DNSMAP is the answer to the question about, what do you do when a DNS zone transfer is being publicly blocked? DNSMAP is a mostly passive tool for determining IP ranges and also brute forces sub-domains.
DNSMAP V0.30 has been released!
http://www.gnucitizen.org/blog/dnsmap-v030-is-now-out/New features
Anyways, the following are some of the new features included:
* IPv6 support
* Makefile included
* delay option (-d) added. This is useful in cases where dnsmap is killing your bandwidth
* ignore IPs option (-i) added. This allows ignoring user-supplied IPs from the results. Useful for domains which cause dnsmap to produce false positives
* changes made to make dnsmap compatible with OpenDNS
* disclosure of internal IP addresses (RFC 1918) are reported
* updated built-in wordlist
* included a standalone three-letter acronym (TLA) subdomains wordlist
* domains susceptible to “same site” scripting are reported
* completion time is now displayed to the user
* mechanism to attempt to bruteforce wildcard-enabled domains
* unique filename containing timestamp is now created when no specific output filename is supplied by user
* various minor bugs fixed
Earlier versions are included in Backtrack, and the tool is also covered here,
http://www.darknet.org.uk/2009/03/dnsmap-022-released-subdomain-bruteforcing-tool/.
Editor-In-Chief : Special Xmas Deal: 10% Off eLearnSecurity Courses
