Dealing with wildcard enabled subdomain

evilsocket / dnssearch

A subdomain enumeration tool.

GNU General Public License v3.0

892 stars 140 forks source link

Dealing with wildcard enabled subdomain #5

Closed ehsandeep closed 7 years ago

ehsandeep commented 7 years ago

Hello, great work, but i am not sure how it will deal with domains which have wildcard entry (*), enabled for subdomains, for those i see can dnssearch showing every result from names.txt which is not correct!

Trozz commented 7 years ago

maybe have a limit, e.g. if 10 results share the same IP then assume wildcard?

evilsocket commented 7 years ago

Or just:

Create a random string at the very beginning.
If .domain.tld resolves, it means it has a wildcard entry.

I'll work on it as soon as I have some time ;)

ehsandeep commented 7 years ago

yeah, this idea is also good.

DavidWittman commented 7 years ago

Create a random string at the very beginning.

If .domain.tld resolves, it means it has a wildcard entry.

You can query *.example.com and it will return if there is a wildcard entry. I wasn't able to do this with net.LookupHost for some reason though.