search

OWASP / Nettacker

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
https://owasp.org/www-project-nettacker/
Apache License 2.0
3.11k stars 722 forks source link

Implement a subdomain scanner #17

Closed Ali-Razmjoo closed 6 years ago

Ali-Razmjoo commented 6 years ago

Hello everyone,

The framework subdomain scanner (-s, --sub-domains switch) is using sublist3r. we will need to add a subdomain_scan in our module in future BTW it would be great if we could remove this tool from lib/sublist3r and replace it with our own subdomain scanner. or if anyone has a better idea?

if you look into core/targets.py, you will see these codes.

                    tmp_exec = os.popen(
                        'python lib/sublist3r/sublist3r.py -d {0} -o {1} '.format(target, subs_temp)).read()
                    tmp_exec = list(set(open(subs_temp, 'r').read().replace(' ', '').rsplit()))

the problem is, sometimes this tool is too slow!

let me know if you have any question.

Regards.

Ali-Razmjoo commented 6 years ago

Hello,

I added the subdomain_scan module, and apply this module to the core, users are able to use with -s/--sub-domain switch or -m subdomain_scan depend on their purpose!

Regards.