search

owasp-amass / amass

In-depth attack surface mapping and asset discovery
https://owasp.org/www-project-amass/
Other
11.5k stars 1.84k forks source link

False positive #622

Closed w4cky closed 2 years ago

w4cky commented 3 years ago

Hi i have a problem with amass results. Amass show fake DNS records.

I have domain: blogmakijaz.pl

Amass show me not existing subdomain:

Querying AlienVault for blogmakijaz.pl subdomains
Querying Anubis for blogmakijaz.pl subdomains
Querying ArchiveIt for blogmakijaz.pl subdomains
Querying ArchiveToday for blogmakijaz.pl subdomains
Querying Ask for blogmakijaz.pl subdomains
Querying Baidu for blogmakijaz.pl subdomains
Querying Bing for blogmakijaz.pl subdomains
Querying Brute Forcing for blogmakijaz.pl subdomains
Querying BufferOver for blogmakijaz.pl subdomains
Querying BuiltWith for blogmakijaz.pl subdomains
Querying Censys for blogmakijaz.pl subdomains
Querying CertSpotter for blogmakijaz.pl subdomains
Querying Chaos for blogmakijaz.pl subdomains
Querying Cloudflare for blogmakijaz.pl subdomains
Querying CommonCrawl for blogmakijaz.pl subdomains
Querying Crtsh for blogmakijaz.pl subdomains
Querying DNSDumpster for blogmakijaz.pl subdomains
Querying FacebookCT for blogmakijaz.pl subdomains
Querying GitHub for blogmakijaz.pl subdomains
Querying GoogleCT for blogmakijaz.pl subdomains
Querying HackerOne for blogmakijaz.pl subdomains
Querying HackerTarget for blogmakijaz.pl subdomains
Querying IPv4Info for blogmakijaz.pl subdomains
Querying Mnemonic for blogmakijaz.pl subdomains
Querying PassiveTotal for blogmakijaz.pl subdomains
Querying RapidDNS for blogmakijaz.pl subdomains
Querying Riddler for blogmakijaz.pl subdomains
Querying Robtex for blogmakijaz.pl subdomains
Querying Shodan for blogmakijaz.pl subdomains
Querying SiteDossier for blogmakijaz.pl subdomains
Querying SonarSearch for blogmakijaz.pl subdomains
Querying Sublist3rAPI for blogmakijaz.pl subdomains
Querying ThreatCrowd for blogmakijaz.pl subdomains
Querying ThreatMiner for blogmakijaz.pl subdomains
Querying URLScan for blogmakijaz.pl subdomains
Querying VirusTotal for blogmakijaz.pl subdomains
Querying Wayback for blogmakijaz.pl subdomains
Querying Yahoo for blogmakijaz.pl subdomains
Querying ZoomEye for blogmakijaz.pl subdomains
Querying Pastebin for blogmakijaz.pl subdomains
www.blogmakijaz.pl 172.67.153.233 <--- is OK
webmail.blogmakijaz.pl 172.67.153.233 <--- is OK
www-4int-pass.blogmakijaz.pl 23.202.231.167,23. 217.138.108  <--- is FAKE
pop.blogmakijaz.pl 172.67.153.233 <--- is OK
www-testdev1web1.blogmakijaz.pl 23.202.231.167,23.217.138.108 <--- is FAKE
w3-www-int-prestrict.blogmakijaz.pl 23.217.138.108,23.202.231.167 <--- is FAKE
www-int-z.blogmakijaz.pl 23.217.138.108,23.202.231.167 <--- is FAKE
webwww-int-p-europewest.blogmakijaz.pl 23.202.231.167,23.217.138.108 <--- is FAKE
www-int-s3-profilepub.blogmakijaz.pl 23.202.231.167,23.217.138.108 <--- is FAKE
www-int-stage1.blogmakijaz.pl 23.202.231.167,23.217.138.108 <--- is FAKE
smtp.blogmakijaz.pl 104.21.12.234,172.67.153.233 <--- is FAKE
webmailakali.blogmakijaz.pl 23.202.231.167,23.217.138.108 <--- is FAKE
www-www-int-pgit.blogmakijaz.pl 23.202.231.167,23.217.138.108 <--- is FAKE
mail.blogmakijaz.pl 51.38.142.47 <--- is OK
www-int-privv.blogmakijaz.pl 23.202.231.167,23.217.138.108 <--- is FAKE

dig +short @77.88.8.1 webmail-15testing.blogmakijaz.pl
EMPTY RESULT 

dig +short  @77.88.8.1 pop.blogmakijaz.pl
172.67.153.233
104.21.12.234

How do I fix it to only show existing DNS records? This is a big problem for me.

c3101 commented 3 years ago

+1

kdebacker commented 3 years ago

I also noticed this issue some time ago, and it looks like the Level3 DNS is giving false positives for some subdomains. A temporary workaround would be to specify dns servers in the Amass config until a more permanent solution is implemented.

shelld3v commented 3 years ago

Did you add any DNS server to the config file that you used to run?