BLUTO: DNS detection + domain name guessing + email Enumeration

BLUTO: DNS detection + domain name guessing + email Enumeration

 

 

BLUTO is an information detection and cracking tool that provides DNS detection, brute force cracking, DNS domain transfer, and email enumeration.

DNS information and domain transfer Vulnerability Detection

BLUTO uses the target domain name to detect MX and NS records, and obtains sub-domain names through NetCraft. First, let's talk about the NS record of the target domain name. It can be used to detect whether the target has a domain transfer vulnerability.

Domain Name cracking and Query Integration

If no results are found, BLUTO will continue to use parallel sub-processes to obtain the first 1 million sub-domain name prefixes in Alex Top 20 thousand to crack the target sub-domain name. In addition, the query results of NetCraft are carried out independently. The brute-force cracking results are compared with the query results of NetCraft. duplicate content items are integrated and deleted to highlight the results that may be useful.

Email Address Enumeration

Bluto can also enumerate email addresses based on the target domain name. Currently, it uses the Bing and Google engines. It is configured with a random User Agent. As countries change, it will select the fastest Google server matching the egress address. The connection will be closed after each request to avoid the appearance of the Verification Code due to multiple connections. Of course, Bluto will give a warning for the verification code.

Install and upgrade Bluto and pip

Bluto requires many other dependencies. To make things as simple as possible, you can use pip for installation (yes, you have to install pip first ).

Test whether your pip has been installed:

pip – v

Mac and Kali users can simply use the following command to download and install pip.

curl https://bootstrap.pypa.io/get-pip. py -o - | python

Once pip is installed, we can start to install Bluto.

sudo pip install git+git://github.com/RandomStorm/Bluto

OK. Now you should be able to run Bluto on any terminal in the directory.

Of course, the upgrade is also simple:

sudo pip install git+git://github.com/RandomStorm/Bluto –upgrade

For specific commands and usage, please try it on your own and enjoy it.

Conclusion

At first, I tried to download the script directly from git and run setup. py. As a result, the path is not identified, and the relative path is completely written, which is a little troublesome to change. So we are still correct according to the instructions.