A tool to perform DNS reconnaissance on target networks. The results include a variety of information that are useful for users performing network reconnaissance. Some of the information return include
- Host subdomains
- Different dns informat(MX, A record)
- Geo information
- requests
- dnspython
- simplejson
- ip2geotools
- ipwhois
$ pip3 install -r requirements.txt$ python3 dnsdumpster.py -d nmmapper.com Starting dns dump against nmmapper.com Searching using engine Netcraft Searching using engine Virustotal Searching using engine ThreatCrowd Searching using engine SSL Certificates [ { "asn": { "asn": "51167", "asn_cidr": "173.212.192.0/19", "asn_country_code": "DE", "asn_date": "2009-10-26", "asn_description": "CONTABO, DE", "asn_registry": "ripencc" }, "domain": "nmmapper.com", "geo": { "city": "Munich (Ramersdorf-Perlach)", "country": "DE", "ip_address": "173.212.208.249", "latitude": null, "longitude": null, "region": "Bavaria" }, "subdomain": "www.nmmapper.com", "subdomain_ip": "173.212.208.249" }, { "asn": { "asn": "51167", "asn_cidr": "207.180.222.0/23", "asn_country_code": "DE", "asn_date": "1996-08-21", "asn_description": "CONTABO, DE", "asn_registry": "ripencc" }, "domain": "nmmapper.com", "geo": { "city": "Munich (Ramersdorf-Perlach)", "country": "DE", "ip_address": "207.180.222.55", "latitude": null, "longitude": null, "region": "Bavaria" }, "subdomain": "analytics.nmmapper.com", "subdomain_ip": "207.180.222.55" }, { "asn": { "asn": "51167", "asn_cidr": "173.212.192.0/19", "asn_country_code": "DE", "asn_date": "2009-10-26", "asn_description": "CONTABO, DE", "asn_registry": "ripencc" }, "domain": "nmmapper.com", "geo": { "city": "Munich (Ramersdorf-Perlach)", "country": "DE", "ip_address": "173.212.208.249", "latitude": null, "longitude": null, "region": "Bavaria" }, "subdomain": "celery.nmmapper.com", "subdomain_ip": "173.212.208.249" }, { "asn": { "asn": "51167", "asn_cidr": "167.86.88.0/23", "asn_country_code": "DE", "asn_date": "1993-05-14", "asn_description": "CONTABO, DE", "asn_registry": "ripencc" }, "domain": "nmmapper.com", "geo": { "city": "Munich (Ramersdorf-Perlach)", "country": "DE", "ip_address": "167.86.88.139", "latitude": null, "longitude": null, "region": "Bavaria" }, "subdomain": "clk.nmmapper.com", "subdomain_ip": "167.86.88.139" }, { "asn": { "asn": "51167", "asn_cidr": "167.86.88.0/23", "asn_country_code": "DE", "asn_date": "1993-05-14", "asn_description": "CONTABO, DE", "asn_registry": "ripencc" }, "domain": "nmmapper.com", "geo": { "city": "Munich (Ramersdorf-Perlach)", "country": "DE", "ip_address": "167.86.88.139", "latitude": null, "longitude": null, "region": "Bavaria" }, "subdomain": "d1.nmmapper.com", "subdomain_ip": "167.86.88.139" }, { "asn": { "asn": "51167", "asn_cidr": "173.212.192.0/19", "asn_country_code": "DE", "asn_date": "2009-10-26", "asn_description": "CONTABO, DE", "asn_registry": "ripencc" }, "domain": "nmmapper.com", "geo": { "city": "Munich (Ramersdorf-Perlach)", "country": "DE", "ip_address": "173.212.208.249", "latitude": null, "longitude": null, "region": "Bavaria" }, "subdomain": "goaccess.nmmapper.com", "subdomain_ip": "173.212.208.249" }, { "asn": { "asn": "51167", "asn_cidr": "167.86.88.0/23", "asn_country_code": "DE", "asn_date": "1993-05-14", "asn_description": "CONTABO, DE", "asn_registry": "ripencc" }, "domain": "nmmapper.com", "geo": { "city": "Munich (Ramersdorf-Perlach)", "country": "DE", "ip_address": "167.86.88.139", "latitude": null, "longitude": null, "region": "Bavaria" }, "subdomain": "mail.nmmapper.com", "subdomain_ip": "167.86.88.139" }, { "asn": { "asn": "51167", "asn_cidr": "167.86.88.0/23", "asn_country_code": "DE", "asn_date": "1993-05-14", "asn_description": "CONTABO, DE", "asn_registry": "ripencc" }, "domain": "nmmapper.com", "geo": { "city": "Munich (Ramersdorf-Perlach)", "country": "DE", "ip_address": "167.86.88.139", "latitude": null, "longitude": null, "region": "Bavaria" }, "subdomain": "p0-cdn.nmmapper.com", "subdomain_ip": "167.86.88.139" }, { "asn": { "asn": "51167", "asn_cidr": "167.86.88.0/23", "asn_country_code": "DE", "asn_date": "1993-05-14", "asn_description": "CONTABO, DE", "asn_registry": "ripencc" }, "domain": "nmmapper.com", "geo": { "city": "Munich (Ramersdorf-Perlach)", "country": "DE", "ip_address": "167.86.88.139", "latitude": null, "longitude": null, "region": "Bavaria" }, "subdomain": "p352931.nmmapper.com", "subdomain_ip": "167.86.88.139" }, { "asn": { "asn": "51167", "asn_cidr": "167.86.88.0/23", "asn_country_code": "DE", "asn_date": "1993-05-14", "asn_description": "CONTABO, DE", "asn_registry": "ripencc" }, "domain": "nmmapper.com", "geo": { "city": "Munich (Ramersdorf-Perlach)", "country": "DE", "ip_address": "167.86.88.139", "latitude": null, "longitude": null, "region": "Bavaria" }, "subdomain": "p352931-cdn.nmmapper.com", "subdomain_ip": "167.86.88.139" }, { "asn": { "asn": "51167", "asn_cidr": "167.86.88.0/23", "asn_country_code": "DE", "asn_date": "1993-05-14", "asn_description": "CONTABO, DE", "asn_registry": "ripencc" }, "domain": "nmmapper.com", "geo": { "city": "Munich (Ramersdorf-Perlach)", "country": "DE", "ip_address": "167.86.88.139", "latitude": null, "longitude": null, "region": "Bavaria" }, "subdomain": "upstream.nmmapper.com", "subdomain_ip": "167.86.88.139" }, { "asn": null, "domain": "nmmapper.com", "geo": null, "subdomain": "webook.nmmapper.com", "subdomain_ip": "" }, { "asn": { "asn": "15169", "asn_cidr": "34.64.0.0/14", "asn_country_code": "US", "asn_date": "2018-09-28", "asn_description": "GOOGLE - Google LLC, US", "asn_registry": "arin" }, "domain": "nmmapper.com", "geo": { "city": "Ashburn", "country": "US", "ip_address": "34.67.67.41", "latitude": 39.0437192, "longitude": -77.4874899, "region": "Virginia" }, "subdomain": "wss.nmmapper.com", "subdomain_ip": "34.67.67.41" }, { "asn": null, "domain": "nmmapper.com", "geo": null, "subdomain": "wss1.nmmapper.com", "subdomain_ip": "" } ]There is support for web application firewall detection. When all subdomains have been enumerated we detect if each of the subdomain is behind a web application firewall. To detect web application firewalls we use WAFW00F by Enable Security
from wafw00f.main import WafW00F detector = WafW00F(host) waf = detector.identwaf() if(waf): return waf[0] else: return ""{ "asn": { "asn": "13335", "asn_cidr": "104.27.160.0/20", "asn_country_code": "US", "asn_date": "2014-03-28", "asn_description": "CLOUDFLARENET - Cloudflare, Inc., US", "asn_registry": "arin" }, "geo": { "city": "Ashburn", "country": "US", "ip_address": "104.27.171.116", "latitude": 39.0437192, "longitude": -77.4874899, "region": "Virginia" }, "server": "cloudflare", "subdomain": "mail.mp3hunter.net", "subdomain_ip": "104.27.171.116", "waf": "Cloudflare (Cloudflare Inc.)" }, Web server detection, the tool also supports web server detection on both the main domain and the subdomains that have been enumerated. Here is a piece of code that does the detection
def get_server_type(host): """ :param host: the server we want to get it's server @return str """ try: ua = get_user_agent() headers = { 'User-Agent': ua, 'From': 'info@nmmapper.com' } res = requests.get(add_protocol(host), headers=headers) if(res.headers): return res.headers.get("Server") else: return "" except Exception as e: return ""