Using “dns-brute.nse” script, we can detect and find sub-domains associated with an organizations domain. This will help with revealing new targets when performing a security assessment.
The discovered hosts may be virtual web hosts on a single web server or may be distinct hosts on IP addresses spread across the world in different data centres.
The script will find valid DNS (A) records by trying a list of common sub-domains and finding those that successfully resolve.
Below picture shows a sample output of using dns-brute script with the below command. (corp.example.org is an example domain which can be replaced by your choice)
nmap --script dns-brute corp.example.org
The script will find valid DNS (A) records by trying a list of common sub-domains and finding those that successfully resolve.
Below picture shows a sample output of using dns-brute script with the below command. (corp.example.org is an example domain which can be replaced by your choice)
nmap --script dns-brute corp.example.org
No comments:
Post a Comment