DNSMAP Tutorial, What is it and How to use it?

DNSMAP is a tool for identifying the subdomains of a given domain. It used by pentesters during the information gathering/enumeration phase of infrastructure security assessments.

Subdomain brute-forcing is another technique that should be used in the enumeration stage, as it’s especially useful when other domain enumeration techniques such as zone transfers don’t work.

Installing DNSMAP

If you don’t have DNSMAP installed in your machine, install it using the following command.

sudo apt install dnsmap

DNSMAP Usge

Using DNSMAP we can scan the subdomains of a domain simply by entering the domain name and specifying a wordlist file as shown in the example.

In addition, we can exports the requests to a Comma Seperated Values (CSV) file, set deay in between DNS requests and ignore specific IPs in the enumeration process.

If we don’t specify a wordlist file, the program will load the default wordlist and a random waiting time between requests for us.

dnsmap google.com

Other examples

Specifying custom wordlist.

dnsmap google.com.com -w yourwordlist.txt

Specifying a results file.

dnsmap google.com -r dnsmap_results.txt

Specifying a custom delay between requests

dnsmap google.com -d 3000