It is said that if you know your enemies and know yourself, you will not be imperiled in a hundred battles; if you do not know your enemies but do know yourself, you will win one and lose one; if you do not know your enemies nor yourself, you will be imperiled in every single battle.
- Sun Tzu, The Art of War
As Sun Tzu said, you have to know your enemy. During an hacking engagement, like a penetration test, you need to retrieve as much information as possible from your target in order to be successful.
Hostmap helps you using several techniques to enumerate all the hostnames and configured virtual hosts associated with an IP address.
In the real world an IP address can be registered in a DNS server with multiple host names, because it can have some aliases or hosting a bunch of websites.
IP address 184.108.40.206 can have following entries in the DNS configuration file
www.foo.com CNAME foo.com
foo.com A 220.127.116.11
mail.foo.com A 18.104.22.168
goo.com A 22.214.171.124
An user or a penetration tester,that needs to test the security of the IP address 126.96.36.199 machine needs ti know all his host names.
Here the purpose of the hostmap is to discover all the registered DNS hostname or virtual names inorder to get the better knowledge of the target machine.
USE THIS TOOL FOR LEGAL PURPOSES ONLY!
The major features of Hostmap are:
* DNS names and virtual hosts enumeration
* Multiple discovery techniques
* Results correlation, aggregation and normalization
* Multithreaded and event based engine
* Platform independent
Download hostmap from here
Untar the package and type following command to start host-name discoveries:
ruby hostmap.rb -t 192.168.1.1 and you should see something similar to ....