Comments on: New Version of dnsmap out!

By: meathive

meathive — Sat, 26 Jun 2010 07:51:00 +0000

The PHP port for those interested. https://kinqpinz.info/?%C2%B6=cb252860#index

By: VydÃ¡n dnsmap 0.22 – brute force nÃ¡stroj pro subdomÃ©ny | Hacking PortÃ¡l

Thu, 28 Jan 2010 12:25:59 +0000

[...] Po staÅ¾enÃ je potÅ™eba prejmenovat soubor na dnsmap-0222.tar.gz.Â DalÅ¡Ã informace naleznete zde. 19. BÅ™ezen 2009 | Tagy: enumerace dns | Kategorie: programy | Zanechte [...]

By: Zee

Zee — Tue, 14 Jul 2009 14:01:24 +0000

My resolver does ~400-600k per minute on core 2 duo, 5 mbit.

By: new version of dnsmap

new version of dnsmap — Fri, 24 Apr 2009 14:01:14 +0000

[...] Or maybe it can be added in the repos? http://www.gnucitizen.org/blog.....nsmap-out/ [...]

By: pagvac

pagvac — Sat, 28 Mar 2009 18:58:30 +0000

pdp: the only reason why i haven’t cared much about input validation on dnsmap is because it doesn’t require the SUID bit to be on, where tools like nmap do require to be run with root privileges. i.e.: for SYN portscans. nevertheless, as DK pointed out, if someone created a web gui for dnsmap, it could lead to remote command exec. i’d hope that if someone did implement a web gui for dnsmap, they filtered malicious input from the server-side script itself, unless they want their site to be owned :)

By: pdp

pdp — Fri, 27 Mar 2009 21:07:14 +0000

as far as I know nmap has been (still is) vulnerable to all sorts of attacks for years, and it is more likely to end up with a suid bit than dnsmap. of course, it is always good to fix the bugs, ap :)

By: pagvac

pagvac — Fri, 27 Mar 2009 10:45:59 +0000

lols. thought i fixed most of those! will fix it probably when i update other things in the code i was planning to fix. thanks for that DK. we should post a working PoC, that’d be cool :)

By: David Kierznowski

David Kierznowski — Mon, 23 Mar 2009 20:38:48 +0000

Yo AP, its not that serious considering its run from the command line, but argv[1] is vulnerable to a buffer overflow. The problem is in: wildcarddetect(char *dom) VULNERABLE LINE: strcat(s, dom); FIXED: strncat(s, dom, sizeof(s));

Program received signal SIGSEGV, Segmentation fault.
0x41414141 in ?? ()
(gdb) info reg
eax            0x0      0
ecx            0xffffffe0       -32
edx            0x3      3
ebx            0x41414141       1094795585
esp            0xbf90c600       0xbf90c600
ebp            0x41414141       0x41414141
esi            0x41414141       1094795585
edi            0x41414141       1094795585
eip            0x41414141       0x41414141
eflags         0x200282 2097794
cs             0x73     115
ss             0x7b     123
ds             0x7b     123
es             0x7b     123
fs             0x0      0
gs             0x33     51

I can just imagine someone using this tool on a web frontend or something and getting themselves in trouble ;) Cheers for the cool tool. DK

By: GNa

GNa — Wed, 18 Mar 2009 20:00:20 +0000

i should also note that opendns users get the whole wordlist resolved, so they should filter out the ip 67.215.65.132 , or disable the nxdomain capture in their opendns account :)

By: GNa

GNa — Wed, 18 Mar 2009 19:53:01 +0000

kanedaaa’s patch is great for opendns users :)

for the 0.22.2 there is 1 thing to correct:

-       unsigned short int i=0, j=0, found=0, ipCount=0, wordlist=FALSE, results=FALSE;
+       unsigned short int i=0, j=0, found=0, ipCount=0, wordlist=FALSE, results=FALSE, forcewildcard=FALSE;

notice the unsigned short at the beginning

By: dnsmap 0.22 Released - Subdomain Bruteforcing Tool at bLackhammer.org

dnsmap 0.22 Released - Subdomain Bruteforcing Tool at bLackhammer.org — Tue, 17 Mar 2009 23:50:58 +0000

[...] Or read more here. [...]

By: pdp

pdp — Tue, 17 Mar 2009 16:12:25 +0000

should be fixed now!

By: Varun

Varun — Tue, 17 Mar 2009 10:54:37 +0000

The “dnsmap” link in the first sentence seems to have broken after this post was made. Leads to “http://lab.gnucitizen.org/projects/dnsmap-1″ which gives a “Page not found”. Thanks!

By: Links for March 14, 2009 « iStoleYour.info

Links for March 14, 2009 « iStoleYour.info — Sat, 14 Mar 2009 08:26:38 +0000

[...] New Version of dnsmap out! [...]

By: pagvac

pagvac — Sun, 01 Mar 2009 16:55:01 +0000

@kanedaaa: thanks for the patch, haven’t tested it yet, but wanted to let u know that i fixed a few bugs reported by users, so it’d be cool if the patch also worked on version 0.22.1: http://lab.gnucitizen.org/projects/dnsmap (downloads on bottom of page)

By: meathive

meathive — Sun, 01 Mar 2009 09:02:59 +0000

Well done. https://kinqpinz.info/lib/2009/feb/#09c81545

By: kanedaaa

kanedaaa — Fri, 27 Feb 2009 22:02:26 +0000

Small patch add -fw option to scan even wildcard is detected.

dnsmap-0.22$ patch < dnsmap.patchwildcard.patch

http://kaneda.bohater.net/file.....dcard.diff

By: pagvac

pagvac — Tue, 24 Feb 2009 23:19:19 +0000

yeah, multi-threading among other features are mentioned in the included TODO file. will eventually implement them all hopefully!

By: Interesting Information Security Bits for 02/23/2009 | Infosec Ramblings

Interesting Information Security Bits for 02/23/2009 | Infosec Ramblings — Mon, 23 Feb 2009 20:39:42 +0000

[...] released a new version of dnsmap. dnsmap is a subdomain bruteforcer for stealth enumeration.” New Version of dnsmap out! | GNUCITIZEN Tags: ( tools dnsmap [...]

By: pdp

pdp — Sun, 22 Feb 2009 23:22:37 +0000

now you need to make it multi-threaded :)