Chaosmap Coded by Balle http://www.datenterrorist.de ////[ Disclaimer Use this tool at your own risk and only on your own webservers and domains otherwise you may be breaking the law and the author doesnt feel responsable for your actions. ;) ////[ Whats this all about? Chaosmap is an information gathering tool and dns / whois / web server scanner. It can be used to lookup DNS names with a dictionary with or without using a salt. Salting for DNS means it will append numbers from 1-9 to the name in the dictionary with or without a - and _ or a leading 0. Salting for Web stuff will try double slashes and some directory traversal tricks. You can do reverse dns lookups of a whole ip range (with optional whois lookup) or make a dictionary scan for hidden paths on one webserver or a range of ip addresses. Optionally you can encode the path with url encoding and with google dict lookup mode chaosmap will first try to find the path on Google and only query the webserver if google has no search result. Last but not least it can be used to extract email addresses from domains using a Google search or perform a list of Google Hacking queries on your domain. Feel free to send patches, bug reports, dictionary additions or beer to balle@chaostal.de ////[ Installation You need Python 2.6 or higher (but not Python 3!). ///[ Example usage: # dictionary based dns lookups with salt (appends 1 and -1 and so on) ./chaosmap.py -f dict -d your_domain -n -s # scan your webserver for hidden paths with url encoding via a http proxy ./chaosmap.py -f dictionaries/hidden_paths.txt -d your_domain -w -u -P 192.168.1.1:8080 # scan your webserver for hidden files with special salting for backup files ./chaosmap.py -f dictionaries/hidden_files.txt -d your_domain -w -B # reverse dns and whois lookup of ip range ./chaosmap.py -i 192.168.1.1-192.168.254.254 -W -n # dictionary scan of web server on port 8080 with salting ./chaosmap.py -f dict_file -d your_domain -w -p 8080 -s # dictionary scan of web server only with google search ./chaosmap.py -f dict_file -d your_domain -g # dictionary scan of web server first with google and if google doesnt # return a result with direct webserver scanning afterwards ./chaosmap.py -f dict_file -d your_domain -g -w # scan a list of ip addresses for web servers with hidden paths with a delay of 3 seconds ./chaosmap.py -i 192.168.1.1-192.168.254.254 -f dict_file -w -D 3 # google email search for domain ./chaosmap.py -d your_domain -e # Just query google with some google hacking queries for list of domains ./chaosmap.py -f dictionaries/google_queries.txt -g -Q -d domain1,domain2 # Scan webserver of domain with a list of dictionaries ./chaosmap.py -f dict1,dict2,dict3 -d your_domain -w ////[ Licenses and Copyrights Chaosmap is licensed under GPLv3 httplib2 Copyright (c) 2006 by Joe Gregorio socks Python library copyright by Dan Haim (see lib/socks-LICENSE.txt) cymruwhois by Justin Azoff licensed under MIT google Python lib Copyright (c) 2009-2010, Mario Vilas BeautifulSoup Copyright (c) 2004-2010, Leonard Richardson