search

smicallef / spiderfoot

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
http://www.spiderfoot.net
MIT License
13.14k stars 2.28k forks source link

grep.app modul doesn't work for subdomains #1862

Closed mecserlevente closed 5 months ago

mecserlevente commented 5 months ago

If I try to run the grep.app modul for a regular domain for example 'test.com' it returns valid response, but when I try to query a subdomain like 'mail.test.com' then the handleEvent() function is not getting involved and It doesn't give any response.

bcoles commented 5 months ago

The sfp_grep_app module only watches for DOMAIN_NAME events.

https://github.com/smicallef/spiderfoot/blob/0f815a203afebf05c98b605dba5cf0475a0ee5fd/modules/sfp_grep_app.py#L67-L68

If you want to search for subdomains the module should also watch for INTERNET_NAME events.

diff --git a/modules/sfp_grep_app.py b/modules/sfp_grep_app.py
index cb4d6333..791784df 100644
--- a/modules/sfp_grep_app.py
+++ b/modules/sfp_grep_app.py
@@ -65,7 +65,7 @@ class sfp_grep_app(SpiderFootPlugin):
             self.opts[opt] = userOpts[opt]

     def watchedEvents(self):
-        return ["DOMAIN_NAME"]
+        return ["DOMAIN_NAME", "INTERNET_NAME"]

     def producedEvents(self):
         return ["EMAILADDR", "EMAILADDR_GENERIC", "DOMAIN_NAME",