Information Gathering & Content Discovery running on non existent subdomain

SolomonSklash / chomp-scan

A scripted pipeline of tools to streamline the bug bounty/penetration test reconnaissance phase, so you can focus on chomping bugs.

https://www.solomonsklash.io/chomp-scan-update.html

GNU General Public License v3.0

394 stars 76 forks source link

Information Gathering & Content Discovery running on non existent subdomain #11

Closed gopinath6 closed 5 years ago

gopinath6 commented 5 years ago

Information Gathering & Content Discovery running on non existent subdomain . After subdomain enumeration create a single file with valid subdomain . Use that list and perform next steps. I think currently there is no single file having reachable subdomains.

SolomonSklash commented 5 years ago

You'e right. I think the massdns results are being added to the all discovered domains list instead of a separate resolvable domains list. I'll take a look.

SolomonSklash commented 5 years ago

I've fixed this issue. There is now a all_resolved_domains.txt file with all domains that massdns was able to resolve. This is now used for content discovery and information gathering. You'll still occasionally have some false positives, like domains that resolve but only have SSH open. Let me know how it works for you, and thanks for the feedback.

gopinath6 commented 5 years ago

Thanks. Will test and share the feedback