Closed skepticfx closed 6 years ago
Can you give me more info about this? I would like to fix it, to make the module results as valid as possible.
Some domains allow wildcard subdomains. So if you do a dictionary search on these domains - you get the result as domain found. In these cases, we need to determine whether any subdomain is allowed by testing from something like what-the-heck-this-is-not-a-valid-domain
.domain.com.
Makes sense?
yep it makes sense!
while looking for different brute force tools I found this source code of Fierce a kali linux PERL dns brute script that check for wildcard:
http://git.kali.org/gitweb/?p=packages/fierce.git;a=blob_plain;f=fierce.pl;hb=HEAD
This is their approach.
Also this python version of Fierce which does widcard and zonetransfer check: https://github.com/mschwager/fierce
Yeah! Its using a random string as a subdomain. $wildcard_dns = 1e11 - int(rand(1e10));
hi @skepticfx, how are you? happy new year! ~i'm into this issue, do you know any domain where I can test the new wildcard check subdomain?~ ~I googled a lot but I can't find any domain with wildcard enabled to test..~
edit: nothing man.. I'm just too tired.. is working as aspected with github (as you said in issue text) :sleeping:
I moved all files inside the lib
folder for convenience.
I made a first attempt based on what we said before for wildcard check: branch L136-L139 using Math.floor(Math.random() * 1e14) + 1e15;
to create a random numeric string to test as subdomain.
The only thing that does not convince me is the kind of answer that the script should return.. right now I thought to return an array with wildcard value in it like so: ['*']
since if successful the script will return an array of subdomains (es: ['blog', 'www', ...]
)
What do you think?
@b4dnewz Happy new year! :)
Yeah! We need a consistent return type. Array is better. I know I made such silly mistakes a few years back.
Anyways! Great work and take care!
thanks @skepticfx!
I've also added right now eslint and basic config to the project to avoid inconsistency in the code style, than I will merge this new wildcard check feature.
The next step is to make it fast like a running cheetah!
In websites like github.com. We can have *github.com subdomains which are valid. We have to detect this.
Probably by querying,
what-the-heck-this-is-not-a-valid-domain.github.com