[Dailydave] dnsmap v0.30 + embedded devices discovery trick
Adrian P.
ap at gnucitizen.org
Thu Feb 25 02:37:16 EST 2010
Hello folks,
Just wanted to let you know that we recently released a new version of dnsmap.
dnsmap is a command line tool originally released in 2006 which helps
discover target subdomains and IP ranges during the initial stages of
an infrastructure pentest. dnsmap is a passive(ish) discovery tool
meant to be used before an actual active attack. It’s an alternative
to other discovery techniques such as whois lookups, scanning large IP
ranges, etc. Run dnsmap and you should be able spot netblocks of a
target organization in a relatively short period of time.
The following are some of the new features included in version 0.30:
IPv6 support
Makefile included
delay option (-d) added. This is useful in cases where dnsmap is
killing your bandwidth
ignore IPs option (-i) added. This allows ignoring user-supplied IPs
from the results. Useful for domains which cause dnsmap to produce
false positives
changes made to make dnsmap compatible with OpenDNS
disclosure of internal IP addresses (RFC 1918) are reported
updated built-in wordlist
included a standalone three-letter acronym (TLA) subdomains wordlist
domains susceptible to “same site” scripting are reported
completion time is now displayed to the user
mechanism to attempt to bruteforce wildcard-enabled domains
unique filename containing timestamp is now created when no specific
output filename is supplied by user
various minor bugs fixed
More info here:
http://www.gnucitizen.org/blog/dnsmap-v030-is-now-out/
We have also documented a method to find embedded devices on the web *without*:
1) Querying search engines for content that is unique to the targetted
devices (e.g.: URLs, HTML title)
or
2) Scanning random IP addresses and programmatically detecting if the
web interface of a given device is present.
Instead, we show a less popular method based on 3) bruteforcing
subdomains of DDNS services supported by the target device. As an
example, we show how this technique can be used to discover Linksys IP
cameras by using dnsmap and some bash scripting tricks:
http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-6/
Enjoy!
--
pagvac | GNUCITIZEN.org
PGP Key ID: 0x6B232C7C
More information about the Dailydave
mailing list