DNSMAP is a tool for identifying the subdomains of a given domain. It used by pentesters during the information gathering/enumeration phase of infrastructure security assessments.
Subdomain brute-forcing is another technique that should be used in the enumeration stage, as it’s especially useful when other domain enumeration techniques such as zone transfers don’t work.
Installing DNSMAP
If you don’t have DNSMAP installed in your machine, install it using the following command.
sudo apt install dnsmap
DNSMAP Usge
Using DNSMAP we can scan the subdomains of a domain simply by entering the domain name and specifying a wordlist file as shown in the example.
In addition, we can exports the requests to a Comma Seperated Values (CSV) file, set deay in between DNS requests and ignore specific IPs in the enumeration process.
If we don’t specify a wordlist file, the program will load the default wordlist and a random waiting time between requests for us.
dnsmap google.com
Other examples
Specifying custom wordlist.
dnsmap google.com.com -w yourwordlist.txt
Specifying a results file.
dnsmap google.com -r dnsmap_results.txt
Specifying a custom delay between requests
dnsmap google.com -d 3000