ProjectDiscovery Tools Use Hardcoded Nameservers

blacklanternsecurity / bbot

A recursive internet scanner for hackers.

https://www.blacklanternsecurity.com/bbot/

GNU General Public License v3.0

4.63k stars 419 forks source link

ProjectDiscovery Tools Use Hardcoded Nameservers #36

Closed TheTechromancer closed 1 year ago

TheTechromancer commented 2 years ago

Certain ProjectDiscovery tools like httpx use hardcoded DNS servers including 8.8.8.8. This behavior is not ideal. System nameservers should be used instead so that BBOT can be leveraged for internal scans, etc.

However there is currently a bug in httpx that prevents DNS from working on certain nameservers. We have opened an issue for this.

Once this bug is fixed, we need to ensure that we are passing through the system's nameservers via -r to nuclei, naabu, and httpx, etc.

TheTechromancer commented 1 year ago

Tested this 2023-09-20, and even on the latest versions, httpx still refuses to use the system resolvers. However, the bug causing certain DNS queries to fail appears to be fixed.

I will re-add -r for custom resolvers, and any future discussions around httpx should be held in https://github.com/blacklanternsecurity/bbot/discussions/716.

TheTechromancer commented 1 year ago

Fixed in https://github.com/blacklanternsecurity/bbot/pull/749.