dnsmap

dnsmap is an open-source C utility that performs fast **brute-force subdomain enumeration**. It resolves each candidate name against a chosen DNS resolver, stores live hosts, and outputs simple CSV or text reports. Unlike full-spectrum tools such as dnsenum, dnsmap focuses purely on word-list brute-forcing and wildcard detection.

Common Options

Enumeration

Option	Description
`[WORDLIST]`	Custom wordlist file (default: `dnsmap.txt` in tool directory)
`-d [DOMAIN]`	Target domain (required)
`-s [SERVER]`	Use specific DNS resolver (default: system resolver)
`-c`	Check for wildcard DNS and filter false positives
`-w [MS]`	Delay (milliseconds) between queries (throttle speed)

Output

Option	Description
`-o [FILE]`	Save results in CSV format
`-v`	Verbose output showing every query
`-q`	Quiet mode (show only found subdomains)

Examples

Basic Subdomain Brute-Force

dnsmap -d example.com

↑ Options

Use Custom DNS Resolver

dnsmap -d example.com -s 8.8.8.8

↑ Options

Detect and Filter Wildcard DNS

dnsmap -d example.com -c

↑ Options

Throttle Queries (200 ms Delay)

dnsmap -d example.com -w 200

↑ Options

Save Results to CSV

dnsmap -d example.com -o found.csv

↑ Options

Output Fields

Subdomain that successfully resolved
Resolved IP address (first A-record)
Optional CSV output: subdomain,ip

Dnsmap

Contents

dnsmap

Common Options

Enumeration

Output

Examples

Basic Subdomain Brute-Force

Use Custom DNS Resolver

Detect and Filter Wildcard DNS

Throttle Queries (200 ms Delay)

Save Results to CSV

Output Fields

See Also

Navigation menu

Dnsmap

dnsmap

Common Options

Enumeration

Output

Examples

Basic Subdomain Brute-Force

Use Custom DNS Resolver

Detect and Filter Wildcard DNS

Throttle Queries (200 ms Delay)

Save Results to CSV

Output Fields

See Also

Navigation menu

Search