Whilst performing checks against a list of subdomains i am getting inconsistent results for the NXDOMAIN check on azure based services.
Sometimes the results are correct in identifiying NXDOMAIN and other times the results contain false positives.
The false positives are confirmed with a quick DIG check with some of the results reporting NOERROR.
Each successive scan produces slightly different results.
I have confirmed this by reducing the fingerprints.json to contian only the azure services info with NXDMAIN set to true and performing scans in succesion.
Not sure what was happening, it seems to have resolved now. May have been an issue with my go install and resolved after update. Closing this issue for now.
Whilst performing checks against a list of subdomains i am getting inconsistent results for the NXDOMAIN check on azure based services.
Sometimes the results are correct in identifiying NXDOMAIN and other times the results contain false positives.
The false positives are confirmed with a quick DIG check with some of the results reporting NOERROR.
Each successive scan produces slightly different results.
I have confirmed this by reducing the fingerprints.json to contian only the azure services info with NXDMAIN set to true and performing scans in succesion.
./subtake -f '/root/subdomains.txt' -t 50 -c '/root/fingerprints_azure.json' -o '/root/vulnerable.txt'
I have tried with both -a flags enabled and disabled both having a similar problem.