How DUMB works
Dumb works with a masked dumain for substitution. The dumain can have as many masks as you want as long as you pass the according wordlists, explain information security training experts.
- Bruteforcing subdumains:
Using the mask DUMB.dumain.com and the following wordlists:
- www
- ftp
- backoffice
Dumb will generate the following dumains for bruteforce:
- https://www.dumain.com.
- ftp.dumain.com.
- backoffice.dumain.com.
Information security experts explain, for subdumains, you can only pass dumain.com and dumb will understand as DUMB.dumain.com.
- Bruteforcing domain endings:
Using the same principle, you can pass as mask dumain.DUMB with the following wordlist:
- com
- net
- org
Dumb will generate the following dumains for bruteforce:
- dumain.com.
- dumain.net.
- dumain.org.
- Bruteforcing everything:
To bruteforce everything you can pass the mask as “DUMB.DUMB.DUMB” passing three wordlists:
- wordlist1 wordlist2 wordlist3
- www foo com
- ftp bar net
Dumb will generate:
- https://www.foo.com.
- ftp.foo.com.
- https://www.bar.com.
- ftp.bar.com.
- https://www.foo.net.
- ftp.foo.net.
- https://www.bar.net.
- ftp.bar.net.
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.
