After working on dnsmap for a few months whenever time allowed, I decided there were enough additional goodies to make version 0.30 a new public release.
Let me just say that a lot of the bugs that have been fixed, and features that have been added to this version would not be possible without the feedback from great folks such as Borys Lacki (www.bothunters.pl), Philipp Winter (7c0.org) and meathive (kinqpinz.info).
Thanks guys, your feedback was highly valuable to me. [...]
We just released a new version of dnsmap. dnsmap is a subdomain bruteforcer for stealth enumeration.
Originally released in 2006, dnsmap is mainly meant to be used by pentesters during the information gathering/enumeration phase of infrastructure security assessments. During the enumeration stage, the security consultant would typically discover the target company’s IP netblocks, domain names, phone numbers, etc. [...]
In the last couple of months I’ve been working on some Web Service discovery techniques. There are a couple of them but I would like to share the most recent ones (the one that makes most sense to me today). You can check Massive Enumeration Toolset (MET) if you need tools to automate the discovery process.
Web Services are usually described with WSDL (Web Service Description Language) files. This means that the easiest way to find services is to search for these files. [...]
Massive Enumeration Toolset (MET) is a collection of Python scripts designed to perform various passive information gathering attacks which can be useful when evaluating the security of public computer networks.
The first release of MET was purely Google orientated because my personal interest towards the search engine started to increase immensely at that time of coding. Soon I realized that, although considered the best, Google is not enough when you want to do more advanced explorations. [...]
test your web apps with websecurify application security testing runtime