[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] dnsmap: subdomain bruteforcer for stealth enumeration

To: pen-test@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] dnsmap: subdomain bruteforcer for stealth enumeration
From: pagvac <unknown.pentester@xxxxxxxxx>
Date: Sun, 17 Sep 2006 21:58:49 +0100

I know that bruteforcing subdomains is nothing new, and I also know
that there are at least 3 tools out there that allow you to do this
(probably many many more :-D ). However, I couldn't find a subdomain
bruteforcer that allows me to:

- obtain *all* IP addresses (A records) associated to each
successfully bruteforced subdomain, rather than just one IP address
per subdomain
- abort the bruteforcing process in case the target domain uses
wildcards (subdomain enumeration becomes unfeasible in this case as
far as I know)
- be able to run the tool *without* providing a wordlist by using a
built-in list of keywords (however I also wanted to be able to run the
tool using a wordlist file as an option)

I attached 2 real examples using google.com. Why google? Because
everyone loves google :-D

GNU/Linux version: http://ikwt.com/projects/dnsmap/dnsmap-latest.tar
win32 version: http://ikwt.com/projects/dnsmap/dnsmap-win32-latest.zip


P.S.: please, remember all this tool does is resolve subdomains. *No*
packets are sent to the bruteforced subdomains.

--
pagvac
[http://ikwt.com/]

$ dnsmap google.com

dnsmap - DNS Network Mapper by pagvac
(http://ikwt.com, http://foro.elhacker.net)
Searching subhosts on domain google.com

blog.google.com
IP Address #1:66.102.15.100

catalog.google.com
IP Address #1:72.14.203.133

catalogue.google.com
IP Address #1:72.14.203.133

directory.google.com
IP Address #1:66.249.93.147
IP Address #2:66.249.93.99
IP Address #3:66.249.93.104

download.google.com
IP Address #1:66.102.11.99
IP Address #2:66.102.11.104

downloads.google.com
IP Address #1:66.102.11.104
IP Address #2:66.102.11.99

email.google.com
IP Address #1:66.249.91.107

finance.google.com
IP Address #1:66.102.11.99
IP Address #2:66.102.11.104

groups.google.com
IP Address #1:64.233.167.99
IP Address #2:64.233.167.104
IP Address #3:64.233.167.147

images.google.com
IP Address #1:64.233.183.103
IP Address #2:64.233.183.104
IP Address #3:64.233.183.99
IP Address #4:64.233.183.147

labs.google.com
IP Address #1:216.239.53.132
IP Address #2:216.239.37.132

mail.google.com
IP Address #1:66.249.91.19
IP Address #2:66.249.91.83
IP Address #3:66.249.91.18

mobile.google.com
IP Address #1:66.249.93.104
IP Address #2:66.249.93.147
IP Address #3:66.249.93.99

news.google.com
IP Address #1:64.233.183.104
IP Address #2:64.233.183.99
IP Address #3:64.233.183.147
IP Address #4:64.233.183.103

proxy.google.com
IP Address #1:64.233.169.4
IP Address #2:64.233.171.4
IP Address #3:64.233.177.4
IP Address #4:64.233.179.4
IP Address #5:64.233.181.4
IP Address #6:64.233.183.4
IP Address #7:64.233.184.4
IP Address #8:66.102.7.4
IP Address #9:66.102.9.4
IP Address #10:216.239.37.5
IP Address #11:216.239.39.5
IP Address #12:216.239.42.4
IP Address #13:216.239.53.4
IP Address #14:216.239.55.5
IP Address #15:216.239.57.4
IP Address #16:216.239.59.4
IP Address #17:64.233.187.4
IP Address #18:66.102.0.4
IP Address #19:66.102.14.225
IP Address #20:66.102.14.241
IP Address #21:64.233.161.4
IP Address #22:64.233.165.4
IP Address #23:64.233.167.4

sandbox.google.com
IP Address #1:216.239.57.81

search.google.com
IP Address #1:66.249.93.99
IP Address #2:66.249.93.104
IP Address #3:66.249.93.147

services.google.com
IP Address #1:216.239.57.110
IP Address #2:216.239.37.110

shopping.google.com
IP Address #1:66.249.93.104
IP Address #2:66.249.93.99
IP Address #3:66.249.93.147

smtp.google.com
IP Address #1:216.239.57.25

sms.google.com
IP Address #1:66.249.93.99
IP Address #2:66.249.93.104
IP Address #3:66.249.93.147

support.google.com
IP Address #1:216.239.57.129

uploads.google.com
IP Address #1:72.14.200.3

vpn.google.com
IP Address #1:64.9.224.70
IP Address #2:64.9.224.68
IP Address #3:64.9.224.69

www.google.com
IP Address #1:66.249.93.99
IP Address #2:66.249.93.104
IP Address #3:66.249.93.147

www2.google.com
IP Address #1:64.233.179.104

www3.google.com
IP Address #1:64.233.179.104

27 subhost(s) found

$ dnsmap google.com wordlist.txt

dnsmap - DNS Network Mapper by pagvac
(http://ikwt.com, http://foro.elhacker.net)
Searching subhosts on domain google.com

America.google.com
IP Address #1:64.233.183.104
IP Address #2:64.233.183.147
IP Address #3:64.233.183.99
IP Address #4:64.233.183.103

Asia.google.com
IP Address #1:66.102.7.99
IP Address #2:66.102.7.147
IP Address #3:66.102.7.104

Eudora.google.com
IP Address #1:64.233.183.104
IP Address #2:64.233.183.147
IP Address #3:64.233.183.103
IP Address #4:64.233.183.99

Hedwig.google.com
IP Address #1:72.14.200.3

ads.google.com
IP Address #1:64.233.183.112

america.google.com
IP Address #1:64.233.183.104
IP Address #2:64.233.183.147
IP Address #3:64.233.183.99
IP Address #4:64.233.183.103

answer.google.com
IP Address #1:216.239.57.88
IP Address #2:64.233.167.88

answers.google.com
IP Address #1:64.233.167.88
IP Address #2:216.239.57.88

asia.google.com
IP Address #1:66.102.7.99
IP Address #2:66.102.7.147
IP Address #3:66.102.7.104

base.google.com
IP Address #1:66.249.93.104
IP Address #2:66.249.93.99

bernadine.google.com
IP Address #1:216.239.39.143

book.google.com
IP Address #1:72.14.203.133

books.google.com
IP Address #1:72.14.203.133

calendar.google.com
IP Address #1:66.102.11.99
IP Address #2:66.102.11.104

code.google.com
IP Address #1:66.102.11.104
IP Address #2:66.102.11.99

compute.google.com
IP Address #1:64.233.171.134

console.google.com
IP Address #1:216.239.57.128

d.google.com
IP Address #1:64.233.183.147
IP Address #2:64.233.183.104
IP Address #3:64.233.183.99
IP Address #4:64.233.183.103

desktop.google.com
IP Address #1:64.233.183.103
IP Address #2:64.233.183.99
IP Address #3:64.233.183.104
IP Address #4:64.233.183.147

dexter.google.com
IP Address #1:216.239.45.33

directory.google.com
IP Address #1:64.233.183.147
IP Address #2:64.233.183.99
IP Address #3:64.233.183.103
IP Address #4:64.233.183.104

dl.google.com
IP Address #1:66.249.93.91
IP Address #2:66.249.93.93

download.google.com
IP Address #1:66.102.11.99
IP Address #2:66.102.11.104

earth.google.com
IP Address #1:64.233.183.147
IP Address #2:64.233.183.103
IP Address #3:64.233.183.99
IP Address #4:64.233.183.104

email.google.com
IP Address #1:66.249.91.107

eudora.google.com
IP Address #1:64.233.183.104
IP Address #2:64.233.183.147
IP Address #3:64.233.183.103
IP Address #4:64.233.183.99

europe.google.com
IP Address #1:64.233.183.99
IP Address #2:64.233.183.103
IP Address #3:64.233.183.147
IP Address #4:64.233.183.104

fusion.google.com
IP Address #1:66.102.11.99
IP Address #2:66.102.11.104

gap.google.com
IP Address #1:216.239.59.210

gnome.google.com
IP Address #1:64.233.167.25

group.google.com
IP Address #1:64.233.167.104
IP Address #2:64.233.167.99
IP Address #3:64.233.167.147

groups.google.com
IP Address #1:64.233.167.99
IP Address #2:64.233.167.147
IP Address #3:64.233.167.104

ham.google.com
IP Address #1:64.233.179.210

hedwig.google.com
IP Address #1:72.14.200.3

image.google.com
IP Address #1:66.102.9.99
IP Address #2:66.102.9.104
IP Address #3:66.102.9.147

images.google.com
IP Address #1:66.102.9.147
IP Address #2:66.102.9.99
IP Address #3:66.102.9.104

jam.google.com
IP Address #1:64.233.187.210

jump.google.com
IP Address #1:66.102.9.104
IP Address #2:66.102.9.147
IP Address #3:66.102.9.99

kh.google.com
IP Address #1:216.239.59.93
IP Address #2:216.239.59.91

labs.google.com
IP Address #1:216.239.37.132
IP Address #2:216.239.53.132

local.google.com
IP Address #1:66.102.11.104
IP Address #2:66.102.11.99

localhost.google.com
IP Address #1:127.0.0.1

m.google.com
IP Address #1:66.102.9.147
IP Address #2:66.102.9.99
IP Address #3:66.102.9.104

mad.google.com
IP Address #1:66.102.7.210

mail.google.com
IP Address #1:72.14.205.83
IP Address #2:72.14.205.19

map.google.com
IP Address #1:66.102.11.104
IP Address #2:66.102.11.99

maps.google.com
IP Address #1:66.102.11.99
IP Address #2:66.102.11.104

mars.google.com
IP Address #1:66.102.9.104
IP Address #2:66.102.9.99
IP Address #3:66.102.9.147

mini.google.com
IP Address #1:66.102.9.99
IP Address #2:66.102.9.147
IP Address #3:66.102.9.104

moon.google.com
IP Address #1:66.102.9.147
IP Address #2:66.102.9.104
IP Address #3:66.102.9.99

mt.google.com
IP Address #1:216.239.59.104
IP Address #2:216.239.59.99
IP Address #3:216.239.59.103
IP Address #4:216.239.59.147

news.google.com
IP Address #1:64.233.183.99
IP Address #2:64.233.183.103
IP Address #3:64.233.183.147
IP Address #4:64.233.183.104

ns.google.com
IP Address #1:216.239.32.10

ns1.google.com
IP Address #1:216.239.32.10

ns2.google.com
IP Address #1:216.239.34.10

pack.google.com
IP Address #1:66.102.11.104
IP Address #2:66.102.11.99

page.google.com
IP Address #1:64.233.179.93
IP Address #2:64.233.179.91

pages.google.com
IP Address #1:64.233.179.91
IP Address #2:64.233.179.93

paw.google.com
IP Address #1:64.233.167.210

posting.google.com
IP Address #1:64.233.167.99
IP Address #2:64.233.167.147
IP Address #3:64.233.167.104

print.google.com
IP Address #1:66.102.11.99
IP Address #2:66.102.11.104

protocol.google.com
IP Address #1:66.102.9.104
IP Address #2:66.102.9.99
IP Address #3:66.102.9.147

purchase.google.com
IP Address #1:66.102.9.147
IP Address #2:66.102.9.104
IP Address #3:66.102.9.99

reader.google.com
IP Address #1:66.102.11.99
IP Address #2:66.102.11.104

relay.google.com
IP Address #1:216.239.37.126

sb.google.com
IP Address #1:66.102.11.104
IP Address #2:66.102.11.99

scholar.google.com
IP Address #1:64.233.179.99
IP Address #2:64.233.179.104

search.google.com
IP Address #1:66.102.9.147
IP Address #2:66.102.9.104
IP Address #3:66.102.9.99

services.google.com
IP Address #1:216.239.37.110
IP Address #2:216.239.57.110

sms.google.com
IP Address #1:66.102.9.104
IP Address #2:66.102.9.147
IP Address #3:66.102.9.99

support.google.com
IP Address #1:216.239.57.129

survey.google.com
IP Address #1:216.239.45.38
IP Address #2:216.239.45.37

talk.google.com
IP Address #1:66.102.11.125

tools.google.com
IP Address #1:216.239.59.104
IP Address #2:216.239.59.99
IP Address #3:216.239.59.103
IP Address #4:216.239.59.147

transfer.google.com
IP Address #1:216.239.53.22

translate.google.com
IP Address #1:66.102.11.99
IP Address #2:66.102.11.104

trends.google.com
IP Address #1:66.102.9.147
IP Address #2:66.102.9.99
IP Address #3:66.102.9.104

vat.google.com
IP Address #1:216.239.37.210

video.google.com
IP Address #1:66.249.93.99
IP Address #2:66.249.93.104

virgin.google.com
IP Address #1:66.102.9.99
IP Address #2:66.102.9.104
IP Address #3:66.102.9.147

w.google.com
IP Address #1:66.102.9.99
IP Address #2:66.102.9.104
IP Address #3:66.102.9.147

web.google.com
IP Address #1:66.102.9.104
IP Address #2:66.102.9.147
IP Address #3:66.102.9.99

ww.google.com
IP Address #1:66.102.9.147
IP Address #2:66.102.9.99
IP Address #3:66.102.9.104

www.google.com
IP Address #1:66.102.9.147
IP Address #2:66.102.9.99
IP Address #3:66.102.9.104

yp.google.com
IP Address #1:66.102.11.104
IP Address #2:66.102.11.99

85 subhost(s) found

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] McAfee VirusScan Enterprise - disabling the client side "On-Access Scan"
Next by Date: Re: [Full-disclosure] Info about HTA file [spam or malware ?]
Previous by thread: [Full-disclosure] McAfee VirusScan Enterprise - disabling the client side "On-Access Scan"
Next by thread: [Full-disclosure] USB Attacks Going Commercial?
Index(es):
- Date
- Thread