Find hidden subdomains with DNSMap

Share this…

DNSMap: Dnsmap is a tool used to gather subdomains & information of subdomains for a target host, as per ethical hacking courses. It was developed in 2006 and last updated in 2010. This package consists of 2 scripts – dnsmap, and Dnsmap is used in scanning single domain and in bulk domains. According to ethical hacking expert from International Institute of Cyber Security, you can use dnsmap in footprinting activities also when you are doing black box penetration testing.

  • For launching dnsmap simply go to linux terminal and type dnsmap.
  • After typing dnsmap you will get below output.
  • Dnsmap will give you help, which shows available options.


  • Type dnsmap

  • If you run dnsmap without any options using only target address, it will use default list to brute forced target’s subdomains. As you see additional information in above screenshot could be used for testing.
  • For saving the output for later use in pentesting, rather than just viewing the results on the linux console. For saving the output in .txt file, type

         dnsmap -r /home/iicybersecurity/Desktop/dnsmapoutput.txt

  • Once the scan finished open the text file, dnsmapoutput.txt in /home/iicybersecurity/Desktop/ path and you can see the same results as shown below:

  • As you know dnsmap used default list, but you can use your own or another wordlist.
  • Downloads wordlist from the given link and use it with -w option, as mentioned below:


  • Dnsmap command with wordlist:

          dnsmap -w yourwordlist.txt -r /tmp/domainbf_results.txt

  • As per the ethical hacking researcher from International Institute of Cyber Security, this tools is commonly used with the word list of different languages to scan the hidden websites belonging to the respective country.