Closed Ali-Razmjoo closed 3 years ago
sir, i am trying to add new resources but during testing i realized that subdomain scan module is not working properly .please test it or guide me if i am doing something wrong.
" python nettacker.py -i facebook.com -m subdomain_scan python nettacker.py -i google.com -m subdomain_scan"
this is the commands i am using.
Hello,
it's working fine for me! whats the error?
python nettacker.py -i z3r0d4y.com -m subdomain_scan -o z.json
______ __ _____ _____
/ __ \ \ / /\ / ____| __ \
| | | \ \ /\ / / \ | (___ | |__) |
| | | |\ \/ \/ / /\ \ \___ \| ___/
| |__| | \ /\ / ____ \ ____) | | Version 0.0.1
\____/ \/ \/_/ \_\_____/|_| SAME
_ _ _ _ _
| \ | | | | | | | |
github.com/viraintel | \| | ___| |_| |_ __ _ ___| | _____ _ __
owasp.org | . ` |/ _ \ __| __/ _` |/ __| |/ / _ \ '__|
viraintel.com | |\ | __/ |_| || (_| | (__| < __/ |
|_| \_|\___|\__|\__\__,_|\___|_|\_\___|_|
[!] to use graph feature your output filename must end with ".html" or ".htm"!
[+] Nettacker engine started ...
[!] you are not using the last version of OWASP Nettacker, please update.
[+] 13 modules loaded ...
[+] target z3r0d4y.com submitted!
[+] start attacking z3r0d4y.com, 1 of 1
[+] 10 subdomain(s) found!
[+] removing temp files!
[+] sorting results!
[+] updating the database...
[+] inserting report to the database
[+] removing old logs from db
[+] done!
results:
[{"USERNAME": "", "SCAN_ID": "36cdda1ad6d4ce54320ff96c38cecb15", "DESCRIPTION": "api.z3r0d4y.com", "TIME": "2018-02-07 00:33:29", "PASSWORD": "", "TYPE": "subdomain_scan", "HOST": "z3r0d4y.com", "PORT": ""}, {"USERNAME": "", "SCAN_ID": "36cdda1ad6d4ce54320ff96c38cecb15", "DESCRIPTION": "ns2.z3r0d4y.com", "TIME": "2018-02-07 00:33:29", "PASSWORD": "", "TYPE": "subdomain_scan", "HOST": "z3r0d4y.com", "PORT": ""}, {"USERNAME": "", "SCAN_ID": "36cdda1ad6d4ce54320ff96c38cecb15", "DESCRIPTION": "ns1.z3r0d4y.com", "TIME": "2018-02-07 00:33:29", "PASSWORD": "", "TYPE": "subdomain_scan", "HOST": "z3r0d4y.com", "PORT": ""}, {"USERNAME": "", "SCAN_ID": "36cdda1ad6d4ce54320ff96c38cecb15", "DESCRIPTION": "firebase.z3r0d4y.com", "TIME": "2018-02-07 00:33:29", "PASSWORD": "", "TYPE": "subdomain_scan", "HOST": "z3r0d4y.com", "PORT": ""}, {"USERNAME": "", "SCAN_ID": "36cdda1ad6d4ce54320ff96c38cecb15", "DESCRIPTION": "zsc.z3r0d4y.com", "TIME": "2018-02-07 00:33:29", "PASSWORD": "", "TYPE": "subdomain_scan", "HOST": "z3r0d4y.com", "PORT": ""}, {"USERNAME": "", "SCAN_ID": "36cdda1ad6d4ce54320ff96c38cecb15", "DESCRIPTION": "dc-d5acf548fdda.z3r0d4y.com", "TIME": "2018-02-07 00:33:29", "PASSWORD": "", "TYPE": "subdomain_scan", "HOST": "z3r0d4y.com", "PORT": ""}, {"USERNAME": "", "SCAN_ID": "36cdda1ad6d4ce54320ff96c38cecb15", "DESCRIPTION": "tg1.z3r0d4y.com", "TIME": "2018-02-07 00:33:29", "PASSWORD": "", "TYPE": "subdomain_scan", "HOST": "z3r0d4y.com", "PORT": ""}, {"USERNAME": "", "SCAN_ID": "36cdda1ad6d4ce54320ff96c38cecb15", "DESCRIPTION": "firebase2.z3r0d4y.com", "TIME": "2018-02-07 00:33:29", "PASSWORD": "", "TYPE": "subdomain_scan", "HOST": "z3r0d4y.com", "PORT": ""}, {"USERNAME": "", "SCAN_ID": "36cdda1ad6d4ce54320ff96c38cecb15", "DESCRIPTION": "www.z3r0d4y.com", "TIME": "2018-02-07 00:33:29", "PASSWORD": "", "TYPE": "subdomain_scan", "HOST": "z3r0d4y.com", "PORT": ""}, {"USERNAME": "", "SCAN_ID": "36cdda1ad6d4ce54320ff96c38cecb15", "DESCRIPTION": "nettacker.z3r0d4y.com", "TIME": "2018-02-07 00:33:29", "PASSWORD": "", "TYPE": "subdomain_scan", "HOST": "z3r0d4y.com", "PORT": ""}]
>python nettacker.py -i google.com -m subdomain_scan -o f.json
______ __ _____ _____
/ __ \ \ / /\ / ____| __ \
| | | \ \ /\ / / \ | (___ | |__) |
| | | |\ \/ \/ / /\ \ \___ \| ___/
| |__| | \ /\ / ____ \ ____) | | Version 0.0.1
\____/ \/ \/_/ \_\_____/|_| SAME
_ _ _ _ _
| \ | | | | | | | |
github.com/viraintel | \| | ___| |_| |_ __ _ ___| | _____ _ __
owasp.org | . ` |/ _ \ __| __/ _` |/ __| |/ / _ \ '__|
viraintel.com | |\ | __/ |_| || (_| | (__| < __/ |
|_| \_|\___|\__|\__\__,_|\___|_|\_\___|_|
[!] to use graph feature your output filename must end with ".html" or ".htm"!
[+] Nettacker engine started ...
[!] you are not using the last version of OWASP Nettacker, please update.
[+] 13 modules loaded ...
[+] target google.com submitted!
[+] start attacking google.com, 1 of 1
[+] waiting for google.com->subdomain_scan
[+] waiting for google.com->subdomain_scan
[+] 2855 subdomain(s) found!
[+] waiting for google.com->subdomain_scan
[+] removing temp files!
[+] sorting results!
[+] updating the database...
[+] inserting report to the database
[+] removing old logs from db
[+] done!
results:
[{"USERNAME": "", "SCAN_ID": "2b30238f87752cb4863c5bf603e0ed29", "DESCRIPTION": "ascp-dev4-app.corp.google.com", "TIME": "2018-02-07 00:35:03", "PASSWORD": "", "TYPE": "subdomain_scan", "HOST": "google.com", "PORT": ""}, {"USERNAME": "", "SCAN_ID": "2b30238f87752cb4863c5bf603e0ed29", "DESCRIPTION": "cbf-dc-3.ad.corp.google.com", "TIME": "2018-02-07 00:35:03", "PASSWORD": "", "TYPE": "subdomain_scan", "HOST": "google.com", "PORT": ""}, {"USERNAME": "", "SCAN_ID": "2b30238f87752cb4863c5bf603e0ed29", "DESCRIPTION": "vmgol0340.vm.corp.google.com", "TIME": "2018-02-07 00:35:03", "PASSWORD": "", "TYPE": "subdomain_scan", "HOST": "google.com", "PORT": ""}, {"USERNAME": "", "SCAN_ID": "2b30238f87752cb4863c5bf603e0ed29", "DESCRIPTION": "png2-dev3-app.corp.google.com", "TIME": "2018-02-07 00:35:03", "PASSWORD": "", "TYPE": "subdomain_scan", "HOST": "google.com", "PORT": ""} ... {to long}]
python nettacker.py -i facebook.com -m subdomain_scan -o f2.json
______ __ _____ _____
/ __ \ \ / /\ / ____| __ \
| | | \ \ /\ / / \ | (___ | |__) |
| | | |\ \/ \/ / /\ \ \___ \| ___/
| |__| | \ /\ / ____ \ ____) | | Version 0.0.1
\____/ \/ \/_/ \_\_____/|_| SAME
_ _ _ _ _
| \ | | | | | | | |
github.com/viraintel | \| | ___| |_| |_ __ _ ___| | _____ _ __
owasp.org | . ` |/ _ \ __| __/ _` |/ __| |/ / _ \ '__|
viraintel.com | |\ | __/ |_| || (_| | (__| < __/ |
|_| \_|\___|\__|\__\__,_|\___|_|\_\___|_|
[!] to use graph feature your output filename must end with ".html" or ".htm"!
[+] Nettacker engine started ...
[!] you are not using the last version of OWASP Nettacker, please update.
[+] 13 modules loaded ...
[+] target facebook.com submitted!
[+] start attacking facebook.com, 1 of 1
[+] 966 subdomain(s) found!
[+] removing temp files!
[+] sorting results!
[+] updating the database...
[+] inserting report to the database
[+] removing old logs from db
[+] done!
results:
[{"USERNAME": "", "SCAN_ID": "03f600466680a4129707e89c4f3afd56", "DESCRIPTION": "edge-z-p1-shv-01-vie1.facebook.com", "TIME": "2018-02-07 00:36:37", "PASSWORD": "", "TYPE": "subdomain_scan", "HOST": "facebook.com", "PORT": ""}, {"USERNAME": "", "SCAN_ID": "03f600466680a4129707e89c4f3afd56", "DESCRIPTION": "edgelivestream-api-upload-shv-01-vie1.facebook.com", "TIME": "2018-02-07 00:36:37", "PASSWORD": "", "TYPE": "subdomain_scan", "HOST": "facebook.com", "PORT": ""} ... {to long}]
just keep in mind, by default results will save in ~/.owasp-nettacker/results/result_date_time_randomchar.html
and if you want to print results on your screen you need to use --verbose 5
switch.
python nettacker.py -i z3r0d4y.com -m subdomain_scan -o z.json --verbose 5
______ __ _____ _____
/ __ \ \ / /\ / ____| __ \
| | | \ \ /\ / / \ | (___ | |__) |
| | | |\ \/ \/ / /\ \ \___ \| ___/
| |__| | \ /\ / ____ \ ____) | | Version 0.0.1
\____/ \/ \/_/ \_\_____/|_| SAME
_ _ _ _ _
| \ | | | | | | | |
github.com/viraintel | \| | ___| |_| |_ __ _ ___| | _____ _ __
owasp.org | . ` |/ _ \ __| __/ _` |/ __| |/ / _ \ '__|
viraintel.com | |\ | __/ |_| || (_| | (__| < __/ |
|_| \_|\___|\__|\__\__,_|\___|_|\_\___|_|
[!] to use graph feature your output filename must end with ".html" or ".htm"!
[+] Nettacker engine started ...
[!] you are not using the last version of OWASP Nettacker, please update.
[+] 13 modules loaded ...
[+] target z3r0d4y.com submitted!
[+] start attacking z3r0d4y.com, 1 of 1
[+] trying 1 of 8 in process 1 of 1 on z3r0d4y.com ((subdomain_scan - netcraft))
[+] trying 2 of 8 in process 1 of 1 on z3r0d4y.com (subdomain_scan - ptrarchive)
[+] trying 3 of 8 in process 1 of 1 on z3r0d4y.com (subdomain_scan - threatcrowd)
[+] trying 4 of 8 in process 1 of 1 on z3r0d4y.com (subdomain_scan - virustotal)
[+] trying 5 of 8 in process 1 of 1 on z3r0d4y.com (subdomain_scan - comodo crt)
[+] trying 6 of 8 in process 1 of 1 on z3r0d4y.com (subdomain_scan - dnsdumpster)
[+] trying 7 of 8 in process 1 of 1 on z3r0d4y.com ((subdomain_scan - google dig))
[+] trying 8 of 8 in process 1 of 1 on z3r0d4y.com ((subdomain_scan - cert spotter))
[+] 10 subdomain(s) found!
[+] subdomain found: api.z3r0d4y.com
[+] subdomain found: ns2.z3r0d4y.com
[+] subdomain found: ns1.z3r0d4y.com
[+] subdomain found: firebase.z3r0d4y.com
[+] subdomain found: zsc.z3r0d4y.com
[+] subdomain found: dc-d5acf548fdda.z3r0d4y.com
[+] subdomain found: tg1.z3r0d4y.com
[+] subdomain found: firebase2.z3r0d4y.com
[+] subdomain found: www.z3r0d4y.com
[+] subdomain found: nettacker.z3r0d4y.com
[+] removing temp files!
[+] sorting results!
[+] updating the database...
[+] inserting report to the database
[+] removing old logs from db
[+] done!
Regards.
Hello, I would like to work on this issue if no one is currently working on it.
Hello @shaddygarg,
Thank you for beginning a volunteer, let @ravindra1307 update us if he is working on this?
Best Regards.
working on this will update you in a day or two.
Hi, May I know if anyone is working on this? I would like to work if no one is working.
Hello @ravindra1307,
Would you please update us regarding this feature? let me know if you need any help.
Best Regards.
Can I add another module for subdomain scanning using abusing certificate transparency logs (only available for https website). More info. http://www.certificate-transparency.org
hey @pradeepjairamani,
please if you want to add this, add it as a function in the same module, I used the module in core framework for -s
/--sub-domain
switch.
Regards.
Or I can add a new scan method ctfr_subdomain_scan
Hello,
in that case, we need to add another mode to the core, but if you'd add it to the existing module, that would be better. this module already has a few resources, it could be a good improvement.
def extra_requirements_dict():
return {
"subdomain_scan_use_netcraft": ["True"],
"subdomain_scan_use_dnsdumpster": ["True"],
"subdomain_scan_use_virustotal": ["True"],
"subdomain_scan_use_threatcrowd": ["True"],
"subdomain_scan_use_comodo_crt": ["True"],
"subdomain_scan_use_ptrarchive": ["True"],
"subdomain_scan_use_google_dig": ["True"],
"subdomain_scan_use_cert_spotter": ["True"],
"subdomain_scan_time_limit_seconds": ["-1"]
# Must add later!
# https://censys.io/certificates?q=domain
# https://transparencyreport.google.com/https/certificates
}
Regards.
Crt.sh method is already implemented in comodo crt. Anything else I can help with?
Best Regards Pradeep Jairamani
Hey,
is crt.sh is the same? so you can go with https://transparencyreport.google.com/https/certificates
regards.
Hey @Ali-Razmjoo,
Can I take up this issue? It has been too long since an update on this issue.
Regards.
I am not currently working on this issue, so you can take it from my side.
Best Regards
Are we good to close this issue @Ali-Razmjoo ? I guess PR #377 #324 Fixed this one
i didn't add https://transparencyreport.google.com/https/certificates but we can add later.
Yes I will work and add it ASAP.
@aman566 thanks :)
Hello,
there is an uncompleted task in
subdomain_scan
module which needs to be done. I glad if anyone could help to add this two resources in this module.Regards.