Skip to main content

Blacksheepwall: Hostname discovery with node

February 13, 2013

Introducing Blacksheepwall

Hostname discovery is a critical step in the execution of a complete penetration test. You can’t attack what you can’t see. Many times you can’t view a web application by IP address due to, for example, name-based virtual hosting. This is commonly used to host several web applications using a single IP.  In order to access a virtually-hosted website, you must use its hostname so the server knows which web application to serve. Otherwise, you may just see a default page, receive an HTTP error, or some other innocuous message. Inexperienced attackers may misinterpret these responses and think that there is simply no content and move on; when in reality, the web server may be hosting many applications which, unfortunately, will go untested.

If you have ever played StarCraft you may know that the cheat “black sheep wall” removed the fog of war, revealing the entire map. That’s what we intended to do for host discovery, reveal all of the hosts and vhosts present on a target domain or IP address. Host and domain reconnaissance is not a new idea and there are many similar tools already written to handle this task, including fierce and dnsrecon. Both do an excellent job.

However, FishNet Security wanted something faster that provides additional functionality and we built blacksheepwall using Node to offer just that. This allows us to create a ton of requests asynchronously, making it possible to look up 2000+ names in just over 5 seconds. It creates so many requests that if you don’t set your name server for something like, well, you’re going to have a bad time.

We’ve built out all of the standard options that you would expect including dictionary based host discovery, but also added some new methods for discovery including Bing and certificate parsing. There are a handful of other options, all hopefully well documented in the usage.

Blacksheep Wall

Give the tool a shot and let us know what you think. If you find a bug or a have a feature request, tell us! Also, remember, this is a work in progress and in constant development. So check back for updates frequently.

The tool is available on NPM and can be installed globally with the following command `npm install –g blacksheepwall`.

Download: blacksheepwall

Related Blogs

February 13, 2013

Blacksheepwall: Hostname discovery with node

Hostname discovery is a critical step in the execution of a complete penetration test. You can’t attack what you can’t see. Many times you can’t view ...

See Details

February 05, 2013

Lorex IP Camera Authentication Bypass (CVE-2012-6451)

Continuing my security testing of popular consumer electronics, I found a rather trivial authentication bypass vulnerability in the new Lorex LNC116 V...

See Details

December 12, 2012

Password Disclosure in D-Link Surveillance Cameras (CVE-2012-4046)

Many people are using the popular D-Link network cameras available at Best Buy, Office Depot, Staples and, expecting a private video feed t...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Related Insights

October 06, 2017

Managed Security Services - Service Guide

Learn about our flexible and scalable services to improve your security capabilities.

See Details

July 21, 2015

Application Security Solutions

Learn how Optiv can help with web, email and application protection.

See Details

July 21, 2015

Network Security Solutions

Learn how we help protect your environment while maintaining connectivity.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.