|
1 | | -# Dumb - Subdumain Bruteforcer |
| 1 | +# Dumb - Dumain Bruteforcer |
2 | 2 |
|
3 | | -A tool to bruteforce subdumains! |
| 3 | +A tool to bruteforce dumains! |
4 | 4 |
|
5 | 5 |  |
| 6 | + |
| 7 | +## How DUMB works: |
| 8 | +Dumb works with a masked dumain for substitution. The dumain can have as many masks as you want as long as you pass the according wordlists. For example: |
| 9 | + |
| 10 | +#### Bruteforcing subdumains: |
| 11 | +Using the mask `DUMB.dumain.com` and the following wordlists: |
| 12 | +``` |
| 13 | +www |
| 14 | +ftp |
| 15 | +backoffice |
| 16 | +``` |
| 17 | +Dumb will generate the following dumains for bruteforce: |
| 18 | +``` |
| 19 | +www.dumain.com |
| 20 | +ftp.dumain.com |
| 21 | +backoffice.dumain.com |
| 22 | +``` |
| 23 | +For subdumains, you can only pass `dumain.com` and dumb will understand as `DUMB.dumain.com`. |
| 24 | + |
| 25 | +#### Bruteforcing domain endings: |
| 26 | +Using the same principle, you can pass as mask `dumain.DUMB` with the following wordlist: |
| 27 | +``` |
| 28 | +com |
| 29 | +net |
| 30 | +org |
| 31 | +``` |
| 32 | +Dumb will generate the following dumains for bruteforce: |
| 33 | +``` |
| 34 | +dumain.com |
| 35 | +dumain.net |
| 36 | +dumain.org |
| 37 | +``` |
| 38 | + |
| 39 | +#### Bruteforcing everything: |
| 40 | +To bruteforce **everything** you can pass the mask as "DUMB.DUMB.DUMB" passing three wordlists: |
| 41 | +``` |
| 42 | +wordlist1 wordlist2 wordlist3 |
| 43 | +www foo com |
| 44 | +ftp bar net |
| 45 | +``` |
| 46 | +Dumb will generate: |
| 47 | +``` |
| 48 | +www.foo.com |
| 49 | +ftp.foo.com |
| 50 | +www.bar.com |
| 51 | +ftp.bar.com |
| 52 | +www.foo.net |
| 53 | +ftp.foo.net |
| 54 | +www.bar.net |
| 55 | +ftp.bar.net |
| 56 | +``` |
| 57 | + |
| 58 | +## Usage: |
| 59 | +Dumb receives the dumain mask as first parameter and the wordlists following. The number of wordlists must match the number of masks in the dumain. For example: |
| 60 | +- One mask: |
| 61 | +`$ dumb "DUMB.dumain.com" wordlists/foo.txt` |
| 62 | +- Two masks: |
| 63 | +`$ dumb "DUMB.dumain.DUMB" wordlists/foo.txt wordlists/bar.txt` |
| 64 | +- Several masks: |
| 65 | +`$ dumb "DUMB-DUMB-DUMB_DUMB.DUMB.DUMB" wordlists/foo_1.txt ... wordlists/foo_6.txt` |
| 66 | + |
| 67 | +## Docker: |
| 68 | +If you don't want to build from source, you can use the docker version: `docker run -it giovanifss/dumb "DUMB.dumain.com" subdomains.txt` |
| 69 | + |
| 70 | +To work with local wordlists that aren't present inside the container, you can use docker volumes: |
| 71 | +`docker run -v local/wordlist.txt:/opt/wordlist.txt -it giovanifss/dumb "DUMB.dumain.com" /opt/wordlist.txt` |
| 72 | + |
| 73 | +## Building from source: |
| 74 | +If you want to build from source you will need [stack](https://docs.haskellstack.org/en/stable/README/): |
| 75 | +Enter in the project directory and run `$ stack build`. |
| 76 | +Note that some older versions of stack have some problems to build the project (Debian stack package, for example). Make sure you get the latest stack version. |
| 77 | + |
| 78 | +## Future features: |
| 79 | +Future planned features are: |
| 80 | +- Argument parser support, for better configuration of the tool execution; |
| 81 | +- Post analysis of found dumains, generating statistics and metrics; |
| 82 | + |
| 83 | +## Performance: |
| 84 | +The tool performance will highly depend on your network connection. Usually, it should take less then 10 seconds to finish a subdumain burteforce with the `wordlists/subdomains.txt` wordlist. |
| 85 | + |
| 86 | +If you have a good connection and think that the tool is slow, try changing the `1000` in the `splitDomains` function call, e.g. `mapM_ (MP.mapM_ (resolve rs)) (splitDomains 1000 allDomains)`, to a higher value. |
| 87 | + |
| 88 | +Alternatively, you can change `mapM_ (MP.mapM_ (resolve rs)) (splitDomains 1000 allDomains)` to `MP.mapM_ (resolve rs) allDomains` to execute all the requests in parallel. |
0 commit comments