DNS Brute forcing with DNSmap - kali linux

dns brute forcing dnsmap

DNS a short name of " Domain Name Server " and its brute forcing refers to find the sub domains by sending mass ping request,s to number of common or uncommon sub domains of the main domains and finding sub domains is a good practices in penetration and testing and is a part of Information Gathering process.

Example :-

There is a domain named  " securityfuse.com " and if we want to find its sub domains which could be " abc.securityfuse.com " and it is not indexed in the search engine likely in google or bing. Because many security researchers use google dork to find sub domains of a website and they don't know that there are many sub domains which the organization don't index in search engines so for this purpose they need to brute force the domain name to find its sub domains and perform the attack on its target.

Working of DNSmap

DNSmap works in a simple way , it is a linux based software / application but now it is also available for windows os and you can download it from here. It comes preloaded with kali linux and ready to use.  it contains a word list with number of common and uncommon names including alphabets , common names , uncommon names and when you command this software to find sub domains , it uses those names from its wordlist and sends a ping request to the domain by adding those names as a sub domain and valid sub domains get pinged and it displays them moreover it saves them in a file and expels the invalid domains.


 To start this , open the terminal of Kali Linux and type the below command

dnsmap securityfuse.com


Simply enter dnsmap and after a domain name with space. And do not enter www with your domain name because www itself is a sub domain and after it will take some time to brute force the domains and after it will display those domains.

To perform this step on windows , you have to follow the same step but only thing you have to do is to download it and after open the cmd and point to the folder by using the cd command such as in my case it was in c:/dnsmap so i typed
cd c:/dnsmap 
after type the above command " dnsmap website.com " and it will brute force the sub domains for you and you can simply test the security of all the sub domains.

Hope you liked this tutorial , please don't forget to share it because sharing is carding and educate others.

Visitors are strictly tend to follow the terms and conditions and The content provided on this page is the authority of Security Fuse and the content provided is only for educational purpose. Security Fuse is not responsible for any of the act caused by viewers after reading the content from *.securityfuse.com. our aim is to provide a quality information on Cyber Security and exploitation and the knowledge is only for peace and educational purpose.
Share on Google Plus

About Ahmed Mehtab

Ahmed Mehtab is a white hat cyber security researcher , speaker , trainer and blogger at security fuse. He loves to research on cyber security issues , cyber crime and hacktivism. Quote " Being a hacker without having knowledge of programming is just like a knife without sharpness ~ Ahmed Mehtab "


  1. Normally how many time it will get to find DNS ?

  2. Normally how many time it will get to find DNS ?


Hi , Please take a minute to say somthing about this post