search

elfarsaouiomar / monitor-new-subdomain

MNS is a security and reconnaissance tool for monitoring new subdomains
68 stars 16 forks source link

Issue in Setup + Suggestions #7

Closed bart3nder closed 2 years ago

bart3nder commented 2 years ago

Hey! Amazing work man! I have a few question/suggestion + an issue i faced when i was installing and using tool: 1- Does this tool do the job of SubLert too? I mean Should i use it both or your tool is enough? 2- Can you please add a feature which we can control the tool using our telegram bot command? or even slack. 3- It would be great if we can add another enumerated subdomain list which we gathered from different sources and methods to the bot and database, so the tool monitor them too. *** 4- Also The Most Important one, an ability to extend tool by our command would be super useful. Like the tool runs some commands we give to it (like in a text file, each command per line) beside the one you codded. e.g: Running nuclei with our custom Flags, HttpX with our custom Flags and ... after finishing the monitoring.

And the Issue part! I face this error when i run the program. what should i do? I installed and configured MongoDB v4 completely.

➜  monitor-new-subdomain git:(main) ✗ python3 check-new-subdomain.py -l

        ███╗   ███╗███╗   ██╗███████╗
        ████╗ ████║████╗  ██║██╔════╝
        ██╔████╔██║██╔██╗ ██║███████╗
        ██║╚██╔╝██║██║╚██╗██║╚════██║
        ██║ ╚═╝ ██║██║ ╚████║███████║
        ╚═╝     ╚═╝╚═╝  ╚═══╝╚══════╝
    ## Monitor New Subdomains
    ## @omarelfarsaoui
    ## version 1.1

[!] command find requires authentication, full error: {'ok': 0.0, 'errmsg': 'command find requires authentication', 'code': 13, 'codeName': 'Unauthorized'}

Doesnt matter what flag i use, I always get this error. ive created a user with both full and standard access level and none of them worked. Thanks Again!

elfarsaouiomar commented 2 years ago

Hello @bart3nder ,

Thank you for using This tool, and thank you for your suggestions.

1- Does this tool do the job of SubLert too? I mean Should I use it both or your tool is enough? Yes, I create this tool based on subLert I mean I read subLert source code then add the connection to The database. Can you please add a feature which we can control the tool using our telegram bot command? or even slack. You can receive notifications on slack or Telegram using -s, -t flags. It would be great if we can add another enumerated subdomain list which we gathered from different sources and methods to the bot and database, so the tool monitor them too. I plan to add more resources (Read README.md file) 4- Also The Most Important one, an ability to extend tool by our command would be super useful. Like the tool runs some commands we give to it (like in a text file, each command per line) beside the one you codded. e.g: Running nuclei with our custom Flags, HttpX with our custom Flags and ... after finishing the monitoring. You can use a couple of commands to extract the last subdomains then pass them to nuclei or FFUF.

And the Issue part!

I think your mongo databases use authentication, so for me I don't use authentication I will commit new code to fix this issue https://github.com/elfarsaouiomar/monitor-new-subdomain/blob/15f291565d09b87d8527d0185bb88894cd583e04/src/ConfigDB.py#L7

Thanks again happy_hacking

elfarsaouiomar commented 2 years ago

Hello @bart3nder

I fix the authentication issue. https://github.com/elfarsaouiomar/monitor-new-subdomain/blob/2a20349db8c21401893e7fc8136290b06a3b411d/src/ConfigDB.py#L8

can you test please If you face any issues. please report it,