Quick update: As @MikeDamm points out, xargs has a -P option that can do the same thing I’m using parallel for. If you have a supported version of xargs you can use -P 0 to do the same thing as -j0 with parallel, but if your version doesn’t support the 0 you can simply use the same number parallel uses ala:
cat subdomains.txt | xargs -P 122 -I subdomain dig +noall subdomain.microsoft.com +answer
This results in roughly the same completion time as it’s parallel counterpart. Thanks @MikeDamm!
There are some great discussions on the NoVA Hackers mailing list. One such discussion was about what the best way to do dns hostname brute forcing was and which tool is better than another. For me, I just use the command line and then parse the results (or just ask the deepmagic.com database ;-)
Here is what I do:
First, you need a good list of DNS sub domains / hostnames. Personally I use the list provided over at http://www.ethicalhack3r.co.uk/zone-transfers-on-the-alexa-top-1-million/ (with a few minor tweaks). If you haven’t read that post and follow-on posts you really should. But take the list and save it locally. Then just run the following command:
cat subdomains.txt | xargs -t -I subdomain dig +noall subdomain.microsoft.com +answer
Now, xargs is great but does one thing at a time and can be quite slow if your subdomains list is large. With the use of the amazing tool GNU parallel you can get done in a matter of seconds, well, that or knock over your home router.
cat subdomains.txt | parallel -k -j0 dig +noall {}.microsoft.com +answer
Warning: the -j0 option maxes out the possible file handles and jobs that your CPU/kernel can handle, which usually destroys VMs. Just a smaller job count like 100 or 50 if you want the speed without the crash ;-)
with an output something list this:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
|
parallel: Warning: Only enough file handles to run 122 jobs in parallel.
Raising ulimit -n or /etc/security/limits.conf may help.
parallel: Warning: No more file handles. Raising ulimit -n or /etc/security/limits.conf may help.
mail.microsoft.com. 2369 IN A 131.107.125.5
www.microsoft.com. 0 IN CNAME toggle.www.ms.akadns.net.
toggle.www.ms.akadns.net. 0 IN CNAME g.www.ms.akadns.net.
g.www.ms.akadns.net. 0 IN CNAME lb1.www.ms.akadns.net.
lb1.www.ms.akadns.net. 263 IN A 64.4.11.42
m.microsoft.com. 0 IN CNAME origin.mobile.ms.akadns.net.
origin.mobile.ms.akadns.net. 300 IN A 65.55.186.235
ftp.microsoft.com. 0 IN CNAME ftp.microsoft.akadns.net.
ftp.microsoft.akadns.net. 259 IN A 64.4.17.176
mobile.microsoft.com. 0 IN CNAME origin.mobile.ms.akadns.net.
origin.mobile.ms.akadns.net. 300 IN A 65.55.186.235
smtp.microsoft.com. 3600 IN A 131.107.115.215
smtp.microsoft.com. 3600 IN A 131.107.115.214
smtp.microsoft.com. 3600 IN A 205.248.106.64
smtp.microsoft.com. 3600 IN A 205.248.106.30
smtp.microsoft.com. 3600 IN A 205.248.106.32
smtp.microsoft.com. 3600 IN A 131.107.115.212
search.microsoft.com. 0 IN CNAME search.microsoft.akadns.net.
search.microsoft.akadns.net. 0 IN CNAME search.msn.com.edgesuite.net.
search.msn.com.edgesuite.net. 0 IN CNAME a134.g.akamai.net.
a134.g.akamai.net. 19 IN A 209.107.220.27
a134.g.akamai.net. 19 IN A 209.107.220.35
dev.microsoft.com. 0 IN CNAME msdn.microsoft.com.
msdn.microsoft.com. 0 IN CNAME msdn.microsoft.akadns.net.
msdn.microsoft.akadns.net. 600 IN A 157.56.148.19
img.microsoft.com. 0 IN CNAME i.microsoft.com.edgesuite.net.
i.microsoft.com.edgesuite.net. 0 IN CNAME a1475.g.akamai.net.
a1475.g.akamai.net. 20 IN A 165.254.158.48
a1475.g.akamai.net. 20 IN A 165.254.158.9
news.microsoft.com. 0 IN CNAME msnews.microsoft.com.
msnews.microsoft.com. 3600 IN A 207.46.248.16
mail2.microsoft.com. 3600 IN A 131.107.115.215
beta.microsoft.com. 0 IN CNAME connect.microsoft.akadns.net.
connect.microsoft.akadns.net. 300 IN A 65.52.103.84
support.microsoft.com. 0 IN CNAME mso-geo.microsoft.akadns.net.
mso-geo.microsoft.akadns.net. 0 IN CNAME support.microsoft.akadns.net.
support.microsoft.akadns.net. 175 IN A 157.56.56.139
my.microsoft.com. 3600 IN A 134.170.255.29
help.microsoft.com. 0 IN CNAME help.msn.com.
mail3.microsoft.com. 3600 IN A 131.107.115.214
download.microsoft.com. 0 IN CNAME download.microsoft.com.nsatc.net.
download.microsoft.com.nsatc.net. 0 IN CNAME main.dl.ms.akadns.net.
main.dl.ms.akadns.net. 0 IN CNAME download.microsoft.com.edgesuite.net.
download.microsoft.com.edgesuite.net. 0 IN CNAME a954.dscms.akamai.net.
a954.dscms.akamai.net. 0 IN CNAME a954.dscms.akamai.net.0.1.cn.akamaitech.net.
a954.dscms.akamai.net.0.1.cn.akamaitech.net. 1 IN A 69.31.75.184
a954.dscms.akamai.net.0.1.cn.akamaitech.net. 1 IN A 69.31.75.168
shop.microsoft.com. 3600 IN A 64.4.11.37
shop.microsoft.com. 3600 IN A 65.55.58.201
games.microsoft.com. 3600 IN A 207.46.166.10
business.microsoft.com. 3600 IN A 65.55.57.98
ws.microsoft.com. 0 IN CNAME ws.microsoft.com.nsatc.net.
gateway.microsoft.com. 3600 IN A 131.107.16.142
gateway.microsoft.com. 3600 IN A 131.107.16.143
members.microsoft.com. 0 IN CNAME members.microsoft.akadns.net.
members.microsoft.akadns.net. 219 IN A 65.55.57.28
c.microsoft.com. 0 IN CNAME c.microsoft.akadns.net.
c.microsoft.akadns.net. 215 IN A 65.55.58.199
g.microsoft.com. 0 IN CNAME g.msn.com.
g.msn.com. 0 IN CNAME g.msn.com.nsatc.net.
g.msn.com.nsatc.net. 142 IN A 131.253.34.154
mail4.microsoft.com. 3600 IN A 205.248.106.64
mail1.microsoft.com. 3600 IN A 131.107.115.212
apps.microsoft.com. 0 IN CNAME apps.windows.akadns.net.
apps.windows.akadns.net. 0 IN CNAME services.windows.akadns.net.
services.windows.akadns.net. 0 IN CNAME services-perf.windows.akadns.net.
services-perf.windows.akadns.net. 46 IN A 134.170.30.204
email.microsoft.com. 1989 IN A 157.55.150.73
i.microsoft.com. 0 IN CNAME i.toggle.www.ms.akadns.net.
i.toggle.www.ms.akadns.net. 0 IN CNAME i.g.www.ms.akadns.net.
i.g.www.ms.akadns.net. 0 IN CNAME i.microsoft.com.edgesuite.net.
i.microsoft.com.edgesuite.net. 0 IN CNAME a1475.g.akamai.net.
a1475.g.akamai.net. 8 IN A 23.62.111.114
a1475.g.akamai.net. 8 IN A 23.62.111.104
s.microsoft.com. 0 IN CNAME reroute.microsoft.com.
reroute.microsoft.com. 3600 IN A 64.4.11.37
reroute.microsoft.com. 3600 IN A 65.55.58.201
community.microsoft.com. 0 IN CNAME communities.microsoft.com.
communities.microsoft.com. 3600 IN A 64.4.11.37
communities.microsoft.com. 3600 IN A 65.55.58.201
connect.microsoft.com. 0 IN CNAME connect.microsoft.akadns.net.
connect.microsoft.akadns.net. 152 IN A 65.52.103.84
rss.microsoft.com. 796 IN A 65.55.58.201
rss.microsoft.com. 796 IN A 64.4.11.37
home.microsoft.com. 0 IN CNAME redir.blu.cb3.glbdns.microsoft.com.
redir.blu.cb3.glbdns.microsoft.com. 116 IN A 65.55.206.229
jp.microsoft.com. 3600 IN A 65.55.58.201
jp.microsoft.com. 3600 IN A 64.4.11.37
labs.microsoft.com. 3600 IN A 64.4.11.37
labs.microsoft.com. 3600 IN A 65.55.58.201
exchange.microsoft.com. 2120 IN A 65.55.31.35
marketing.microsoft.com. 3600 IN A 207.46.242.110
mac.microsoft.com. 3600 IN A 64.4.11.37
mac.microsoft.com. 3600 IN A 65.55.58.201
feeds.microsoft.com. 3600 IN A 65.55.57.98
partners.microsoft.com. 0 IN CNAME pmc.partners.microsoft.akadns.net.
pmc.partners.microsoft.akadns.net. 300 IN A 131.107.119.14
feed.microsoft.com. 0 IN CNAME feed.trafficmanager.net.
feed.trafficmanager.net. 0 IN CNAME feedna.cloudapp.net.
feedna.cloudapp.net. 10 IN A 65.52.9.172
partner.microsoft.com. 0 IN CNAME portal.partners.microsoft.akadns.net.
portal.partners.microsoft.akadns.net. 300 IN A 131.107.119.163
cs.microsoft.com. 0 IN CNAME wedcs.trafficmanager.net.
wedcs.trafficmanager.net. 0 IN CNAME wedcseus.cloudapp.net.
wedcseus.cloudapp.net. 10 IN A 137.116.48.250
forums.microsoft.com. 0 IN CNAME forums.microsoft.akadns.net.
forums.microsoft.akadns.net. 600 IN A 65.52.103.99
meet.microsoft.com. 3600 IN A 131.107.1.71
e.microsoft.com. 3600 IN A 191.234.1.50
autodiscover.microsoft.com. 2358 IN A 131.107.125.5
im.microsoft.com. 3600 IN A 131.107.1.75
sip.microsoft.com. 2228 IN A 65.55.30.130
me.microsoft.com. 0 IN CNAME edm.cloudapp.net.
dig: 'm..microsoft.com' is not a legal name (empty label)
billing.microsoft.com. 0 IN CNAME paymenthubprod.trafficmanager.net.
paymenthubprod.trafficmanager.net. 0 IN CNAME paymenthubuxprod1.cloudapp.net.
paymenthubuxprod1.cloudapp.net. 10 IN A 168.62.198.20
profile.microsoft.com. 0 IN CNAME profile.microsoft.akadns.net.
profile.microsoft.akadns.net. 335 IN A 64.4.11.47
research.microsoft.com. 806 IN A 131.107.65.14
sharepoint.microsoft.com. 3463 IN A 64.4.6.100
sharepoint.microsoft.com. 3463 IN A 65.55.39.10
appdev.microsoft.com. 0 IN CNAME appdev.windows.akadns.net.
appdev.windows.akadns.net. 131 IN A 134.170.30.200
newsletters.microsoft.com. 3150 IN A 207.46.248.35
advertising.microsoft.com. 0 IN CNAME advertising.microsoft.com.nsatc.net.
advertising.microsoft.com.nsatc.net. 245 IN A 65.52.100.46
catalog.microsoft.com. 0 IN CNAME genuine.microsoft.akadns.net.
genuine.microsoft.akadns.net. 300 IN A 65.55.58.177
social.microsoft.com. 0 IN CNAME lb.social.ms.akadns.net.
lb.social.ms.akadns.net. 54 IN A 65.52.103.78
events.microsoft.com. 1776 IN A 64.4.11.31
events.microsoft.com. 1776 IN A 65.55.58.192
ajax.microsoft.com. 0 IN CNAME mscomajax.vo.msecnd.net.
mscomajax.vo.msecnd.net. 208 IN A 65.54.81.164
mscomajax.vo.msecnd.net. 208 IN A 65.54.81.12
developer.microsoft.com. 0 IN CNAME msdn.microsoft.com.
msdn.microsoft.com. 0 IN CNAME msdn.microsoft.akadns.net.
msdn.microsoft.akadns.net. 600 IN A 157.56.148.19
bbs.microsoft.com. 0 IN CNAME transfer.microsoft.com.
transfer.microsoft.com. 3600 IN A 64.4.10.152
backoffice.microsoft.com. 3600 IN A 64.4.11.37
backoffice.microsoft.com. 3600 IN A 65.55.58.201
|