Dumb – Domain Bruteforce , A tool to bruteforce domains

Share this…

How DUMB works

Dumb works with a masked dumain for substitution. The dumain can have as many masks as you want as long as you pass the according wordlists, explain information security training experts. 


  1. Bruteforcing subdumains:

Using the mask DUMB.dumain.com and the following wordlists:

  • www
  • ftp
  • backoffice

Dumb will generate the following dumains for bruteforce:

  • https://www.dumain.com.
  • ftp.dumain.com.
  • backoffice.dumain.com.

Information security experts explain, for subdumains, you can only pass dumain.com and dumb will understand as DUMB.dumain.com.

  1. Bruteforcing domain endings:

Using the same principle, you can pass as mask dumain.DUMB with the following wordlist:

  • com
  • net
  • org

Dumb will generate the following dumains for bruteforce:

  • dumain.com.
  • dumain.net.
  • dumain.org.
  1. Bruteforcing everything:

To bruteforce everything you can pass the mask as “DUMB.DUMB.DUMB” passing three wordlists:

  • wordlist1 wordlist2   wordlist3
  • www foo         com
  • ftp bar         net

Dumb will generate:

  • https://www.foo.com.
  • ftp.foo.com.
  • https://www.bar.com.
  • ftp.bar.com.
  • https://www.foo.net.
  • ftp.foo.net.
  • https://www.bar.net.
  • ftp.bar.net.

dumb 2

dumb 1