freefirex
commented
3 years ago Hello, Thank you for taking the time to add this pull request.
Unfortunately at this time I'm going to reject this pull request. When Cobalt strike is dealing with a BOF it sends the entire BOF down + arguments. While the nslookup BOF itself is not extremely large (around 5KB) this function has the potential to explode the amount of data we're sending to a target.
For this type of functionality to be accepted into this repo, I would want either the existing nslookup bof modified to also support being sent a full list, or a new bof that forks the nslookup with said list acceptance functionality.
In that way even if we request 1000 hostnames to be resolved, we'll still end up only sending the 5KB + argument size instead of 5MB + argument size.
Added the nslookup_bulk function. Expects a path to a newline-seperated list of hostnames to resolve.