Tuesday, May 25, 2010

Adding and using hostmap.rb to BT4

The next is hostmap.rb a ruby script for DNS
This tool is available at http://hostmap.lonerunners.net/

So to get started visit the above link, download and save the tarball.

root@dorkness:/tmp/# tar xvf hostmap-0.2.2.tar

Remove the tarball, move the directory to /pentest/enumeration/hostmap-0.2.2/

root@dorkness:/tmp/# rm -rf hostmap-0.2.2.tar*


root@dorkness:pentest/enumeration/hostmap-0.2.2# ruby hostmap.rb -h

Usage: hostmap.rb [options] -t [target]
Target options:
-t, --target [STRING] set target domain
Discovery options:
--with-zonetransfer
enable DNS zone transfer check
--without-bruteforce
disable DNS bruteforcing
--without-dnsexpansion
disable DNS TLD expansion
--bruteforce-level [STRING]
set bruteforce aggressivity, values are lite, custom or full (default is lite)
--without-be-paranoid
don't check the results consistency
--http-ports [STRING]
set a comma separated list of custom HTTP ports to check
--only-passive
passive discovery, don't make network activity to the target network
--timeout [STRING]
set plugin timeout
--threads [STRING]
set concurrent threads number
Networking options:
-d, --dns [STRING] set a comma separated list of DNS servers IP addresses to use instead of system defaults
Output options:
--print-maltego
set output formatted for Maltego
-v, --verbose set verbose mode
Misc options:
--without-update
skip update check
-h, --help show this help message

root@dorkness:pentest/enumeration/hostmap-0.2.2#


Note: You will need to give an IP address, you can not use domain names.

An example of usage is as follows:

root@dorkness:/pentest/enumeration/hostmap-0.2.2# ruby hostmap.rb --only-passive --without-update -t 80.65.162.250
hostmap 0.2.2 codename truppola
Coded by Alessandro `jekil` Tanasi

[2010-05-25 22:41] Skipping SSL because only passive checks are enabled
[2010-05-25 22:41] Found new hostname queer.ba
[2010-05-25 22:41] Found new domain queer.ba
[2010-05-25 22:41] Found new hostname diocletian.httpool.ba
[2010-05-25 22:41] Found new domain httpool.ba
[2010-05-25 22:41] Found new nameserver ns.queer.ba
[2010-05-25 22:41] Found new hostname www.queer.ba
[2010-05-25 22:41] Found new hostname www.queer.ba
[2010-05-25 22:41] Found new nameserver ns02.europronet.ba
[2010-05-25 22:41] Skipping DNS Zone transfer because it is enabled only passive checks.
[2010-05-25 22:41] Skipping DNS Zone transfer because it is enabled only passive checks.
[2010-05-25 22:41] Skipping DNS bruteforce because it is enabled only passive checks
[2010-05-25 22:41] Found new mail server mx2.europronet.ba
[2010-05-25 22:41] Found new mail server mx3.europronet.ba
[2010-05-25 22:41] Found new mail server mx1.europronet.ba
[2010-05-25 22:41] Found new nameserver ns1.httpool.com
[2010-05-25 22:41] Found new nameserver ns2.httpool.com
[2010-05-25 22:41] Skipping DNS Zone transfer because it is enabled only passive checks.
[2010-05-25 22:41] Skipping DNS bruteforce because it is enabled only passive checks

Results for 80.65.162.250
Served by name server (probably)
ns2.httpool.com
ns1.httpool.com
ns.queer.ba
ns02.europronet.ba
Served by mail exchange (probably)
mx1.europronet.ba
mx3.europronet.ba
mx2.europronet.ba
Hostnames:
www.queer.ba
diocletian.httpool.ba
queer.ba
root@dorkness:/pentest/enumeration/hostmap-0.2.2#


Note: I used the --only-passive flag, the --without-update flags this should be self explanatory. -t is for target

As you can see there are several other options to work with. Those I will leave up to you to work with.

Enjoy

1 comment:

Anonymous said...

(For newbies like me) To add icon to menu list and launch in Konsole as help menu in relevant directory, keeping terminal open afterwards as with most Backtrack menu items:

Right click kmenu icon, select menu editor to open kde menu editor, press ctrl+n to create new icon, enter name and click Ok, and drag new icon to desired location in menu tree.

In right panel enter sh -c "ruby hostmap.rb -h; sudo -s" in command text box, set workpath to /pentest/enumeration/hostmap-0.2.2, and set to run in terminal.

Ctrl+s to save and you're good to go.