DNSMAP Tutorial, What is it and How to use it?

DNSMAP is a tool for identifying the subdomains of a given domain. It used by pentesters during the information gathering/enumeration phase of infrastructure security assessments.

Subdomain brute-forcing is another technique that should be used in the enumeration stage, as it’s especially useful when other domain enumeration techniques such as zone transfers don’t work.

Installing DNSMAP

If you don’t have DNSMAP installed in your machine, install it using the following command.

sudo apt install dnsmap

DNSMAP Usge

Using DNSMAP we can scan the subdomains of a domain simply by entering the domain name and specifying a wordlist file as shown in the example.

In addition, we can exports the requests to a Comma Seperated Values (CSV) file, set deay in between DNS requests and ignore specific IPs in the enumeration process.

If we don’t specify a wordlist file, the program will load the default wordlist and a random waiting time between requests for us.

dnsmap google.com

Other examples

Specifying custom wordlist.

dnsmap google.com.com -w yourwordlist.txt

Specifying a results file.

dnsmap google.com -r dnsmap_results.txt

Specifying a custom delay between requests

dnsmap google.com -d 3000

DNS Zone Transfer Vulnerability, What is it?

A DNS server is a database that stores IP addresses and domain names and related information. The primary duty of a DNS server is to resolve domain names to IP addresses.

DNS Zone File

DNS Zone file is a simple file that holds the data of a domain. This contains the mapping of domain names. IP addresses and other resources. A DNS Zone file can contain data about multiple subdomains and a DNS server can hold information about multiple servers.

Master and Slave DNS Servers

A Master DNS server is the server which holds the master copy of the zone file. When this file is updated, the slave DNS servers request a copy of this file and update their zone file.

What is Zone Transfer

DNS Zone transfer is the process of copying the DNS information form a master DNS server to a slave DNS server. This is used to copy data from the master DNS server to Slave servers. The primary/master DNS server should allow the zone transfer only to its secondary/slave servers. The Zone Transfer vulnerability arises when the primary server allows zone transfer to anyone who requests it.

By exploiting this vulnerability, attackers can get a copy of the zone file. This may not have a direct impact on the organization. But the attackers can collect a lot of information about the IP addresses and domains which will help in developing a plan to exploit and break into an organization.