search

blacklanternsecurity / bbot

A recursive internet scanner for hackers.
https://www.blacklanternsecurity.com/bbot/
GNU General Public License v3.0
4.02k stars 370 forks source link

Better discovery path tracking for dnsbrute_mutations #1429

Open TheTechromancer opened 1 month ago

TheTechromancer commented 1 month ago 
{
  "type": "DNS_NAME",
  "data": "secureaccess-dev.corp.ebay.com",
  "discovery_path": [
    "Scan heightened_sean seeded with DNS_NAME: ebay.com",
    "rapiddns searched rapiddns API for \"ebay.com\" and found DNS_NAME: mxphxpool2044.ebay.com",
    "A record for mxphxpool2044.ebay.com contains IP_ADDRESS: 66.211.185.207",
    "ipneighbor produced IP_ADDRESS: 66.211.185.204",
    "PTR record for 66.211.185.204 contains DNS_NAME: mxphxpool2041.ebay.com",
    "dnsbrute_mutations found a mutated subdomain of \"listings.in.paradise.qa.ebay.com\" on its 1st run: DNS_NAME: crafts.listings.in.paradise.qa.ebay.com",
    "dnsbrute_mutations found a mutated subdomain of \"corp.ebay.com\" on its 4th run: DNS_NAME: secureaccess-dev.corp.ebay.com",
    "speculated OPEN_TCP_PORT: secureaccess-dev.corp.ebay.com:443",
    "httpx visited secureaccess-dev.corp.ebay.com:443 and got status code 302 at https://secureaccess-dev.corp.ebay.com/",
    "HTTP_RESPONSE was 0B with unspecified content type",
    "excavate's hostname extractor found DNS_NAME: secureaccess-dev.corp.ebay.com from HTTP response headers using regex derived from target domain"
  ]
}
TheTechromancer commented 1 week ago

Probably would be dependent on a feature like this: https://github.com/blacklanternsecurity/radixtarget/issues/1