Open jeteon opened 7 years ago
Okay...so "ALL" isn't a valid DNS query type. That was silly of me. However, I'm running into a similar issue with --query-type = A
as well, only with this traceback:
Traceback (most recent call last):
File "./subbrute.py", line 251, in find_wildcards
wildtest = self.resolver.query(testdomain, self.query_type, server)
File "./subbrute.py", line 92, in query
raise IOError("DNS Error - " + self.rcode + " - for:" + hostname)
IOError: DNS Error - NOERROR - for:9e28ec5e881344.kraken.com
This seems to stem from the assumption that if the answer body is empty and the reason is not an error, the only valid reason is NXDOMAIN
but CloudFlare seems to respond with NOERROR
for this case. I'm not sure whether everyone does this but this would suggest line 91 should be:
elif not len(ret) and self.rcode not in ("NXDOMAIN", "NOERROR"):
instead of:
elif not len(ret) and self.rcode != "NXDOMAIN":
Again, I'm not sure how generally suitable this would be though since I've only observed the behaviour with Cloudlflare in some instances.
Whilst trying the tool on some domains that use Cloudflare for their authoritative nameserver (along with another factor which seems to vary by domain) I found that using type
ANY
for the queries would returnHINFO(13)
with nothing in the answer regardless of whether the subdomain exists or not. Thanks to @decidedlygray, I discovered that this is a change Cloudflare introduced explained here: https://blog.cloudflare.com/what-happened-next-the-deprecation-of-any/.I found that the query type
ALL
seems to be a suitable alternative toANY
when playing around withdig
. However, when I set the--type=ALL
option, then all resolvers fail the wildcard test. The issue seems to be that an exception is raised bydnslib
here: https://github.com/TheRook/subbrute/blob/c5b96610129bedcb4c322b8864f67985b3e808f8/subbrute.py#L227.The exception that is raised is (ignore line numbers since my file has many debug output lines added):
I have no idea what this actually means as yet but suspect its a shortcoming of the version of
dnslib
included in the repo. I'm looking further into this so I'll update and maybe PR if I come across a solution.