search

projectdiscovery / subfinder

Fast passive subdomain enumeration tool.
https://projectdiscovery.io
MIT License
10.24k stars 1.27k forks source link

Perform Recursive Wildcard Elimination #46

Closed Ice3man543 closed 4 years ago

Ice3man543 commented 6 years ago

What's the problem (or question)?

The tool currently performs wildcard elimination but only for root domains. For example, .luminate.com is not a wildcard while .store.luminate.com most certainly is. Therefore, we need to perform wildcard enumeration recursively and handle such edge cases in order to save time and resources.

Do you have an idea for a solution?

Apply Wildcard elimination logic recursively for each subdomain found.

How can we reproduce the issue?

Run ./subfinder -d luminate.com -nW

Ice3man543 commented 4 years ago

Closing this as its out of scope for this project!

fuzzyami commented 2 years ago

Curious to know why this out of scope. Seems like a very useful feature to have for large domain exploration.

In addition, I think the current behavior is inconsistent:

  1. running on luminate.com yields 21 subdoamins in the store.luminate.com domain.
  2. but running it on store.luminate.com (which, as said above, exhibits wildcardness) yields only 4.
  3. applying the -nW flag on luminate.com does not filter anything in the store.luminate.com domain (because subfinder is not recursive), but applying the same flag on the store subdomain filters all but one.

in other words, as things work now there's no consistent way to filter all the subdomains in a non-top, wildcard domain.

ehsandeep commented 2 years ago

@fuzzyami it's out of scope as subfinder is primarily focused on passive enumeration, active DNS + wildcard filtering is supported in dnsx