← 返回命令列表

Linux command

dnsmap 命令

文本

复制后可按需替换文件名、目录或参数。

常用示例

Example

dnsmap [example.com]

Example

dnsmap [example.com] -w [path/to/wordlist.txt]

Example

dnsmap [example.com] -c [path/to/file.csv]

Ignore

dnsmap [example.com] -i [123.45.67.89,98.76.54.32]

说明

dnsmap is a subdomain brute-force enumeration tool that uses DNS queries to discover subdomains not listed in public DNS records. It works by attempting to resolve potential subdomain names from a wordlist, identifying which ones successfully resolve to IP addresses. The tool comes with a built-in wordlist of common subdomain names (www, mail, ftp, etc.), but custom wordlists can be specified for more thorough enumeration. DNS wildcard configurations can cause false positives where all subdomains resolve to the same IP; the -i flag allows filtering out these known wildcard addresses. Results can be saved to CSV format for further analysis. The tool is commonly used in penetration testing reconnaissance to map an organization's DNS footprint and discover potential attack surfaces like development servers, staging environments, or forgotten subdomains.

参数

-w _wordlist_
Use custom wordlist file
-c _file_
Output results to CSV file
-i _IPs_
Comma-separated IPs to ignore (false positives)
-d _delay_
Delay between queries (milliseconds)
-r _file_
Save results to regular file

FAQ

What is the dnsmap command used for?

dnsmap is a subdomain brute-force enumeration tool that uses DNS queries to discover subdomains not listed in public DNS records. It works by attempting to resolve potential subdomain names from a wordlist, identifying which ones successfully resolve to IP addresses. The tool comes with a built-in wordlist of common subdomain names (www, mail, ftp, etc.), but custom wordlists can be specified for more thorough enumeration. DNS wildcard configurations can cause false positives where all subdomains resolve to the same IP; the -i flag allows filtering out these known wildcard addresses. Results can be saved to CSV format for further analysis. The tool is commonly used in penetration testing reconnaissance to map an organization's DNS footprint and discover potential attack surfaces like development servers, staging environments, or forgotten subdomains.

How do I run a basic dnsmap example?

Run `dnsmap [example.com]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

What does -w _wordlist_ do in dnsmap?

Use custom wordlist file