View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0002980||Kali Linux||[All Projects] New Tool Requests||public||2016-01-08 14:56||2017-06-12 09:49|
|Target Version||Fixed in Version|
|Summary||0002980: Potentially Add 'Bluto' into Kali|
|Description||Bluto is used for 'DNS recon | DNS Brute forcer | DNS Zone Transfer | Email Enumeration | Staff Enumeration'. |
The target domain is queried for MX and NS records. Sub-domains are passively gathered via NetCraft. The target domain NS records are each queried for potential Zone Transfers. If none of them gives up their spinach, Bluto will brute force sub-domains using parallel sub processing on the top 20000 of the 'The Alexa Top 1 Million subdomains'.
NetCraft results are presented individually and are then compared to the brute force results, any duplications are removed and particularly interesting results are highlighted.
Email addresses are gathered from Google, Bing and LinkedIn, its location aware in the sence that it does a lookup on the users Geo Location and chooses the relevant Google server to search from. It has builtin redundencies just incase the Geolookup service is not available giving the user the ability to select the origin company. A ‘random’ user agent is used to try avoid google captcha issues as well as each connection being closed on completion, however if captchas are identified Bluto will alert and use alternate methods to search google.
Potentially staff are gathered from LinkedIn, all output is presented in a clean output that includes an 'evidence' report making reporting simpler and more effective giving the potential to cleanup un expected email address etc in the public domain.
The tool has been in the wild for a while now and seems to be pretty stable, I have not had many bugs reported and myself and various other testers have found it very useful. Some have even moved away from using the handful of tools previous used (fierce, dnsenum, theharvester etc) and solely using bluto.
The tool can be found here below along with relevant instructions.
|2016-01-08 14:56||laned||New Issue|
|2016-07-22 16:08||g0tmi1k||Relationship added||has duplicate 0003442|
|2017-06-12 09:48||laned||Note Added: 0006814|
|2017-06-12 09:49||g0tmi1k||Assigned To||=> g0tmi1k|
|2017-06-12 09:49||g0tmi1k||Status||new => closed|
|2017-06-12 09:49||g0tmi1k||Resolution||open => fixed|