dnsmap was originally released back in 2006 and was inspired by the fictional story “The Thief No One Saw” by Paul Craig, which can be found in the book “Stealing the Network – How to 0wn the Box”.
it is mainly meant to be used by pentesters during the information gathering/enumeration phase of infrastructure security assessments. During the enumeration stage, the security consultant would typically discover the target company’s IP netblocks, domain names, phone numbers, etc …
Subdomain brute-forcing is another technique that should be used in the enumeration stage, as it’s especially useful when other domain enumeration techniques such as zone transfers don’t work (I rarely see zone transfers being publicly allowed these days by the way).
It as the name suggest is DNS Network Mapper which is used for multiple purposes. Basically It is an passive Network Mapper and often called as Sub domain brute force tool.
dnsmap <target-domain> [options]
-w <wordlist-file> -r <regular-results-file> -c <csv-results-file> -d <delay-millisecs> -i <ips-to-ignore> (useful if you're obtaining false positives)
cyborg@cyborg:~$ dnsmap ztrela.com -w wordlist.txt -r ztrela.txt dns map 0.30 - DNS Network Mapper by pagvac (gnucitizen.org) [+] searching (sub)domains for ztrela.com using wordlist.txt [+] using maximum random delay of 10 millisecond(s) between requests cyborg.ztrela.com IP address #1: 126.96.36.199 web.ztrela.com IP address #1: 188.8.131.52 [+] 2 (sub)domains and 2 IP address(es) found [+] regular-format results can be found on ztrela.txt [+] completion time: 1 second(s)