Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

dnsmap v0.30 + embedded devices discovery trick

From: "Adrian P." <ap () gnucitizen org>
Date: Thu, 25 Feb 2010 07:37:16 +0000
Hello folks,

Just wanted to let you know that we recently released a new version of dnsmap.

dnsmap is a command line tool originally released in 2006 which helps
discover target subdomains and IP ranges during the initial stages of
an infrastructure pentest. dnsmap is a passive(ish) discovery tool
meant to be used before an actual active attack. It’s an alternative
to other discovery techniques such as whois lookups, scanning large IP
ranges, etc. Run dnsmap and you should be able spot netblocks of a
target organization in a relatively short period of time.

The following are some of the new features included in version 0.30:

 IPv6 support
 Makefile included
 delay option (-d) added. This is useful in cases where dnsmap is
killing your bandwidth
 ignore IPs option (-i) added. This allows ignoring user-supplied IPs
from the results. Useful for domains which cause dnsmap to produce
false positives
 changes made to make dnsmap compatible with OpenDNS
 disclosure of internal IP addresses (RFC 1918) are reported
 updated built-in wordlist
 included a standalone three-letter acronym (TLA) subdomains wordlist
 domains susceptible to “same site” scripting are reported
 completion time is now displayed to the user
 mechanism to attempt to bruteforce wildcard-enabled domains
 unique filename containing timestamp is now created when no specific
output filename is supplied by user
 various minor bugs fixed

More info here:
http://www.gnucitizen.org/blog/dnsmap-v030-is-now-out/

We have also documented a method to find embedded devices on the web *without*:

1) Querying search engines for content that is unique to the targetted
devices (e.g.: URLs, HTML title)
or
2) Scanning random IP addresses and programmatically detecting if the
web interface of a given device is present.

Instead, we show a less popular method based on 3) bruteforcing
subdomains of DDNS services supported by the target device. As an
example, we show how this technique can be used to discover Linksys IP
cameras by using dnsmap and some bash scripting tricks:

http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-6/

Enjoy!

-- 
pagvac | GNUCITIZEN.org
PGP Key ID: 0x6B232C7C
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: