Sign up to save your podcasts
Or
Share DNS-map: an Old-School Network Recon Tool
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
DNS-map: an Old-School Network Recon Tool
Note: The audio version doesn't include code or commands. Those parts of the post can be seen in the text version.
When it comes to the vast array of open source tools available to the infosec community in 2020, one could say we're spoiled.
Installing Kali Linux or any other pentesting distro reveals the massive amount of tools in today's infosec landscape that make the work of researchers, analysts and other security professionals easier, faster and more accurate.
This certainly wasn't the case 14 years ago, when DNSmap was released. Tools like DNSmap marked the beginning of the ever-growing toolset we now find ourselves privileged to have.
Although many of the older tools remain limited in their capacity, their simplicity provides an opportunity for beginners or even those with limited time to conduct research swiftly.
What is DNSmap?
** DNSmap** provides the ability to find Osint data like subdomains and IP addresses associated with each domain.
This can help researchers discover tests or other subdomains that should not necessarily be exposed to the Internet, increasing the attack surface area within an organisation.
For a broader picture of DNSmap's effectiveness, we've listed a few of its pros and cons:
**Features**:
**Easy installation**: If you're using Kali Linux, DNSmap already comes pre-installed. If you're using any other Linux distro, installing DNSmap takes less than a minute.
**Simplified usage**: DNSmap focuses on a narrow set of objectives and does it well. This makes learning and using the tool easy.
**Vintage**: DNSmap is battle-tested—it's been around for years and is still available on many pentesting distros.
**Drawbacks**:
**Archived**: The software is no longer actively maintained, so new bugs in the software might not get patched.
**Features**: This is subjective, but if you prefer tools that do a lot, DNSmap might feel somehow limited.
Who is DNSmap for?
Like many of the other open source tools we've reviewed, DNSmap is suitable for both blue and red team investigations during the reconnaissance or data-gathering phase.
It is highly recommended that beginners or junior analysts test out DNSmap to see what it can do. Once an analyst understands how DNSmap works, they can also compare the results with those of other tools that perform similar tasks.
Installing DNSmap on Linux
DNSmap comes pre-installed as a package on Kali Linux. We also investigated other Linux distros, and found it available on BlackArch and ParrotSecurity OS as well. We suspect that if the package is available on Kali, then it's probably available on other infosec distros through their software managers—but that's unverifiable, owing to the lack of documentation from various pentesting distros. You can, however, find more information about the Kali package here.
We will now install DNSmap on a fresh Ubuntu installation. As it's always important to use some type of sandboxing environment when installing new software, you can opt for a virtual machine (VM), container or a remote test server.
We're using the latest Ubuntu version, 20.04, for this review, and any commands used here should apply to Debian-based distros (and with a few minor tweaks, to other distros as well).
DNSmap is written in C, so we'll install the required packages to compile the software:
Next we'll clone the repo, then proceed to compile it:
Unlike the installation of Masscan (which also required compiling), compiling DNSmap goes quickly and results in no warnings.
Testing / usage
Now we'll run a few tests to see DNSmap in action.
Our first test will be to run a vanilla scan to see what results we get:
DNSmap searched for subdomains on nytimes.com using the tool's built-in wordlist. We added a 100-millisecond delay to avoid our test IP getting blocked and we saved the output data to `testdata/`.
Taking a look at the output, we can see that 37 subdomains and 74 IP addresses were found.
We took a sample...
View all episodes
By SecurityTrailsNote: The audio version doesn't include code or commands. Those parts of the post can be seen in the text version.
When it comes to the vast array of open source tools available to the infosec community in 2020, one could say we're spoiled.
Installing Kali Linux or any other pentesting distro reveals the massive amount of tools in today's infosec landscape that make the work of researchers, analysts and other security professionals easier, faster and more accurate.
This certainly wasn't the case 14 years ago, when DNSmap was released. Tools like DNSmap marked the beginning of the ever-growing toolset we now find ourselves privileged to have.
Although many of the older tools remain limited in their capacity, their simplicity provides an opportunity for beginners or even those with limited time to conduct research swiftly.
What is DNSmap?
** DNSmap** provides the ability to find Osint data like subdomains and IP addresses associated with each domain.
This can help researchers discover tests or other subdomains that should not necessarily be exposed to the Internet, increasing the attack surface area within an organisation.
For a broader picture of DNSmap's effectiveness, we've listed a few of its pros and cons:
**Features**:
**Easy installation**: If you're using Kali Linux, DNSmap already comes pre-installed. If you're using any other Linux distro, installing DNSmap takes less than a minute.
**Simplified usage**: DNSmap focuses on a narrow set of objectives and does it well. This makes learning and using the tool easy.
**Vintage**: DNSmap is battle-tested—it's been around for years and is still available on many pentesting distros.
**Drawbacks**:
**Archived**: The software is no longer actively maintained, so new bugs in the software might not get patched.
**Features**: This is subjective, but if you prefer tools that do a lot, DNSmap might feel somehow limited.
Who is DNSmap for?
Like many of the other open source tools we've reviewed, DNSmap is suitable for both blue and red team investigations during the reconnaissance or data-gathering phase.
It is highly recommended that beginners or junior analysts test out DNSmap to see what it can do. Once an analyst understands how DNSmap works, they can also compare the results with those of other tools that perform similar tasks.
Installing DNSmap on Linux
DNSmap comes pre-installed as a package on Kali Linux. We also investigated other Linux distros, and found it available on BlackArch and ParrotSecurity OS as well. We suspect that if the package is available on Kali, then it's probably available on other infosec distros through their software managers—but that's unverifiable, owing to the lack of documentation from various pentesting distros. You can, however, find more information about the Kali package here.
We will now install DNSmap on a fresh Ubuntu installation. As it's always important to use some type of sandboxing environment when installing new software, you can opt for a virtual machine (VM), container or a remote test server.
We're using the latest Ubuntu version, 20.04, for this review, and any commands used here should apply to Debian-based distros (and with a few minor tweaks, to other distros as well).
DNSmap is written in C, so we'll install the required packages to compile the software:
Next we'll clone the repo, then proceed to compile it:
Unlike the installation of Masscan (which also required compiling), compiling DNSmap goes quickly and results in no warnings.
Testing / usage
Now we'll run a few tests to see DNSmap in action.
Our first test will be to run a vanilla scan to see what results we get:
DNSmap searched for subdomains on nytimes.com using the tool's built-in wordlist. We added a 100-millisecond delay to avoid our test IP getting blocked and we saved the output data to `testdata/`.
Taking a look at the output, we can see that 37 subdomains and 74 IP addresses were found.
We took a sample...