search

projectdiscovery / shuffledns

MassDNS wrapper written in go to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard filtering and easy input-output support.
https://projectdiscovery.io
GNU General Public License v3.0
1.29k stars 184 forks source link

Option to only show subdomains that do not resolve to give IPs #31

Closed 0xrishabh closed 4 years ago

0xrishabh commented 4 years ago

An option of taking multiple ip as input can be added to shuffedns so that if any subdomain resolves to the given IPs it will not be shown in output

Why this feature

sometimes there are multiple A records of a non-existent domain that in return spoils the shuffldns wildcard feature.

0xrishabh commented 4 years ago

I think wildcard detection does not works correctly when there are multiple A records For example, run shuffledns on *.rishabhshukla.tech and you will see that every subdomain comes as valid, which is straight wrong as there is a wildcard which returns two A records 1.1.1.1, 127.0.0.1

I have used 1.1.1.1,8.8.8.8 in my resolvers.txt

ehsandeep commented 4 years ago

Hi @cYph3r1337.

run shuffledns on *.rishabhshukla.tech and you will see that every subdomain comes as valid

This is not the case, if you run and try, you will find shuffledns eliminates them all as it handles wildcard elimination on default run.

0xrishabh commented 4 years ago

Did you tried to do it, I setup the domain just for this purpose, I was not receiving filtered domains in output

ehsandeep commented 4 years ago

Yes, I got no results, assuming all are the wildcard ones, please share the valid entry if you set up any.

0xrishabh commented 4 years ago

for some reason it is not working for me Screenshot from 2020-05-18 15-42-25

ehsandeep commented 4 years ago

Hey @cYph3r1337, as per the CLI interface, you are running an older version, you can use GO111MODULE=on go get -u -v github.com/projectdiscovery/shuffledns/cmd/shuffledns to update it, and we will update the binary to latest as well, here is the result on the latest version. 

root@test:~/# time shuffledns -d rishabhshukla.tech -w dns-small.txt -r resolvers-excellent.txt 

       __        ________        __       
  ___ / /  __ __/ _/ _/ /__  ___/ /__ ___
 (_-</ _ \/ // / _/ _/ / -_)/ _  / _ \(_-<
/___/_//_/\_,_/_//_//_/\__/ \_,_/_//_/___/ v1                               

        projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[INF] Started generating bruteforce permutation
[INF] Generating permutations took 2.277849ms
[INF] Creating temporary massdns output file: /tmp/shuffledns296780385/br1m96m7dd9uk6pdmm1g
[INF] Executing massdns on rishabhshukla.tech
[INF] Massdns execution took 3.321617135s
[INF] Started parsing massdns output
[INF] Massdns output parsing compeleted
[INF] Started removing wildcards records
[INF] Wildcard removal completed
[INF] Finished enumeration, started writing output
[INF] Finished resolving. Hack the Planet!

real    0m12.222s
user    0m1.356s
sys 0m1.976s
root@test:~/#
ehsandeep commented 4 years ago

This should be fixed with the latest update.

mohammed-sec2010 commented 4 years ago

could you please share resolvers-excellent.txt?