dnsmap v0.30 - Passive DNS network mapper
dnsmap (a.k.a. subdomains bruteforcer) was originally released back in 2006 and was inspired by the fictional story "The Thief No One Saw" by Paul Craig, which can be found in the book "Stealing the Network - How to 0wn the Box".
dnsmap is mainly meant to be used by pentesters during the information gathering/enumeration phase of infrastructure security assessments. During the enumeration stage, the security consultant would typically discover the target company’s IP netblocks, domain names, phone numbers, etc ...
Subdomain brute-forcing is another technique that should be used in the enumeration stage, as it’s especially useful when other domain enumeration techniques such as zone transfers don’t work.
Version 0.30 (20/02/2010)
- IPv6 support
- Makefile included
- delay option (-d) added. This is useful in cases where dnsmap is killing your bandwidth
- ignore IPs option (-i) added. This allows ignoring user-supplied IPs from the results. Useful for domains which cause dnsmap to produce false positives
- changes made to make dnsmap compatible with OpenDNS
- disclosure of internal IP addresses (RFC 1918) are reported
- updated built-in wordlist
- included a standalone three-letter acronym (TLA) subdomains wordlist
- domains susceptible to "same site" scripting (http://snipurl.com/etbcv) are reported
- completion time is now displayed to the user
- mechanism to attempt to bruteforce wildcard-enabled domains
- unique filename containing timestamp is now created when no specific output filename is supplied by user
- various minor bugs fixed
More information: here