Repository files navigation

A tool to bruteforce dumains!

Dumb works with a masked dumain for substitution. The dumain can have as many masks as you want as long as you pass the according wordlists. For example:

Using the maskDUMB.dumain.com and the following wordlists:

wwwftpbackoffice

Dumb will generate the following dumains for bruteforce:

www.dumain.comftp.dumain.combackoffice.dumain.com

For subdumains, you can only passdumain.com and dumb will understand asDUMB.dumain.com.

Using the same principle, you can pass as maskdumain.DUMB with the following wordlist:

comnetorg

Dumb will generate the following dumains for bruteforce:

dumain.comdumain.netdumain.org

To bruteforceeverything you can pass the mask as "DUMB.DUMB.DUMB" passing three wordlists:

wordlist1   wordlist2   wordlist3www         foo         comftp         bar         net

Dumb will generate:

www.foo.comftp.foo.comwww.bar.comftp.bar.comwww.foo.netftp.foo.netwww.bar.netftp.bar.net

Dumb receives the dumain mask as first parameter and the wordlists following. The number of wordlists must match the number of masks in the dumain. For example:

• One mask:
  $ dumb "DUMB.dumain.com" wordlists/foo.txt
• Two masks:
  $ dumb "DUMB.dumain.DUMB" wordlists/foo.txt wordlists/bar.txt
• Several masks:
  $ dumb "DUMB-DUMB-DUMB_DUMB.DUMB.DUMB" wordlists/foo_1.txt ... wordlists/foo_6.txt

If you don't want to build from source, you can use the docker version:

• docker run -it giovanifss/dumb "DUMB.dumain.com" subdomains.txt
  Also, if you want to test the newest code (beta) with improvements, use:
• docker run -it giovanifss/dumb:beta "DUMB.dumain.com" subdomains.txt
  Note that the beta may be unstable or do not perform well

All the wordlists inwordlists/ are inside the docker container in filesystem root/, this means that you can call dumb passing the wordlists name:

• docker run -it giovanifss/dumb "DUMB.dumain.com" (subdomains.txt|subdominios.txt|domain-endings.txt)

To work with local wordlists that aren't present inside the container, you can use docker volumes:
docker run -v local/wordlist.txt:/opt/wordlist.txt -it giovanifss/dumb "DUMB.dumain.com" /opt/wordlist.txt

If you want to build from source you will needstack:

• Enter in the project directory and run$ stack build.
• To execute:$ stack exec dumb "DUMB.dumain.com" wordlists/subdomains.txt

Note that some older versions of stack have some problems to build the project (Debian stack package, for example). Make sure you get the latest stack version.

Future planned features are:

• Argument parser support, for better configuration of the tool execution;
• Post analysis of found dumains, generating statistics and metrics;

The tool performance will highly depend on your network connection. Usually, it should take less then 10 seconds to finish a subdumain burteforce with thewordlists/subdomains.txt wordlist.

If you have a good connection and think that the tool is slow, try changing the1000 in thesplitDomains function call, e.g.mapM_ (MP.mapM_ (resolve rs)) (splitDomains 1000 allDomains), to a higher value.

Alternatively, you can changemapM_ (MP.mapM_ (resolve rs)) (splitDomains 1000 allDomains) toMP.mapM_ (resolve rs) allDomains to execute all the requests in parallel.