search

atenreiro / opensquat

The openSquat is an open-source tool for detecting domain look-alikes by searching for newly registered domains that might be impersonating legit domains and brands.
https://opensquat.com
GNU General Public License v3.0
681 stars 131 forks source link

No certificate transparency error handling leads to crash #78

Open jj98594 opened 1 year ago

jj98594 commented 1 year ago

This is a very useful utility, thank you. I've noticed that when using the --ct switch, the script fails on found domains that don't have TLS configured on port 443 (or at all):

[*] HTTPSConnectionPool(host='REDACTED.com', port=443): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f9879699bd0>: Failed to establish a new connection: [Errno 110] Connection timed out')) Traceback (most recent call last): File "./opensquat.py", line 75, in args.ct File "/tools/opensquat/opensquat/app.py", line 633, in main return self.worker() File "/tools/opensquat/opensquat/app.py", line 368, in worker domains File "/tools/opensquat/opensquat/app.py", line 439, in _process_doppelgagner_only if self.response_contains_keyword(keyword): File "/tools/opensquat/opensquat/app.py", line 423, in response_contains_keyword return keyword in self.response.text AttributeError: 'Domain' object has no attribute 'response'

atenreiro commented 1 year ago

Hey! Thanks for reporting this potential bug. I will take a look at it.

TerminalFi commented 1 year ago

@atenreiro simple fix is to add the below at app.py:439

            if not reachable:
                return
atenreiro commented 1 year ago

@atenreiro simple fix is to add the below at app.py:439

            if not reachable:
                return

Awesome, done! Next time feel free to create a Pull, and I'll merge it 🙂