wilkenstein
commented
6 years ago Some thoughts:
- Might be good if the data sources were pluggable components, so that researchers using this tool can plug in any data source for subdomain enumeration. Requires an abstraction layer which is always tricky but might be worth it.
- Just dump the tool to a format? Like a CSV file or something? Talked about it with AnubisDB, but oftentimes, it's useful to have the data dump and security researchers will use their own tools to store and analyze it.
- The complete space of subdomains is so large it's never worth brute-forcing. Dictionary-based heuristic search is a feasible approach, although it won't help for machine-generated domains. https://norvig.com/spell-correct.html is a great article on going the inverse way, taking a misspelled sub-domain and normalizing it, whereas you might want to take a normal sub-domain and "misspell" it.
jonluca
Companion issue to https://github.com/jonluca/Anubis-DB/issues/1