Cloudflare protected domains show a lot of false positives.

tomnomnom / assetfinder

Find domains and subdomains related to a given domain

MIT License

2.96k stars 476 forks source link

Cloudflare protected domains show a lot of false positives. #7

Closed WalterMccan closed 5 years ago

WalterMccan commented 5 years ago

Sites using e.g.Cloudflare and their shared certificates are showing a lot of false positives.

The results contain the domains completely unrelated to the queried domain.

Example:

Queried domain : example.com
Results:
example.com
www.example.com
somethingelse.com
randomdomain.com

How about a small check that verifies the domain names from cert search results match the queried domain?

tomnomnom commented 5 years ago

Hey! Thanks for raising an issue :)

I'm kind of torn on this one. One of the reasons I wrote this tool was to try and find loosely connected domains for OSINT, and I tend to want to err on the side of false positives than false negatives (i.e. I never want to miss anything potentially interesting).

Would the --subs-only option meet your needs or do you think there's a need for another flag here? If so: what form do you think it should take?

Thanks again!

WalterMccan commented 5 years ago

Hey Tom!

--subs-only is what I was looking for. I did notice the option after exploring the code and simply forgot to update this issue. I totally agree with the main goal and see the point of having the ability of getting all the available data.

tomnomnom commented 5 years ago

Ah super! :)