Dumb – Domain Bruteforce , A tool to bruteforce domains

Share this…

How DUMB works

Dumb works with a masked dumain for substitution. The dumain can have as many masks as you want as long as you pass the according wordlists, explain information security training experts. 

dumb

  1. Bruteforcing subdumains:

Using the mask DUMB.dumain.com and the following wordlists:

  • www
  • ftp
  • backoffice

Dumb will generate the following dumains for bruteforce:

  • https://www.dumain.com.
  • ftp.dumain.com.
  • backoffice.dumain.com.

Information security experts explain, for subdumains, you can only pass dumain.com and dumb will understand as DUMB.dumain.com.

  1. Bruteforcing domain endings:

Using the same principle, you can pass as mask dumain.DUMB with the following wordlist:

  • com
  • net
  • org

Dumb will generate the following dumains for bruteforce:

  • dumain.com.
  • dumain.net.
  • dumain.org.
  1. Bruteforcing everything:

To bruteforce everything you can pass the mask as “DUMB.DUMB.DUMB” passing three wordlists:

  • wordlist1 wordlist2   wordlist3
  • www foo         com
  • ftp bar         net

Dumb will generate:

  • https://www.foo.com.
  • ftp.foo.com.
  • https://www.bar.com.
  • ftp.bar.com.
  • https://www.foo.net.
  • ftp.foo.net.
  • https://www.bar.net.
  • ftp.bar.net.

dumb 2

dumb 1