Information about so-called DNSMAP experiments with the following details has been released: [it will allow] "obtain *all* IP addresses (A records) associated to each successfully bruteforced subdomain, rather than just one IP address per subdomain"
More at http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049528.html
The following statement is part of the posting: "remember all this tool does is resolve subdomains. *No* packets are sent to the bruteforced subdomains." |
Very interesting. Thanks for the info.
Maybe I should run it against my word lists and update this:
http://ruscoe.net/google/google-subdomains/ |
BTW, for anyone trying to run this, the dictionary file you provide needs to be in UNIX format rather than DOS format even if you're running the win32 version, otherwise the linebreaks (i.e. CR+LF) will break it. |