Open gripedthumbtacks opened 8 years ago
pdelteil
commented
6 years ago I agree. In my results I get a lot of results like these:
_tcp.domain.tld _tls.domain.tld _domainkey.domain.tld _sip._tls.domain.tld _sipfederationtls._tcp.domain.tld
Those subdomains do not ping.
gripedthumbtacks
commented
6 years ago @pdelteil this are likely just SRV records and they don't need to resolve, but they may resolve.
In the case of wildcard DNS record responses, it means there is no reason to brute Force because all the child records wile likely return the same IP or from a pool of similar IPs. Thats why you test a really long random subdomain first to see if the result is valid because it would be almost impossible for the domain to have that subdomain legitimately.
pdelteil
commented
6 years ago I see, thanks for your answer.
wildcard domains not handled well -- should be removed from output list with some option
Example: """ $ dig +short bsB03SHuaeLPpYejea1uHExZSvEPbc.blogspot.com blogspot.l.googleusercontent.com. 172.217.5.65 """
There should exist some option to text long random subdomain and exclude additional results if a hit is found on a highly probable wildcard configuration. Fierce DNS brute script does this by default and would recommend this as default option in subbrute too.