projectdiscovery / subfinder

Fast passive subdomain enumeration tool.
https://projectdiscovery.io
MIT License
10.37k stars 1.29k forks source link

Flag to run only sources supports recursive scan. #260

Closed ehsandeep closed 4 years ago

ehsandeep commented 4 years ago

What's the problem (or question)?

Half of the sources allows looking for subdomains of subdomains recursively, but for now, all the sources are used as a default even they don't return any results and increase scan time, so adding a flag for this only runs sources which does support recursive lookup, saves lot of time of the scan and more control on the scan for user.

Do you have an idea for a solution?

> subfinder -d news.yahoo.com -recursive 
> subfinder -dL subdomains.txt -recursive 
ehsandeep commented 4 years ago

I'm preparing the list of sources that support recursive scan vs do not support recursive scan, using that this can be achieved using exclude-sources or sources flag.

ehsandeep commented 4 years ago

Recursive scan supported sources:-

  - alienvault
  - bufferover
  - certspotter
  - certspotterold
  - crtsh
  - dnsdumpster
  - hackertarget
  - ipv4info
  - passivetotal
  - securitytrails
  - sublist3r
  - virustotal
  - zoomeye
  - commoncrawl

I'm considering not using commoncrawl and zoomeye with -recursive flag as default as they take a long time with fewer results.

We can make use of config file for this, where users can update/add/remove sources for recursive scan as per their need.

recursive:
  - alienvault
  - bufferover
  - certspotter
  - certspotterold
  - crtsh
  - dnsdumpster
  - hackertarget
  - ipv4info
  - passivetotal
  - securitytrails
  - sublist3r
  - virustotal