It is almost similar to the previous DNS wordlist bruteforcing but instead of simply performing a dictionary attack we generate combinations/permutations of the already known subdomains.
One more thing to be noted here is, we also need a small wordlist with us in this method, which would contain common words like mail , internal, dev, demo, accounts, ftp, admin(similar to DNS bruteforcing but smaller)
For instance, let's consider a subdomain dev.example.com . Now we will generate different variations/permutations of this domain.
Isn't it good that we can generate such great combinations? This is the power of permutation bruteforcing. Now that we have generated these combinations, we further need to DNS resolve them and check if we get any valid subdomains. If so it would be a WIN ! WIN ! 🏁 situation for us.
Gotator is DNS wordlist generator tool. It is used to generate various combinations or permutations of a root domain with the user-supplied wordlist. Capable of generating 1M combinations in almost 2 secs.
Permute numbers up and down (dev2 --> dev0, dev1, dev2, dev3,dev4)