GitHub - balle/chaosmap: Chaosmap is an information gathering tool and dns / whois / web server scanner.

balle / chaosmap Public

Notifications You must be signed in to change notification settings
Fork 4
Star 16

Chaosmap is an information gathering tool and dns / whois / web server scanner.

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 15 Commits
dictionaries		dictionaries
lib		lib
.project		.project
.pydevproject		.pydevproject
CHANGES		CHANGES
LICENSE		LICENSE
README		README
TODO		TODO
chaosmap.py		chaosmap.py

Repository files navigation

Chaosmap

Coded by Balle
http://www.datenterrorist.de

////[ Disclaimer

Use this tool at your own risk and only on your own webservers and domains
otherwise you may be breaking the law and the author doesnt feel responsable
for your actions. ;)


////[ Whats this all about?

Chaosmap is an information gathering tool and dns / whois / web server scanner.
It can be used to lookup DNS names with a dictionary with or without using a salt.
Salting for DNS means it will append numbers from 1-9 to the name in the dictionary
with or without a - and _ or a leading 0. Salting for Web stuff will try double
slashes and some directory traversal tricks.
You can do reverse dns lookups of a whole ip range (with optional whois lookup) or
make a dictionary scan for hidden paths on one webserver or a range of ip addresses.
Optionally you can encode the path with url encoding and with google dict lookup mode
chaosmap will first try to find the path on Google and only query the webserver if
google has no search result. Last but not least it can be used to extract email addresses
from domains using a Google search or perform a list of Google Hacking queries on
your domain.
Feel free to send patches, bug reports, dictionary additions or beer to balle@chaostal.de


////[ Installation

You need Python 2.6 or higher (but not Python 3!).


///[ Example usage:

# dictionary based dns lookups with salt (appends 1 and -1 and so on)
./chaosmap.py -f dict -d your_domain -n -s

# scan your webserver for hidden paths with url encoding via a http proxy
./chaosmap.py -f dictionaries/hidden_paths.txt -d your_domain -w -u -P 192.168.1.1:8080

# scan your webserver for hidden files with special salting for backup files
./chaosmap.py -f dictionaries/hidden_files.txt -d your_domain -w -B

# reverse dns and whois lookup of ip range
./chaosmap.py -i 192.168.1.1-192.168.254.254 -W -n

# dictionary scan of web server on port 8080 with salting
./chaosmap.py -f dict_file -d your_domain -w -p 8080 -s

# dictionary scan of web server only with google search
./chaosmap.py -f dict_file -d your_domain -g

# dictionary scan of web server first with google and if google doesnt
# return a result with direct webserver scanning afterwards
./chaosmap.py -f dict_file -d your_domain -g -w

# scan a list of ip addresses for web servers with hidden paths with a delay of 3 seconds
./chaosmap.py -i 192.168.1.1-192.168.254.254 -f dict_file -w -D 3

# google email search for domain
./chaosmap.py -d your_domain -e

# Just query google with some google hacking queries for list of domains
./chaosmap.py -f dictionaries/google_queries.txt -g -Q -d domain1,domain2

# Scan webserver of domain with a list of dictionaries
./chaosmap.py -f dict1,dict2,dict3 -d your_domain -w


////[ Licenses and Copyrights

Chaosmap is licensed under GPLv3
httplib2 Copyright (c) 2006 by Joe Gregorio
socks Python library copyright by Dan Haim (see lib/socks-LICENSE.txt)
cymruwhois by Justin Azoff licensed under MIT
google Python lib Copyright (c) 2009-2010, Mario Vilas
BeautifulSoup Copyright (c) 2004-2010, Leonard Richardson