search

TypeError / domained

Multi Tool Subdomain Enumeration
GNU General Public License v3.0
722 stars 157 forks source link

bruteall does not work #8

Closed 46o60 closed 6 years ago

46o60 commented 6 years ago

When running domained.py with the following parameters:

python domained.py -d example.com -b --bruteall

I get the following output:

                                            _ 
                                            | |
     _ __ ___  ___ ___  _ __  _ __   ___  __| |
    | '__/ _ \/ __/ _ \| '_ \| '_ \ / _ \/ _` |
    | | |  __/ (_| (_) | | | | | | |  __/ (_| |
    |_|  \___|\___\___/|_| |_|_| |_|\___|\__, |`
         ___/ /__  __ _  ___ _(_)__  ___ ___/ /
        / _  / _ \/  ' \/ _ `/ / _ \/ -_) _  / 
        \_,_/\___/_/_/_/\_,_/_/_//_/\__/\_,_/  
                    reconned.org

Running massdns 

Running Command: /root/domained/bin/subbrute/subbrute.py -s /root/domained/bin/sublst/all.txt | /root/domained/bin/massdns/bin/massdns -r resolvers.txt -t A -a -o -w output/example.com-massdns.txt -
Reading domain list from stdin.
You have started the program with root privileges.
Privileges have been dropped to "nobody" for security reasons.

Usage: 
subbrute.py [options] target_domain
subbrute.py -p target_domain

subbrute.py: error: You must provide a target. Use -h for help.

--- SNIP ---

Masscan Complete

Running Sublist3r 

--- SNIP ---

The script never performs the subbrute + massdns part and just continues with other tools. After investigating the domained.py code and the above output I concluded that the script has bug in it. The following code looks incomplete:

def massdns():
    print("\n\n\033[1;31mRunning massdns \n\033[1;37m")
    word_file = os.path.join(script_path, 'bin/sublst/all.txt' if bruteall else 'bin/sublst/sl-domains.txt')
    massdnsCMD = '{} -s {} | {} -r resolvers.txt -t A -a -o -w {}-massdns.txt -'.format(
        os.path.join(script_path, 'bin/subbrute/subbrute.py'), word_file,
        os.path.join(script_path, 'bin/massdns/bin/massdns'), output_base)
    print("\n\033[1;31mRunning Command: \033[1;37m{}".format(massdnsCMD))
    os.system(massdnsCMD)
    print("\n\033[1;31mMasscan Complete\033[1;37m")
    time.sleep(1)

Specifically, the massdnsCMD string creation does not concatenate also the target domain. The fix that I applied to my local version of domained.py is the following:

    massdnsCMD = '{} -s {} {} | {} -r resolvers.txt -t A -a -o -w {}-massdns.txt -'.format(
        os.path.join(script_path, 'bin/subbrute/subbrute.py'), word_file, domain,
        os.path.join(script_path, 'bin/massdns/bin/massdns'), output_base)

With these changes it works properly.

ghost commented 6 years ago

@coe-g Thanks for notifying us of the issue! I think it has been fixed with the latest push, can you please confirm?

46o60 commented 6 years ago

Thank you for quick update, it works now fine for me also.