Closed webcompat-bot closed 4 years ago
cipriansv
commented
4 years ago Thanks for the report, but this is not a compatibility issue.
For this project, we try to focus our effort on layouts, features or content that works as expected in one browser but not in another. Closing the issue as Invalid.
lock[bot]
commented
4 years ago This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue at https://webcompat.com/issues/new if you are experiencing a similar problem.
URL: https://chrome.google.com/webstore/unsupported
Browser / Version: Firefox Mobile 68.0 Operating System: Android 7.1.1 Tested Another Browser: Yes
Problem type: Site is not usable Description: Sudomy - Subdomain Enumeration & Analysis Desktop version Zion3R 5:53 PM Sudomy - Subdomain Enumeration & Analysis Sudomy is a subdomain enumeration tool, created using a bash script, to analyze domains and collect subdomains in fast and comprehensive way. Features For recent time, Sudomy has these 9 features: Easy, light, fast and powerful. Bash script is available by default in almost all Linux distributions. By using bash script multiprocessing feature, all processors will be utilized optimally. Subdomain enumeration process can be achieved by using active method or passive method Active Method Sudomy utilize Gobuster tools because of its highspeed performance in carrying out DNS Subdomain Bruteforce attack (wildcard support). The wordlist that is used comes from combined SecList (Discover/DNS) lists which contains around 3 million entries Passive Method By selecting the third-party sites, the enumeration process can be optimized. More results will be obtained with less time required. Sudomy can collect data from these well-curated 16 third-party sites: https://dnsdumpster.com https://web.archive.org https://shodan.io https://virustotal.com https://crt.sh https://www.binaryedge.io https://securitytrails.com https://sslmate.com/certspotter https://censys.io https://threatminer.org http://dns.bufferover.run https://hackertarget.com https://www.entrust.com/ct-search/ https://www.threatcrowd.org https://riddler.io https://findsubdomains.com Test the list of collected subdomains and probe for working http or https servers. This feature uses a third-party tool, httprobe. Subdomain availability test based on Ping Sweep and/or by getting HTTP status code. The ability to detect virtualhost (several subdomains which resolve to single IP Address). Sudomy will resolve the collected subdomains to IP addresses, then classify them if several subdomains resolve to single IP address. This feature will be very useful for the next penetration testing/bug bounty process. For instance, in port scanning, single IP address won’t be scanned repeatedly Performed port scanning from collected subdomains/virtualhosts IP Addresses Testing Subdomain TakeOver attack Taking Screenshotsof subdomains Report output in HTML or CSV format How Sudomy Works Sudomy is using cURL library in order to get the HTTP Response Body from third-party sites to then execute the regular expression to get subdomains. This process fully leverages multi processors, more subdomains will be collected with less time consumption. Comparison The following are the results of passive enumeration DNS testing of Sublist3r, Subfinder, and Sudomy. The domain that is used in this comparison is bugcrowd.com. Sudomy Subfinder Sublister Kitploit_IMG_26839066 Kitploit_IMG_161381183 Kitploit_IMG_207392889 Asciinema : Subfinder Sudomy Sublist3r Installation Sudomy is currently extended with the following tools. Instructions on how to install & use the application are linked below. Tools License Info Gobuster Apache License 2.0 not mandatory httprobe Tom Hudson - mandatory nmap GNU General Public License v2.0 not mandatory Dependencies $ pip install -r requirements.txt Sudomy requires jq to run and pars. For more information, Download and install jq here # Linux ======= apt-get install jq nmap phantomjs # Mac brew cask install phantomjs brew install jq nmap If you have a Go environment ready to go, it's as easy as: export GOPATH=$HOME/go export PATH=$PATH:$GOROOT/bin:$GOPATH/bin go get -u github.com/tomnomnom/httprobe go get -u github.com/OJ/gobuster Download Sudomy From Github # Clone this repository git clone --recursive https://github.com/screetsec/Sudomy.git # Go into the repository sudomy --help Running in a Docker Container # Pull an image from DockerHub docker pull screetsec/sudomy:v1.1.0 # Run an image, you can run the image on custom directory but you must copy/download config sudomy.api on current directory docker run -v "${PWD}/output:/usr/lib/sudomy/output" -v "${PWD}/sudomy.api:/usr/lib/sudomy/sudomy.api" -it --rm screetsec/sudomy:v1.1.0 [argument] Post Installation API Key is needed before querying on third-party sites, such as Shodan, Censys, SecurityTrails, Virustotal, and BinaryEdge. The API key setting can be done in sudomy.api file. # Shodan # URL : http://developer.shodan.io # Example : # - SHODAN_API="VGhpc1M0bXBsZWwKVGhmcGxlbAo" SHODAN_API="" # Censys # URL : https://censys.io/register CENSYS_API="" CENSYS_SECRET="" # Virustotal # URL : https://www.virustotal.com/gui/ VIRUSTOTAL="" # Binaryedge # URL : https://app.binaryedge.io/login BINARYEDGE="" # SecurityTrails # URL : https://securitytrails.com/ SECURITY_TRAILS="" Usage / | | ()()_ \ \ || / _ / \ ' \ || | |/_,_,___/||_, | |/ v{1.1.0#dev} by @screetsec Sudomy - Fast Subdmain Enumeration and Analyzer http://github.com/screetsec/sudomy Usage: sudomy.sh [-h [--help]] [-s[--source]][-d[--domain=]] Example: sudomy.sh -d example.com sudomy.sh -s Shodan,VirusTotal -d example.com sudomy.sh -pS -rS -sC -nT -sS -d example.com Optional Arguments: -a, --all Running all Enumeration, no nmap & gobuster -b, --bruteforce Bruteforce Subdomain Using Gobuster (Wordlist: ALL Top SecList DNS) -d, --domain domain of the website to scan -h, --help show this help message -o, --html Make report output into HTML -s, --source Use source for Enumerate Subdomain -tO, --takeover Subdomain TakeOver Vulnerabilty Scanner -pS, --ping-sweep Check live host using methode Ping Sweep -rS, --resolver Convert domain lists to resolved IP lists without duplicates -sC, --status-code Get status codes, response from domain list -nT, --nmap-top Port scanning with top-ports using nmap from domain list -sS, --screenshot Screenshots a list of website -nP, --no-passive Do not perform passive subdomain enumeration --no-probe Do not perform httprobe To use all 16 Sources and Probe for working http or https servers: / | | ()()_ \ \ || / _ / \ ' \ || | |/_,_,___/||_, | |/ v{1.1.0#dev} by @screetsec Sudomy - Fast Subdmain Enumeration and Analyzer http://github.com/screetsec/sudomy Usage: sudomy.sh [-h [--help]] [-s[--source]][-d[--domain=]] Example: sudomy.sh -d example.com sudomy.sh -s Shodan,VirusTotal -d example.com sudomy.sh -pS -rS -sC -nT -sS -d example.com Optional Arguments: -a, --all Running all Enumeration, no nmap & gobuster -b, --bruteforce Bruteforce Subdomain Using Gobuster (Wordlist: ALL Top SecList DNS) -d, --domain domain of the website to scan -h, --help show this help message -o, --html Make report output into HTML -s, --source Use source for Enumerate Subdomain -tO, --takeover Subdomain TakeOver Vulnerabilty Sca nner -pS, --ping-sweep Check live host using methode Ping Sweep -rS, --resolver Convert domain lists to resolved IP lists without duplicates -sC, --status-code Get status codes, response from domain list -nT, --nmap-top Port scanning with top-ports using nmap from domain list -sS, --screenshot Screenshots a list of website -nP, --no-passive Do not perform passive subdomain enumeration --no-probe Do not perform httprobe To use one of more source: $ sudomy -d hackerone.com To use one or more plugins: $ sudomy -s shodan,dnsdumpster,webarchive -d hackerone.com To use all plugins: testing host status, http/https status code, subdomain takeover and screenshots $ sudomy -pS -sC -sS -d hackerone.com To create report in HTML Format $ sudomy --all -d hackerone.com HTML Report Sample: Dashboard Reports Tools Overview Youtube Videos : Click here Translations Indonesia English Changelog All notable changes to this project will be documented in this file. Credits & Thanks Tom Hudson - Tomonomnom OJ Reeves - Gobuster Thomas D Maaaaz - Webscreenshot Daniel Miessler - SecList EdOverflow - can-i-take-over-xyz jerukitumanis - Docker Maintainer NgeSEC Community Gauli(dot)Net Bugcrowd & Hackerone Download Sudomy POPULAR POST IPRotate - Extension For Burp Suite Which Uses AWS API Gateway To Rotate Your IP On Every Request Hacktronian - All In One Hacking Tool For Linux & Android AutoRDPwn v5.0 - The Shadow Attack Framework AIL Framework - Framework for Analysis of Information Leaks Pyshark - Python Wrapper For Tshark, Allowing Python Packet Parsing Using Wireshark Dissectors FACEBOOK © COPYRIGHT 2018 KITPLOIT ☣ - ALL RIGHTS RESERVED Steps to Reproduce: http://go.topringles.com/wap_fast.php?e=S3j0GYNEltH8zxt7HApULjGKG2fOHNSHULUb653-2FMb3W0Vy8Gqz7h4hzFyHytJyc478mVq7xSZVVq7ABOnUeNksjgcTZAWt3Ok3ko13Y-2FAXclOxTpqWhu977Jt0THS1C&pub_id=7666.0.24.Chrome%20(v.%3E=72).Android%20Mobile.site.7666&site=7666&us=7666
Browser Configuration
Console Messages:
[u'[JavaScript Warning: "Content Security Policy: Ignoring \'unsafe-inline\' within script-src or style-src: nonce-source or hash-source specified"]', u'[JavaScript Error: "Content Security Policy: The pages settings blocked the loading of a resource at inline (script-src)." {file: "https://chrome.google.com/webstore/unsupported" line: 1}]', u'[JavaScript Warning: " Mutation Events . MutationObserver." {file: "moz-extension://bd06f597-d4d3-418e-aad2-2060f340029e/ext/jquery.js" line: 129}]']From webcompat.com with ❤️