Closed WalterMccan closed 5 years ago
Hey! Thanks for raising an issue :)
I'm kind of torn on this one. One of the reasons I wrote this tool was to try and find loosely connected domains for OSINT, and I tend to want to err on the side of false positives than false negatives (i.e. I never want to miss anything potentially interesting).
Would the --subs-only
option meet your needs or do you think there's a need for another flag here? If so: what form do you think it should take?
Thanks again!
Hey Tom!
--subs-only
is what I was looking for. I did notice the option after exploring the code and simply forgot to update this issue. I totally agree with the main goal and see the point of having the ability of getting all the available data.
Ah super! :)
Sites using e.g.Cloudflare and their shared certificates are showing a lot of false positives.
The results contain the domains completely unrelated to the queried domain.
Example:
How about a small check that verifies the domain names from cert search results match the queried domain?