do we have to understand that also the subdomains found thanks to OSINT are bruteforced ? (i think it s pretty clear here)
what about all of these fqdn which resolve the same ip: 01-09-2017.ttl60a.prod.ftl.netflix.com has address 201.156.180.74.
I think this case is tough because if you try to do some wildcard detection, ex whatever.01-09-2017.ttl60a.prod.ftl.netflix.com, you will have no resolution. However here a working prefix (01-09-2017) will indefinitely provides the same result and Amass will never ends (because it won't fall in Amass wildcard detection).
May be we can detect this kind of situation dealing with a recursion always involving the same prefix, or at least how to stop the recursion when discovering subdomains in this case ?
Thanks again for your work, open for the discussion.
Hello, i would like to know if i am missing something with amass tool.
Command:
I got this kind of log: [ThreatCrowd] ttl60a.prod.ftl.netflix.com [... OSINT PART ...]
Then:
[Brute Forcing] 01-09-2017.ttl60a.prod.ftl.netflix.com ... [Brute Forcing] 01-09-2017.01-09-2017.ttl60a.prod.ftl.netflix.com ... [Brute Forcing] 01-09-2017.01-09-2017.01-09-2017.ttl60a.prod.ftl.netflix.com ... [Brute Forcing] 01-09-2017.01-09-2017.01-09-2017.01-09-2017.ttl60a.prod.ftl.netflix.com
And so on. So my questions are:
I think this case is tough because if you try to do some wildcard detection, ex whatever.01-09-2017.ttl60a.prod.ftl.netflix.com, you will have no resolution. However here a working prefix (01-09-2017) will indefinitely provides the same result and Amass will never ends (because it won't fall in Amass wildcard detection).
May be we can detect this kind of situation dealing with a recursion always involving the same prefix, or at least how to stop the recursion when discovering subdomains in this case ?
Thanks again for your work, open for the discussion.
Regards,