Dailydave mailing list archives
dnsmap v0.30 + embedded devices discovery trick
From: "Adrian P." <ap () gnucitizen org>
Date: Thu, 25 Feb 2010 07:37:16 +0000
Hello folks, Just wanted to let you know that we recently released a new version of dnsmap. dnsmap is a command line tool originally released in 2006 which helps discover target subdomains and IP ranges during the initial stages of an infrastructure pentest. dnsmap is a passive(ish) discovery tool meant to be used before an actual active attack. It’s an alternative to other discovery techniques such as whois lookups, scanning large IP ranges, etc. Run dnsmap and you should be able spot netblocks of a target organization in a relatively short period of time. The following are some of the new features included in version 0.30: IPv6 support Makefile included delay option (-d) added. This is useful in cases where dnsmap is killing your bandwidth ignore IPs option (-i) added. This allows ignoring user-supplied IPs from the results. Useful for domains which cause dnsmap to produce false positives changes made to make dnsmap compatible with OpenDNS disclosure of internal IP addresses (RFC 1918) are reported updated built-in wordlist included a standalone three-letter acronym (TLA) subdomains wordlist domains susceptible to “same site” scripting are reported completion time is now displayed to the user mechanism to attempt to bruteforce wildcard-enabled domains unique filename containing timestamp is now created when no specific output filename is supplied by user various minor bugs fixed More info here: http://www.gnucitizen.org/blog/dnsmap-v030-is-now-out/ We have also documented a method to find embedded devices on the web *without*: 1) Querying search engines for content that is unique to the targetted devices (e.g.: URLs, HTML title) or 2) Scanning random IP addresses and programmatically detecting if the web interface of a given device is present. Instead, we show a less popular method based on 3) bruteforcing subdomains of DDNS services supported by the target device. As an example, we show how this technique can be used to discover Linksys IP cameras by using dnsmap and some bash scripting tricks: http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-6/ Enjoy! -- pagvac | GNUCITIZEN.org PGP Key ID: 0x6B232C7C _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- dnsmap v0.30 + embedded devices discovery trick Adrian P. (Feb 25)