search

sethsec / celerystalk

An asynchronous enumeration & vulnerability scanner. Run all the tools on all the hosts.
https://sethsec.github.io/celerystalk/
MIT License
395 stars 72 forks source link

Importing domains using -D is not setting them in scope #131

Open cwaazywabbit opened 4 years ago

cwaazywabbit commented 4 years ago

I thought that the -D parameter is supposed to import domains to scope, but it's importing them to DB without setting the flag In Scope as seen here:

./celerystalk import -D /root/x/scope.txt

celerystalk  -  An asynchronous network enumeration/vulnerability scanner 
    v1.3.1      Run all your tools against all your hosts (IPs/virtual hosts/subdomains)
                by @sethsec
                Build: 245

[+] Found subdomain (out of scope):             srv-sql-p4.xx.xyz.de
[+] Found subdomain (out of scope):             srv-fs-p04.xx.xyz.de
[+] Found subdomain (out of scope):             xx-develop.xx.xyz.de
[+] Found subdomain (out of scope):             srv-xx-ea2.xx.xyz.de

[!] There are no in scope hosts in the DB
./celerystalk db hosts

celerystalk  -  An asynchronous network enumeration/vulnerability scanner 
    v1.3.1      Run all your tools against all your hosts (IPs/virtual hosts/subdomains)
                by @sethsec
                Build: 245

[+] Showing hosts for the [prima] workspace

+---------------+--------------------------+----------+-----------------------+-----------+
| IP            | Vhost                    | In Scope | Explicit Out of Scope | Submitted |
+---------------+--------------------------+----------+-----------------------+-----------+
| 10.35.100.103 | srv-xx-ea2.xx.xyz.de      |    0     |           0           |     0     |
| 10.35.100.202 | srv-sql-p4.xx.xyz.de      |    0     |           0           |     0     |
| 10.35.100.214 | srv-fs-p04.xx.xyz.de      |    0     |           0           |     0     |
| 10.35.100.94  | xx-develop.xx.xyz.de |    0     |           0           |     0     |
+---------------+--------------------------+----------+-----------------------+-----------+

Am I missing something?

cwaazywabbit commented 4 years ago

Nevermind, I have just RTFM.. but I am not seeing the logic of importing IPs first, than domains. The documentation says:

celerystalk determines whether each subdomain is in scope by resolving the IP and looking for IP in the DB. If there is a match, the domain is marked as in scope and will be scanned.