search

SolomonSklash / chomp-scan

A scripted pipeline of tools to streamline the bug bounty/penetration test reconnaissance phase, so you can focus on chomping bugs.
https://www.solomonsklash.io/chomp-scan-update.html
GNU General Public License v3.0
393 stars 76 forks source link

Run Subjack with HTTP and HTTPS #21

Closed oldesec closed 5 years ago

oldesec commented 5 years ago

Currently subjack only checks "https".

"$SUBJACK" -d "$1" -w "$2" -v -t 20 -ssl -m -o "$WORKING_DIR"/subjack-output.txt -c "$HOME"/go/src/github.com/haccer/subjack/fingerprints.json;

But sometimes, there can be problems at http.

So I think , need to add a check for "http".

maybe (delete -ssl option)

"$SUBJACK" -d "$1" -w "$2" -v -t 20 -m -o "$WORKING_DIR"/subjack-http-output.txt -c "$HOME"/go/src/github.com/haccer/subjack/fingerprints.json;
SolomonSklash commented 5 years ago

Subjack runs really quickly, so I will have it run twice, once for HTTP and once for HTTPS. Good catch.

SolomonSklash commented 5 years ago

Fixed. Let me know how it works for you.