP address #4: 209.85.227.101
IP address #5: 209.85.227.139

sms.google.com
IP address #1: 209.85.227.138
IP address #2: 209.85.227.100
IP address #3: 209.85.227.113
IP address #4: 209.85.227.101
IP address #5: 209.85.227.139

smtp.google.com
IP address #1: 74.125.45.25

support.google.com
IP address #1: 209.85.229.138
IP address #2: 209.85.229.100
IP address #3: 209.85.229.139
IP address #4: 209.85.229.102
IP address #5: 209.85.229.101
IP address #6: 209.85.229.113

uploads.google.com
IP address #1: 72.14.245.21

vpn.google.com
IP address #1: 64.9.224.70
IP address #2: 64.9.224.69
IP address #3: 64.9.224.68

wap.google.com
IP address #1: 209.85.227.138
IP address #2: 209.85.227.100
IP address #3: 209.85.227.113
IP address #4: 209.85.227.101
IP address #5: 209.85.227.139

web.google.com
IP address #1: 209.85.227.138
IP address #2: 209.85.227.100
IP address #3: 209.85.227.113
IP address #4: 209.85.227.101
IP address #5: 209.85.227.139

webmaster.google.com
IP address #1: 209.85.229.138
IP address #2: 209.85.229.139
IP address #3: 209.85.229.101
IP address #4: 209.85.229.102
IP address #5: 209.85.229.100
IP address #6: 209.85.229.113

www.google.com
IP address #1: 209.85.227.105
IP address #2: 209.85.227.104
IP address #3: 209.85.227.103
IP address #4: 209.85.227.99
IP address #5: 209.85.227.106
IP address #6: 209.85.227.147

www2.google.com
IP address #1: 64.233.179.104

www3.google.com
IP address #1: 64.233.179.104

[+] 40 (sub)domains and 168 IP address(es) found
[+] regular-format results can be found on /tmp/dnsmap_google_com_2010_01_07_091626.txt
[+] csv-format results can be found on /tmp/dnsmap_google_com_2010_01_07_091626.csv
[+] completion time: 181 second(s)

Tambien podriamos usar nuestra propia wordlist usando el parametro '-w', que siempre es buena idea para obtener subdominos adicionales.

PD: gracias por los comentarios y testeo de @Anon y @averno.