View Issue Details

IDProjectCategoryView StatusLast Update
0002980Kali Linux[All Projects] New Tool Requestspublic2017-06-12 09:49
Reporterlaned Assigned Tog0tmi1k  
Status closedResolutionfixed 
Product Version 
Target VersionFixed in Version 
Summary0002980: Potentially Add 'Bluto' into Kali
DescriptionBluto is used for 'DNS recon | DNS Brute forcer | DNS Zone Transfer | Email Enumeration | Staff Enumeration'.

The target domain is queried for MX and NS records. Sub-domains are passively gathered via NetCraft. The target domain NS records are each queried for potential Zone Transfers. If none of them gives up their spinach, Bluto will brute force sub-domains using parallel sub processing on the top 20000 of the 'The Alexa Top 1 Million subdomains'.

NetCraft results are presented individually and are then compared to the brute force results, any duplications are removed and particularly interesting results are highlighted.

Email addresses are gathered from Google, Bing and LinkedIn, its location aware in the sence that it does a lookup on the users Geo Location and chooses the relevant Google server to search from. It has builtin redundencies just incase the Geolookup service is not available giving the user the ability to select the origin company. A ‘random’ user agent is used to try avoid google captcha issues as well as each connection being closed on completion, however if captchas are identified Bluto will alert and use alternate methods to search google.

Potentially staff are gathered from LinkedIn, all output is presented in a clean output that includes an 'evidence' report making reporting simpler and more effective giving the potential to cleanup un expected email address etc in the public domain.

The tool has been in the wild for a while now and seems to be pretty stable, I have not had many bugs reported and myself and various other testers have found it very useful. Some have even moved away from using the handful of tools previous used (fierce, dnsenum, theharvester etc) and solely using bluto.

The tool can be found here below along with relevant instructions.


has duplicate 0003442 acknowledged Bluto - DNS Recon | SubDomain Brute Forcer | DNS Zone Transfer | DNS Wild Card Checks | DNS Wild Card Brute Forcer 



2017-06-12 09:48

reporter   ~0006814

Happy for this to be closed, I cant seem to close it myself.

Issue History

Date Modified Username Field Change
2016-01-08 14:56 laned New Issue
2016-07-22 16:08 g0tmi1k Relationship added has duplicate 0003442
2017-06-12 09:48 laned Note Added: 0006814
2017-06-12 09:49 g0tmi1k Assigned To => g0tmi1k
2017-06-12 09:49 g0tmi1k Status new => closed
2017-06-12 09:49 g0tmi1k Resolution open => fixed