x0rr-dan / s1c0n

simple recon tool to help you for searching vulnerability on web server
MIT License
61 stars 13 forks source link

Unable to get the sub-domain scan to work; SCRIPT HANGS WITH NO ERRORS AFTER OPEN-PORTS SCAN #3

Closed doncalli closed 2 years ago

doncalli commented 2 years ago

Hello there. I initially HAD issues running your script if running with python3. so I made some adjustments to make it work.

had to install python3.nmap (I am running python 3.10 in my environment). Reference https://pypi.org/project/python3-nmap/ had to compile and install the latest nmap (7.20) from nmap.org (now referred to "nmap3") had to install python3-tk for the tklinter issue reported earlier With these changes, the script then managed to run to an extent

Then based on https://pypi.org/project/python3-nmap/, I made some further adjustments on the sicon.py script to get the script into referencing "nmap3" as a python module. I have pasted the FULL modified script below with comments

1.1: importing dependencies from turtle import color

try: from os import path, system, getcwd import os.path import subprocess import nmap3 import json import sys import time except ImportError as error: print("\n\t [!] Error on import", error)

1.2: defining classes & functions: class Colors: RESET = "\33[0m" BOLD = "\33[1m" RED = "\33[31m" GREEN = "\33[32m" YELLOW = "\33[33m"

1.4 checking dependecies tools def check(tool): if os.path.exists("/usr/bin/" + tool) == True: print(Colors.GREEN + Colors.BOLD + "[*] " + tool + " exist" + Colors.RESET) time.sleep(0.2) pass

elif os.path.exists("/usr/bin" + tool) == False:

checking user privileges

user = os.getuid()

if user == 0: pass

else: print(Colors.RED + Colors.BOLD + "[!] " + tool + " is missing, Please run me with sudo to install " + tool + Colors.RESET) exit()

installing missing requirements

print(Colors.RED + Colors.BOLD + "[!] " + tool + " missing" + Colors.RESET) print(Colors.RED + Colors.BOLD + "[!] installing " + tool + Colors.RESET) time.sleep(0.2) system("apt install "+ tool + " -y") requirements list_tool = ['nmap','wafw00f','sublist3r','subfinder','assetfinder','amass','dirsearch','httprobe'] for tool in list_tool: check(tool) pass

def break_and_help(): print("\n\t [?] Usage example: sicon -u target.com") exit()

def remove_list_files(extension): system("rm -rf .list*.%s" % extension)

1.4: preparing everything saving_path = getcwd() + "/"

port_scan = nmap.PortScanner()..........................for NMAP

nmap = nmap3.nmap()

1.5: "welcome" screen system("clear") print(Colors.GREEN + Colors.BOLD + """ \t ┏━┓╺┓ ┏━╸┏━┓┏┓╻ \t ┗━┓ ┃ ┃ ┃┃┃┃┗┫ \t ┗━┛╺┻╸┗━╸┗━┛╹ ╹

            Simple Recon
        Coded by """ + Colors.RESET + Colors.RED + Colors.BOLD + """UnknownSec666""" + Colors.RESET + Colors.GREEN + Colors.BOLD + """
   Thanks to:""" + Colors.RED + Colors.BOLD + """ Jeager""" +

Colors.RESET)

1.6: getting started command_arguments = sys.argv[1:]

if (len(command_arguments) > 0): flag = command_arguments[0].upper()

if flag == "-U" or flag == "--URL": URL_TARGET = command_arguments[1]

else: break_and_help() else: break_and_help()

2.0: Starting recon phase: print(Colors.BOLD + Colors.GREEN + "\n\t[*] Starting recon on %s:" % URL_TARGET + Colors.RESET)

2.1: Detect WAF using wafw00f: convert to domain using httprobe get_host = subprocess.check_output(("echo %s | httprobe -prefer-https" % URL_TARGET), shell=True, text=True) detect_waf = subprocess.check_output(("wafw00f %s > /dev/null" % get_host), shell=True, text=True)

if ("is behind" in detect_waf):

has some WAF

processed_string = detect_waf[detect_waf.find("is behind"):] pre_parser = processed_string.find("\x1b[1;96m") # process to get valuable results only post_parser = processed_string.find("\x1b[0m") which_waf = processed_string[pre_parser:post_parser] # don't include color codes

print(Colors.BOLD + Colors.GREEN + "\n\t [+] WAF: DETECTED [ %s ]" % which_waf + Colors.RESET) elif ("No WAF detected" in detect_waf): print(Colors.BOLD + Colors.YELLOW + "\n\t [+] WAF: NOT DETECTED" + Colors.RESET)

else: print(Colors.BOLD + Colors.RED + "\n\t [!] FAIL TO DETECT WAF" + Colors.RESET)

2.2: Scanning ports using nmap run NMAP and filter results using GREP system("nmap %s -o .list_NMAP.txt > /dev/null" % URL_TARGET)..............Change made here system("cat .list_NMAP.txt | grep open > .list_PORTS.txt")

open file we just created with open(".list_PORTS.txt", encoding="utf-8") as file: ports_list = file.read().splitlines()

remove files we just created remove_list_files("txt")

print(Colors.BOLD + Colors.GREEN + "\n\t [+] OPENED PORTS: %s" % len(ports_list) + Colors.RESET)

for p in ports_list: print(Colors.RESET + "\t " + Colors.GREEN + "-> " + Colors.RESET + Colors.BOLD + p)

2.3: Getting subdomains this process might take a while, we'll use different scripts for that system("subfinder -d %s -o .list_subfinder.txt -silent > /dev/null" % URL_TARGET) system("sublist3r -d %s -o .list_sublist3r.txt > /dev/null" % URL_TARGET) system("assetfinder %s > .list_assetfinder.txt" % URL_TARGET) system("amass enum -d %s -o .list_amass.txt -silent" % URL_TARGET)

concat every output into one file system("cat .list*.txt > .list_subdomains.txt")

open "general" file with open(".list_subdomains.txt", encoding="utf-8") as file: subdomain_raw_list = file.read().splitlines()

drop duplicates subdomain_list = set(subdomain_raw_list)

remove_list_files("txt")

print(Colors.BOLD + Colors.GREEN + "\n\t [+] SUBDOMAINS DETECTED: %s" % len(subdomain_list) + Colors.RESET)

for s in subdomain_list:

perform quick port scan using nmap

quick_scan = port_scan.scan(hosts=s, arguments="-F") ..........for NMAP

quick_scan = nmap.scan(hosts=s, arguments="-F") host = list(quick_scan["scan"].keys())

if (len(host) > 0):

tcp ports were found

tcp_open = str(list(quick_scan["scan"][host[0]]["tcp"].keys()))
print(Colors.RESET + Colors.GREEN + "\t    -> " + Colors.RESET + Colors.BOLD + s +
                                " | " +  Colors.GREEN + tcp_open + Colors.RESET)

else:

port scan failed

print(Colors.RESET + Colors.GREEN + "\t    -> " + Colors.RESET + Colors.BOLD + s +
                                " | " +  Colors.RED + "FAIL MAYBE HOST DIED" + Colors.RESET)

2.4: Bruteforcing json_directory: system("dirsearch -u {} -o {} --format=json > /dev/null".format(URL_TARGET, (saving_path + ".list_json_directory.json")))

with open(".list_json_directory.json", encoding="utf-8") as file: json_directory = json.load(file)

remove_list_files("json")

host = str( list(json_directory["results"][0].keys())[0] ) directory = json_directory["results"][0][host]

dir_list = [] for d in directory: path = d["path"] status = d["status"]

drop other codes

if (status == 200 or status == 403): dir_list.append([status, path]) sorted_directories = sorted(dir_list)

print(Colors.BOLD + Colors.GREEN + "\n\t [+] DIRECTORIES: %s" % len(sorted_directories) + Colors.RESET)

for d in sorted_directories:

format_host = get_host.replace("\n", "")

if (d[0] == 200):

green alert

print(Colors.GREEN + "\t    -> " + Colors.RESET + Colors.GREEN
        + str(d[0]) + Colors.RESET + " | " +  Colors.BOLD + format_host + d[1] + Colors.RESET)

elif (d[0] == 403): print(Colors.GREEN + "\t -> " + Colors.RESET + Colors.YELLOW

#######List of adjustment made to sicon.py#############

Basically I had to import nmap3 (instead of nmap) and reference it below: try: from os import path, system, getcwd import os.path import subprocess import nmap3 import json import sys import time

1.4: preparing everything saving_path = getcwd() + "/" #port_scan = nmap.PortScanner()..........................for NMAP nmap = nmap3.nmap()

Then i made an adjustment here:

2.2: Scanning ports using nmap run NMAP and filter results using GREP system("nmap %s -o .list_NMAP.txt > /dev/null" % URL_TARGET)..............Change made here system("cat .list_NMAP.txt | grep open > .list_PORTS.txt")

The final adjustment was made here: for s in subdomain_list:

perform quick port scan using nmap

#quick_scan = port_scan.scan(hosts=s, arguments="-F") ..........for NMAP quick_scan = nmap.scan(hosts=s, arguments="-F") host = list(quick_scan["scan"].keys()) The result of the adjustments is the adjusted script now running with:

the WAF scan module working the "Opened Ports" scan module working However I am running into issues where I see the sub-domain scan FAIL My investigation reveals that the .list_amass.txt is NOT being created by the script (see script line below) in the directory that the script is being run. The other ".list" files ARE BEING CREATED

system("amass enum -d %s -o -silent" % URL_TARGET)

So as a consequence, the script just HANGS WITHOUT ERRORS after the "Opened Ports" scan completes.

Can you have a look at the script I sent and help me figure out why pls.

Thanks.

doncalli commented 2 years ago

So I ran the code line system("amass enum -d %s -o -silent" % URL_TARGET) in isolation (not from within the script) For example: amass enum -d nytimes.com -o .list_amass.txt -silent

There is no output...it appears to be HANGING with NO OUTPUT

doncalli commented 2 years ago

discovered that it was the AMASS program which was corrupt. So uninstalled it and reinstalled; the program is now working fine even when ran in isolation. The issue of converting the sicon script to reflect nmap3 still remains. See the code lines under: perform quick port scan using nmap Can you pls help?

x0rr-dan commented 2 years ago

thanks for the report, i will try to do it

doncalli commented 2 years ago

another thing, I would advise that you update your "Readme.md" to advise people of the need to INSTALL NMAP as a prerequisite prior to using your program. Otherwise THANK YOU!!

x0rr-dan commented 2 years ago

thank you for the advice, you are very helpful

doncalli commented 2 years ago

#########Latest Modification tried for NMAP 3 for the NMAP port scan##############

for s in subdomain_list:

    # perform quick port scan using nmap
    #quick_scan = nmap.scan(hosts=s, arguments="-F")
    quick_scan = nmap.scan_top_ports("s")
    host = list(quick_scan.keys())
    #host = list(quick_scan["scan"].keys())

if (len(host) > 0):

tcp ports were found

            tcp_open = str(list(quick_scan["scan"][host[0]]["tcp"].keys()))
            print(Colors.RESET + Colors.GREEN + "\t    -> " + Colors.RESET + Colors.BOLD + s +
                                                                            " | " +  Colors.GREEN + tcp_open + Colors.RESET)

else:

port scan failed

            print(Colors.RESET + Colors.GREEN + "\t    -> " + Colors.RESET + Colors.BOLD + s +
                                                                            " | " +  Colors.RED + "FAIL MAYBE HOST DIED" + Colors.RESET)

Obviously it did not work: See error message below

      **[+] SUBDOMAINS DETECTED: 36

Traceback (most recent call last): File "/home/doncalli/Repo/s1c0n/sicon.py", line 168, in tcp_open = str(list(quick_scan["scan"][host[0]]["tcp"].keys())) KeyError: 'scan'**

x0rr-dan commented 2 years ago

actually you can install python-nmap in python3, and you can run this tool without any problem, well i will try changing python-nmap to python3-nmap

Thank you for the advice

doncalli commented 2 years ago

Hey there,python-Nmap doesn't work on my kali Linux...I don't know why. Only python3-nmap does

x0rr-dan commented 2 years ago

Hey there,python-Nmap doesn't work on my kali Linux...I don't know why. Only python3-nmap does

i code this tool using kali linux, and of course i install python-nmap, and it works well i also using python3 to run this tool, python that i use is python 3.10.5

doncalli commented 2 years ago

What version of Nmap are you using? I'm using 7.9.2

doncalli commented 2 years ago

Also when I Uninstalled and reinstalled python-nmap. Then I imported the module " import Nmap" . I still have the same issue when I run the python script.

doncalli commented 2 years ago

UPDATE: I finally got it to work with "import nmap"! I uninstalled,purged and reinstalled "python-nmap".

So it now works! However it would be nice to see another script running nmap3 module though. FYI. If running NMAP3, you will not be able to match on the "scan" key if you run this command see below:

quick_scan = nmap.scan_top_ports("owasp.org") list(quick_scan["scan"].keys()) .............will not match on the "scan" key and you cannot match on port, protocol etc

only matches on: [ip address; runtime; scope]

doncalli commented 2 years ago

Python 3.10.5 (main, Jun 8 2022, 09:26:22) [GCC 11.3.0] on linux Type "help", "copyright", "credits" or "license" for more information.

import nmap3 nmap = nmap3.Nmap() nmap.scan_top_ports("nytimes.com", args="-sV") {'151.101.129.164': {'osmatch': {}, 'ports': [{'protocol': 'tcp', 'portid': '21', 'state': 'filtered', 'reason': 'no-response', 'reason_ttl': '0', 'service': {'name': 'ftp', 'method': 'table', 'conf': '3'}, 'cpe': [], 'scripts': []}, {'protocol': 'tcp', 'portid': '22', 'state': 'filtered', 'reason': 'no-response', 'reason_ttl': '0', 'service': {'name': 'ssh', 'method': 'table', 'conf': '3'}, 'cpe': [], 'scripts': []}, {'protocol': 'tcp', 'portid': '23', 'state': 'filtered', 'reason': 'no-response', 'reason_ttl': '0', 'service': {'name': 'telnet', 'method': 'table', 'conf': '3'}, 'cpe': [], 'scripts': []}, {'protocol': 'tcp', 'portid': '25', 'state': 'filtered', 'reason': 'no-response', 'reason_ttl': '0', 'service': {'name': 'smtp', 'method': 'table', 'conf': '3'}, 'cpe': [], 'scripts': []}, {'protocol': 'tcp', 'portid': '80', 'state': 'open', 'reason': 'syn-ack', 'reason_ttl': '53', 'service': {'name': 'http-proxy', 'product': 'Varnish', 'method': 'probed', 'conf': '10'}, 'cpe': [{'cpe': 'cpe:/a:varnish-cache:varnish'}], 'scripts': []}, {'protocol': 'tcp', 'portid': '110', 'state': 'filtered', 'reason': 'no-response', 'reason_ttl': '0', 'service': {'name': 'pop3', 'method': 'table', 'conf': '3'}, 'cpe': [], 'scripts': []}, {'protocol': 'tcp', 'portid': '139', 'state': 'filtered', 'reason': 'no-response', 'reason_ttl': '0', 'service': {'name': 'netbios-ssn', 'method': 'table', 'conf': '3'}, 'cpe': [], 'scripts': []}, {'protocol': 'tcp', 'portid': '443', 'state': 'open', 'reason': 'syn-ack', 'reason_ttl': '53', 'service': {'name': 'https', 'product': 'Varnish', 'servicefp': 'SF-Port443-TCP:V=7.92%T=SSL%I=7%D=7/30%Time=62E5D9F0%P=x86_64-unknown-linux-gnu%r(GetRequest,1FE,"HTTP/1\.1\x20500\x20Domain\x20Not\x20Found\r\nConnection:\x20close\r\nContent-Length:\x20228\r\nServer:\x20Varnish\r\nRetry-After:\x200\r\ncontent-type:\x20text/html\r\nCache-Control:\x20private,\x20no-cache\r\nX-Served-By:\x20cache-bur-kbur8200167-BUR\r\nAccept-Ranges:\x20bytes\r\nDate:\x20Sun,\x2031\x20Jul\x202022\x2001:25:05\x20GMT\r\nVia:\x201\.1\x20varnish\r\n\r\n\n\n\nFastly\x20error:\x20unknown\x20domain\x20\n\n\n

Fastly\x20error:\x20unknown\x20domain:\x20\.\x20Please\x20check\x20that\x20this\x20domain\x20has\x20been\x20added\x20to\x20a\x20service\.

\n

Details:\x20cache-bur-kbur8200167-BUR

")%r(HTTPOptions,1FE,"HTTP/1\.1\x20500\x20Domain\x20Not\x20Found\r\nConnection:\x20close\r\nContent-Length:\x20228\r\nServer:\x20Varnish\r\nRetry-After:\x200\r\ncontent-type:\x20text/html\r\nCache-Control:\x20private,\x20no-cache\r\nX-Served-By:\x20cache-bur-kbur8200122-BUR\r\nAccept-Ranges:\x20bytes\r\nDate:\x20Sun,\x2031\x20Jul\x202022\x2001:25:05\x20GMT\r\nVia:\x201\.1\x20varnish\r\n\r\n\n\n\nFastly\x20error:\x20unknown\x20domain\x20\n\n\n

Fastly\x20error:\x20unknown\x20domain:\x20\.\x20Please\x20check\x20that\x20this\x20domain\x20has\x20been\x20added\x20to\x20a\x20service\.

\n

Details:\x20cache-bur-kbur8200122-BUR

")%r(FourOhFourRequest,1FE,"HTTP/1\.1\x20500\x20Domain\x20Not\x20Found\r\nConnection:\x20close\r\nContent-Length:\x20228\r\nServer:\x20Varnish\r\nRetry-After:\x200\r\ncontent-type:\x20text/html\r\nCache-Control:\x20private,\x20no-cache\r\nX-Served-By:\x20cache-bur-kbur8200178-BUR\r\nAccept-Ranges:\x20bytes\r\nDate:\x20Sun,\x2031\x20Jul\x202022\x2001:25:05\x20GMT\r\nVia:\x201\.1\x20varnish\r\n\r\n\n\n\nFastly\x20error:\x20unknown\x20domain\x20\n\n\n

Fastly\x20error:\x20unknown\x20domain:\x20\.\x20Please\x20check\x20that\x20this\x20domain\x20has\x20been\x20added\x20to\x20a\x20service\.

\n

Details:\x20cache-bur-kbur8200178-BUR

");', 'tunnel': 'ssl', 'method': 'probed', 'conf': '10'}, 'cpe': [], 'scripts': []}, {'protocol': 'tcp', 'portid': '445', 'state': 'filtered', 'reason': 'no-response', 'reason_ttl': '0', 'service': {'name': 'microsoft-ds', 'method': 'table', 'conf': '3'}, 'cpe': [], 'scripts': []}, {'protocol': 'tcp', 'portid': '3389', 'state': 'filtered', 'reason': 'no-response', 'reason_ttl': '0', 'service': {'name': 'ms-wbt-server', 'method': 'table', 'conf': '3'}, 'cpe': [], 'scripts': []}], 'hostname': [{'name': 'nytimes.com', 'type': 'user'}], 'macaddress': None, 'state': {'state': 'up', 'reason': 'echo-reply', 'reason_ttl': '53'}}, 'stats': {'scanner': 'nmap', 'args': '/usr/local/bin/nmap -oX - --top-ports 10 -sV nytimes.com', 'start': '1659230685', 'startstr': 'Sat Jul 30 18:24:45 2022', 'version': '7.92', 'xmloutputversion': '1.05'}, 'runtime': {'time': '1659230708', 'timestr': 'Sat Jul 30 18:25:08 2022', 'summary': 'Nmap done at Sat Jul 30 18:25:08 2022; 1 IP address (1 host up) scanned in 23.41 seconds', 'elapsed': '23.41', 'exit': 'success'}} quick_scan = nmap.scan_top_ports("owasp.org", args="-sV") quick_scan.keys() dict_keys(['104.22.26.77', 'stats', 'runtime']) list(quick_scan["stats"].keys()) ['scanner', 'args', 'start', 'startstr', 'version', 'xmloutputversion'] list(quick_scan["runtime"].keys()) ['time', 'timestr', 'summary', 'elapsed', 'exit'] list(quick_scan["104.22.26.77"].keys()) ['osmatch', 'ports', 'hostname', 'macaddress', 'state']

above is the output from using nmap3 module to do the scan. You can see that using the python-nmap3 module to scan for open ports, will NOT result in a KEY matching "scan" (as in nmap module). so you will have to find a python-nmap3 command that scan for open ports whose output will result in a KEY matching "scan" or "ports" etc

doncalli commented 2 years ago

can you scan "southlandind.com" with your script(nmap module import) and see if you are running into errors

x0rr-dan commented 2 years ago

UPDATE: I finally got it to work with "import nmap"! I uninstalled,purged and reinstalled "python-nmap".

So it now works! However it would be nice to see another script running nmap3 module though. FYI. If running NMAP3, you will not be able to match on the "scan" key if you run this command see below:

quick_scan = nmap.scan_top_ports("owasp.org") list(quick_scan["scan"].keys()) .............will not match on the "scan" key and you cannot match on port, protocol etc

only matches on: [ip address; runtime; scope]

that's why i prefer to use python-nmap instead of python3-nmap

x0rr-dan commented 2 years ago

can you scan "southlandind.com" with your script(nmap module import) and see if you are running into errors

` ┏━┓╺┓ ┏━╸┏━┓┏┓╻ ┗━┓ ┃ ┃ ┃┃┃┃┗┫ ┗━┛╺┻╸┗━╸┗━┛╹ ╹

                Simple Recon
            Coded by UnknownSec666
               Thanks to: Jeager

    [*] Starting recon on southlandind.com:

      [+] WAF: NOT DETECTED

      [+] OPENED PORTS: 2
        -> 80/tcp  open  http
        -> 443/tcp open  https

      [+] SUBDOMAINS DETECTED: 54
        -> officewebapps.southlandind.com | FAIL MAYBE HOST DIED
        -> webmail4.southlandind.com | FAIL MAYBE HOST DIED
        -> rs2.southlandind.com | [25, 80, 443, 465, 587]
        -> lyncweb2013.southlandind.com | FAIL MAYBE HOST DIED
        -> madsslvpn.southlandind.com | [443]
        -> aw2sslvpn.southlandind.com | FAIL MAYBE HOST DIED                        
        -> lyncweb.southlandind.com | FAIL MAYBE HOST DIED                          
        -> webconfedge01.southlandind.com | FAIL MAYBE HOST DIED                    
        -> help.southlandind.com | [80, 443, 8080, 8443]
        -> webmail.southlandind.com | FAIL MAYBE HOST DIED
        -> meet.southlandind.com | [80, 443, 49152, 49153, 49154, 49155, 49156, 49157]                                                                                      
        -> daw.southlandind.com | FAIL MAYBE HOST DIED
        -> sentrymad.southlandind.com | FAIL MAYBE HOST DIED
        -> share.southlandind.com | [80, 443]
        -> coins-mobiletech2.southlandind.com | FAIL MAYBE HOST DIED
        -> dae.southlandind.com | FAIL MAYBE HOST DIED
        -> lyncdiscover.southlandind.com | [80, 443, 49152, 49153, 49154, 49155, 49156, 49157]                                                                              
        -> coins.southlandind.com | FAIL MAYBE HOST DIED
        -> mdlyncweb2013.southlandind.com | FAIL MAYBE HOST DIED
        -> legacy.southlandind.com | FAIL MAYBE HOST DIED
        -> webconfedge02.southlandind.com | FAIL MAYBE HOST DIED
        -> vsp.southlandind.com | FAIL MAYBE HOST DIED
        -> sipedge02.southlandind.com | FAIL MAYBE HOST DIED
        -> coins-mobiletech.southlandind.com | FAIL MAYBE HOST DIED
        -> registry.devops.southlandind.com | FAIL MAYBE HOST DIED
        -> ggsslvpn.southlandind.com | [443]
        -> southlandind.com | [80, 443]
        -> rs.southlandind.com | [25, 80, 443, 465, 587]
        -> lyncdiscoverinternal.southlandind.com | FAIL MAYBE HOST DIED
        -> webconf.southlandind.com | FAIL MAYBE HOST DIED
        -> sip13.southlandind.com | FAIL MAYBE HOST DIED
        -> autodiscover.southlandind.com | FAIL MAYBE HOST DIED
        -> www.southlandind.com | [80, 443]
        -> coins2-mobiletech.southlandind.com | FAIL MAYBE HOST DIED
        -> uccrew.southlandind.com | [443]
        -> tmpsslvpn.southlandind.com | [443]
        -> tableau.southlandind.com | FAIL MAYBE HOST DIED
        -> mail2k3.southlandind.com | FAIL MAYBE HOST DIED
        -> dialin.southlandind.com | [80, 443, 49152, 49153, 49154, 49155, 49156, 49157]                                                                                    
        -> webconf13.southlandind.com | FAIL MAYBE HOST DIED
        -> dev.southlandind.com | FAIL MAYBE HOST DIED
        -> smartchecklist.southlandind.com | [80, 443]
        -> photos.southlandind.com | FAIL MAYBE HOST DIED
        -> aesslvpn.southlandind.com | FAIL MAYBE HOST DIED
        -> mail2k.southlandind.com | FAIL MAYBE HOST DIED
        -> intranet.southlandind.com | FAIL MAYBE HOST DIED
        -> webmail3.southlandind.com | FAIL MAYBE HOST DIED
        -> sip.southlandind.com | [80, 443, 49152, 49153, 49154, 49155, 49156, 49157]                                                                                       
        -> mx.southlandind.com | FAIL MAYBE HOST DIED
        -> smtp-east.southlandind.com | FAIL MAYBE HOST DIED
        -> smtp.southlandind.com | FAIL MAYBE HOST DIED
        -> exchangehybrid.southlandind.com | FAIL MAYBE HOST DIED
        -> webmail2.southlandind.com | FAIL MAYBE HOST DIED
        -> sentry.southlandind.com | FAIL MAYBE HOST DIED

      [+] DIRECTORIES: 5                                                            
        -> 200 | https://southlandind.com/.well-known/acme-challenge/dtfy
        -> 403 | https://southlandind.com/vendor/phpunit/Util/PHP/eval-stdin.php
        -> 403 | https://southlandind.com/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php
        -> 403 | https://southlandind.com/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
        -> 403 | https://southlandind.com/vendor/phpunit/src/Util/PHP/eval-stdin.php`
doncalli commented 2 years ago

I am coming up with errors. See output below:

            Coded by UnknownSec666
               Thanks to: Jeager

    [*] Starting recon on southlandind.com:

      [+] WAF: NOT DETECTED

      [+] OPENED PORTS: 2
        -> 80/tcp  open  http
        -> 443/tcp open  https

      [+] SUBDOMAINS DETECTED: 54
        -> aesslvpn.southlandind.com | FAIL MAYBE HOST DIED
        -> photos.southlandind.com | FAIL MAYBE HOST DIED
        -> lyncweb.southlandind.com | FAIL MAYBE HOST DIED
        -> share.southlandind.com | [80, 443]
        -> coins.southlandind.com | FAIL MAYBE HOST DIED
        -> webmail2.southlandind.com | FAIL MAYBE HOST DIED
        -> smtp-east.southlandind.com | FAIL MAYBE HOST DIED
        -> sipedge02.southlandind.com | FAIL MAYBE HOST DIED
        -> webmail.southlandind.com | FAIL MAYBE HOST DIED
        -> vsp.southlandind.com | FAIL MAYBE HOST DIED
        -> mail2k3.southlandind.com | FAIL MAYBE HOST DIED
        -> smartchecklist.southlandind.com | [80, 443]
        -> legacy.southlandind.com | FAIL MAYBE HOST DIED
        -> daw.southlandind.com | FAIL MAYBE HOST DIED
        -> dae.southlandind.com | FAIL MAYBE HOST DIED

Traceback (most recent call last): File "/home/doncalli/Repo/s1c0n/sicon2.py", line 165, in tcp_open = str(list(quick_scan["scan"][host[0]]["tcp"].keys())) KeyError: 'tcp' ┌──(root💀sa9901793)-[/home/doncalli/Repo/s1c0n] └─#

so far I can scan other domains without any issues. What do you think is causing this error for "southlandind.com"

x0rr-dan commented 2 years ago

I am coming up with errors. See output below:

            Coded by UnknownSec666
               Thanks to: Jeager

    [*] Starting recon on southlandind.com:

      [+] WAF: NOT DETECTED

      [+] OPENED PORTS: 2
        -> 80/tcp  open  http
        -> 443/tcp open  https

      [+] SUBDOMAINS DETECTED: 54
        -> aesslvpn.southlandind.com | FAIL MAYBE HOST DIED
        -> photos.southlandind.com | FAIL MAYBE HOST DIED
        -> lyncweb.southlandind.com | FAIL MAYBE HOST DIED
        -> share.southlandind.com | [80, 443]
        -> coins.southlandind.com | FAIL MAYBE HOST DIED
        -> webmail2.southlandind.com | FAIL MAYBE HOST DIED
        -> smtp-east.southlandind.com | FAIL MAYBE HOST DIED
        -> sipedge02.southlandind.com | FAIL MAYBE HOST DIED
        -> webmail.southlandind.com | FAIL MAYBE HOST DIED
        -> vsp.southlandind.com | FAIL MAYBE HOST DIED
        -> mail2k3.southlandind.com | FAIL MAYBE HOST DIED
        -> smartchecklist.southlandind.com | [80, 443]
        -> legacy.southlandind.com | FAIL MAYBE HOST DIED
        -> daw.southlandind.com | FAIL MAYBE HOST DIED
        -> dae.southlandind.com | FAIL MAYBE HOST DIED

Traceback (most recent call last): File "/home/doncalli/Repo/s1c0n/sicon2.py", line 165, in tcp_open = str(list(quick_scan["scan"][host[0]]["tcp"].keys())) KeyError: 'tcp' ┌──(rootskullsa9901793)-[/home/doncalli/Repo/s1c0n] └─#

so far I can scan other domains without any issues. What do you think is causing this error for "southlandind.com"

did you run the tools that you edited before? or tools that you haven't edited at all

doncalli commented 2 years ago

Answer: tools which were not edited. sicon.py is the nmap3 script which we know, was having issues as the python-nmap codes needed to be converted to python-nmap3

After reinstalling python-nmap, I used a different script (sicon2.py) using your code python3 sicon2.py -u southlandind.com

doncalli commented 2 years ago

the ? is why is the script failing for this domain (it is failing why doing an enum of the sub-domains) but not failing for others?

x0rr-dan commented 2 years ago

I don't have a clue why the error occurred, I've tried on another device and did a scan on southlandind.com and the result is the same as before, it worked without any errors

doncalli commented 2 years ago

ran into the same issue with scanning "independent.co.uk" Notice the "ind" present in both "southlandind.com" and independent.co.uk coincidence?

x0rr-dan commented 2 years ago

I think it's a bit strange if a domain containing ind could cause errors in the script, you can try to do a scan on hindustantimes.com, otherwise the error could be accidental

ran into the same issue with scanning "independent.co.uk" Notice the "ind" present in both "southlandind.com" and independent.co.uk coincidence?

doncalli commented 2 years ago

no issues with scanning "ind.com"

              ┏━┓╺┓ ┏━╸┏━┓┏┓╻
              ┗━┓ ┃ ┃  ┃┃┃┃┗┫
              ┗━┛╺┻╸┗━╸┗━┛╹ ╹

                Simple Recon
            Coded by UnknownSec666
               Thanks to: Jeager

    [*] Starting recon on ind.com:

      [+] WAF: NOT DETECTED

      [+] OPENED PORTS: 2
        -> 80/tcp  open  http
        -> 443/tcp open  https

      [+] SUBDOMAINS DETECTED: 201
        -> www.noe.ind.com | FAIL MAYBE HOST DIED
        -> www.tocantins.ind.com | FAIL MAYBE HOST DIED
        -> www.cbse.ind.com | FAIL MAYBE HOST DIED
        -> local.ind.com | FAIL MAYBE HOST DIED
        -> www.2xp.ind.com | FAIL MAYBE HOST DIED
        -> www.devers.ind.com | FAIL MAYBE HOST DIED
        -> www.apddcf.ind.com | FAIL MAYBE HOST DIED
        -> cricinfo.ind.com | FAIL MAYBE HOST DIED
        -> 2xp.ind.com | FAIL MAYBE HOST DIED
        -> www.upsc.ind.com | FAIL MAYBE HOST DIED
        -> www.sharif.ind.com | FAIL MAYBE HOST DIED
        -> italianinha.ind.com | FAIL MAYBE HOST DIED
        -> www.pti.ind.com | FAIL MAYBE HOST DIED
        -> vinaae-ex04.ind.com | FAIL MAYBE HOST DIED
        -> www.proeza.ind.com | FAIL MAYBE HOST DIED
        -> employment.gov.ind.com | FAIL MAYBE HOST DIED
        -> www.norco.ind.com | FAIL MAYBE HOST DIED
        -> parkindplus-allison.ind.com | [80, 443]
        -> logismarket.ind.com | FAIL MAYBE HOST DIED
        -> motion--ind.com | FAIL MAYBE HOST DIED
        -> business.ind.com | FAIL MAYBE HOST DIED
        -> vinaae-ems00.ind.com | FAIL MAYBE HOST DIED
        -> vpn.ind.com | [80, 443]
        -> sex.ind.com | FAIL MAYBE HOST DIED
        -> payment.wintec.ind.com | FAIL MAYBE HOST DIED
        -> www.feromonio.ind.com | FAIL MAYBE HOST DIED
        -> www.rafealadebayo.ind.com | FAIL MAYBE HOST DIED
        -> www.incometax.ind.com | FAIL MAYBE HOST DIED
        -> converge.ind.com | [443]
        -> www.gecis.ind.com | FAIL MAYBE HOST DIED
        -> aes.mail.ind.com | FAIL MAYBE HOST DIED
        -> www.aima.ind.com | FAIL MAYBE HOST DIED
        -> hub.ind.com | FAIL MAYBE HOST DIED
        -> autodiscover.ind.com | [80, 110, 143, 443, 587, 993, 995]
        -> www.standardequipments.ind.com | FAIL MAYBE HOST DIED
        -> www.cmaa.ind.com | FAIL MAYBE HOST DIED
        -> www.angelus.ind.com | FAIL MAYBE HOST DIED
        -> www.universities.ind.com | FAIL MAYBE HOST DIED
        -> www.msn.ind.com | FAIL MAYBE HOST DIED
        -> www.google.co.ind.com | FAIL MAYBE HOST DIED
        -> www.healthcareproducts.ind.com | FAIL MAYBE HOST DIED
        -> www.tbjosua.ind.com | FAIL MAYBE HOST DIED
        -> www.muller.ind.com | FAIL MAYBE HOST DIED
        -> gre.ind.com | FAIL MAYBE HOST DIED
        -> exchcasnlb.ind.com | FAIL MAYBE HOST DIED
        -> www.shenazhussien.ind.com | FAIL MAYBE HOST DIED
        -> www.passport.chd.ind.com | FAIL MAYBE HOST DIED
        -> finalresults.ind.com | FAIL MAYBE HOST DIED
        -> www.freemount.ind.com | FAIL MAYBE HOST DIED
        -> www.moil.ind.com | FAIL MAYBE HOST DIED
        -> www.syndicatebank.ind.com | FAIL MAYBE HOST DIED
        -> www.mhn.ind.com | FAIL MAYBE HOST DIED
        -> cpanel.motion--ind.com | FAIL MAYBE HOST DIED
        -> www.incometax.gov.ind.com | FAIL MAYBE HOST DIED
        -> www.belplast.ind.com | FAIL MAYBE HOST DIED
        -> childsupport.gov.ind.com | FAIL MAYBE HOST DIED
        -> www.tamilsexstory.ind.com | FAIL MAYBE HOST DIED
        -> www.irctc.ind.com | FAIL MAYBE HOST DIED
        -> www.motion--ind.com | FAIL MAYBE HOST DIED
        -> imap.ind.com | FAIL MAYBE HOST DIED
        -> www.siexis.photos.ind.com | FAIL MAYBE HOST DIED
        -> www.aponline.gov.ind.com | FAIL MAYBE HOST DIED
        -> pms--ind.com | FAIL MAYBE HOST DIED
        -> ftp.ind.com | [443]
        -> supplierdiversity.ind.com | [80, 443]
        -> www.koreanlanguage.ind.com | FAIL MAYBE HOST DIED
        -> yahoo.ind.com | FAIL MAYBE HOST DIED
        -> microsoft.ind.com | FAIL MAYBE HOST DIED
        -> vinaae-cas01.ind.com | FAIL MAYBE HOST DIED
        -> www.gurbani.ind.com | FAIL MAYBE HOST DIED
        -> grainer.ind.com | FAIL MAYBE HOST DIED
        -> www.iit.ind.com | FAIL MAYBE HOST DIED
        -> www.indian.rail.govt.ind.com | FAIL MAYBE HOST DIED
        -> www.opensex.ind.com | FAIL MAYBE HOST DIED
        -> www.opengils.ind.com | FAIL MAYBE HOST DIED
        -> www.northstate.ind.com | FAIL MAYBE HOST DIED
        -> www.edu.ind.com | FAIL MAYBE HOST DIED
        -> www.thor.ind.com | FAIL MAYBE HOST DIED
        -> mail.brasilata.ind.com | FAIL MAYBE HOST DIED
        -> www.federation.ind.com | FAIL MAYBE HOST DIED
        -> www.rni.ind.com | FAIL MAYBE HOST DIED
        -> www.parkindplus.ind.com | FAIL MAYBE HOST DIED
        -> webmail.motion--ind.com | FAIL MAYBE HOST DIED
        -> www.miller.ind.com | FAIL MAYBE HOST DIED
        -> www.allenco.ind.com | FAIL MAYBE HOST DIED
        -> webdisk.motion--ind.com | FAIL MAYBE HOST DIED
        -> www.ap.ind.com | FAIL MAYBE HOST DIED
        -> mdm.ind.com | FAIL MAYBE HOST DIED
        -> www.homeoffice.ind.com | FAIL MAYBE HOST DIED
        -> www.airtel.ind.com | FAIL MAYBE HOST DIED
        -> www.italianha.ind.com | FAIL MAYBE HOST DIED
        -> www.dyestuf.ind.com | FAIL MAYBE HOST DIED
        -> www.dhs.ind.com | FAIL MAYBE HOST DIED
        -> www.goog.ind.com | FAIL MAYBE HOST DIED
        -> www.paid4typing.ind.com | FAIL MAYBE HOST DIED
        -> www.alok.ind.com | FAIL MAYBE HOST DIED
        -> devide.ind.com | FAIL MAYBE HOST DIED
        -> www.mirchmasala.ind.com | FAIL MAYBE HOST DIED
        -> mall.ind.com | FAIL MAYBE HOST DIED
        -> myiaa-m.ind.com | FAIL MAYBE HOST DIED
        -> vincenncenes.ind.com | FAIL MAYBE HOST DIED
        -> mail.motion--ind.com | FAIL MAYBE HOST DIED
        -> www.ingersoll-rand.ind.com | FAIL MAYBE HOST DIED
        -> pop3.ind.com | FAIL MAYBE HOST DIED
        -> www.converge.ind.com | FAIL MAYBE HOST DIED
        -> www.esic.ind.com | FAIL MAYBE HOST DIED
        -> www.w00den.ind.com | FAIL MAYBE HOST DIED
        -> www.disney.ind.com | FAIL MAYBE HOST DIED
        -> allindia.test.ind.com | FAIL MAYBE HOST DIED
        -> www.helm.ind.com | FAIL MAYBE HOST DIED
        -> www.tnpsc.ind.com | FAIL MAYBE HOST DIED
        -> www.vodafone.ind.com | FAIL MAYBE HOST DIED
        -> bps.jkrt.ind.com | FAIL MAYBE HOST DIED
        -> mstc.ind.com | FAIL MAYBE HOST DIED
        -> igd.www.ind.com | FAIL MAYBE HOST DIED
        -> www.gov.ind.com | FAIL MAYBE HOST DIED
        -> www.penstate.ind.com | FAIL MAYBE HOST DIED
        -> www.ywcahostel.ind.com | FAIL MAYBE HOST DIED
        -> www.anabelle.ind.com | FAIL MAYBE HOST DIED
        -> centerplast central de pl\303\241sticos ind.com | [80, 443]
        -> www.willoughby.ind.com | FAIL MAYBE HOST DIED
        -> mailaes.ind.com | FAIL MAYBE HOST DIED
        -> pinamt-ex03.ind.com | FAIL MAYBE HOST DIED
        -> atrius.ind.com | FAIL MAYBE HOST DIED
        -> www.blackboard.ind.com | FAIL MAYBE HOST DIED
        -> crescentschool.ind.com | FAIL MAYBE HOST DIED
        -> mail.ind.com | FAIL MAYBE HOST DIED
        -> www.escortgirl.ind.com | FAIL MAYBE HOST DIED
        -> www.ind.com | [80, 443]
        -> www.tartrou.ind.com | FAIL MAYBE HOST DIED
        -> www.nokia.ind.com | FAIL MAYBE HOST DIED
        -> devflightstatus.ind.com | [80, 443, 8080]
        -> www.nine.ind.com | FAIL MAYBE HOST DIED
        -> www.gva.ind.com | FAIL MAYBE HOST DIED
        -> myiaa.ind.com | FAIL MAYBE HOST DIED
        -> www.kent.ind.com | FAIL MAYBE HOST DIED
        -> www.mdm.ind.com | FAIL MAYBE HOST DIED
        -> toodisney.ind.com | FAIL MAYBE HOST DIED
        -> www.britannia.ind.com | FAIL MAYBE HOST DIED
        -> www.ebick.ind.com | FAIL MAYBE HOST DIED
        -> www.mcdonalds.ind.com | FAIL MAYBE HOST DIED
        -> www.stannshsbol.ind.com | FAIL MAYBE HOST DIED
        -> geeassosiate.ind.com | FAIL MAYBE HOST DIED
        -> www.landrover.ind.com | FAIL MAYBE HOST DIED
        -> www.superveyor.ind.com | FAIL MAYBE HOST DIED
        -> www.agconst.ind.com | FAIL MAYBE HOST DIED
        -> hurrayedutech.ind.com | FAIL MAYBE HOST DIED
        -> www.employeeskoch.ind.com | FAIL MAYBE HOST DIED
        -> www.jashengroup.ind.com | FAIL MAYBE HOST DIED
        -> www.uniaoengenharia.ind.com | FAIL MAYBE HOST DIED
        -> federation.ind.com | FAIL MAYBE HOST DIED
        -> www.reliance.ind.com | FAIL MAYBE HOST DIED
        -> www.colabloco.ind.com | FAIL MAYBE HOST DIED
        -> autodiscover.motion--ind.com | FAIL MAYBE HOST DIED
        -> www.passport.ind.com | FAIL MAYBE HOST DIED
        -> smtp.ind.com | FAIL MAYBE HOST DIED
        -> www.supportwatts.ind.com | FAIL MAYBE HOST DIED
        -> schenck.ind.com | FAIL MAYBE HOST DIED
        -> parkindplus.ind.com | [443]
        -> zim.ind.com | FAIL MAYBE HOST DIED
        -> lapbandsurgians.ind.com | FAIL MAYBE HOST DIED
        -> www.pgtl.ind.com | FAIL MAYBE HOST DIED
        -> gen.ind.com | FAIL MAYBE HOST DIED
        -> www.gilbert.ind.com | FAIL MAYBE HOST DIED
        -> www.employees.koch.ind.com | FAIL MAYBE HOST DIED
        -> herohonda.ind.com | FAIL MAYBE HOST DIED
        -> www.parkindplus-lilly.ind.com | FAIL MAYBE HOST DIED
        -> icc.champeantarafy.ind.com | FAIL MAYBE HOST DIED
        -> www.meganslaw.ind.com | FAIL MAYBE HOST DIED
        -> www.hsbc.ind.com | FAIL MAYBE HOST DIED
        -> www.rocket.ind.com | FAIL MAYBE HOST DIED
        -> www.tamilcinima.ind.com | FAIL MAYBE HOST DIED
        -> kamasutra.porn.ind.com | FAIL MAYBE HOST DIED
        -> www.takmeel.ind.com | FAIL MAYBE HOST DIED
        -> www.milly.ind.com | FAIL MAYBE HOST DIED
        -> www.aksports.ind.com | FAIL MAYBE HOST DIED
        -> sendsmsfree.ind.com | FAIL MAYBE HOST DIED
        -> mcs.ind.com | FAIL MAYBE HOST DIED
        -> www.instakolege.eng.ind.com | FAIL MAYBE HOST DIED
        -> sextv.ind.com | FAIL MAYBE HOST DIED
        -> www.learningaccord.ind.com | FAIL MAYBE HOST DIED
        -> mail.aes.ind.com | FAIL MAYBE HOST DIED
        -> www.sonyericsson.ind.com | FAIL MAYBE HOST DIED
        -> ssjc.k12.ind.com | FAIL MAYBE HOST DIED
        -> homeofice.ind.com | FAIL MAYBE HOST DIED
        -> www.singapo.ind.com | FAIL MAYBE HOST DIED
        -> www.nante.ind.com | FAIL MAYBE HOST DIED
        -> parkindplus-lilly.ind.com | [80, 443]
        -> www.totodealers.ind.com | FAIL MAYBE HOST DIED
        -> www.primeiroato.ind.com | FAIL MAYBE HOST DIED
        -> www.ares.ind.com | FAIL MAYBE HOST DIED
        -> www.google.ind.com | FAIL MAYBE HOST DIED
        -> www.kinzie.ind.com | FAIL MAYBE HOST DIED
        -> www.bmv.ind.com | FAIL MAYBE HOST DIED
        -> cooktravel.ind.com | [80, 443]
        -> www.beutty.ind.com | FAIL MAYBE HOST DIED
        -> gsfc.ind.com | FAIL MAYBE HOST DIED
        -> ind.com | [80, 443]
        -> www.vpn.ind.com | FAIL MAYBE HOST DIED
        -> trameco.ind.com | FAIL MAYBE HOST DIED
        -> cablestarplus.ind.com | FAIL MAYBE HOST DIED

      [+] DIRECTORIES: 0
x0rr-dan commented 2 years ago

ran into the same issue with scanning "independent.co.uk" Notice the "ind" present in both "southlandind.com" and independent.co.uk coincidence? ` Simple Recon Coded by UnknownSec666 / roo@x-krypt0n-x Thanks to: Jeager

    [*] Starting recon on independent.co.uk:

      [+] WAF: NOT DETECTED

      [+] OPENED PORTS: 3
        -> 80/tcp   open  http
        -> 443/tcp  open  https
        -> 8100/tcp open  xprint-server

      [+] SUBDOMAINS DETECTED: 232
        -> link.independent.co.uk | [25, 80, 443]
        -> www.blogs.independent.co.uk | FAIL MAYBE HOST DIED
        -> courses.independent.co.uk | [80, 443]
        -> dp.independent.co.uk | [80, 443]
        -> cmpv2.independent.co.uk | FAIL MAYBE HOST DIED
        -> www.i100.independent.co.uk | FAIL MAYBE HOST DIED
        -> zh.independent.co.uk | [80, 443]
        -> www.jobs.independent.co.uk | FAIL MAYBE HOST DIED
        -> cms.independent.co.uk | FAIL MAYBE HOST DIED
        -> maturedating.independent.co.uk | [80, 443, 8080, 8443]
        -> independentjobs.independent.co.uk | [80, 443]
        -> ic.independent.co.uk | [80, 443]
        -> atalanta.cc | [80, 443, 8080, 8443]
        -> 057www.independent.co.uk | [80, 443]
        -> www.dulnvxiers.tk | [80, 443, 8080, 8443]
        -> static.independent.co.uk | [80, 443]
        -> www.standard.co.uk | [80, 443]
        -> webreader.independent.co.uk | [80]
        -> holajs.independent.co.uk | [80, 443]
        -> dev2.independent.co.uk | FAIL MAYBE HOST DIED
        -> traveloffers.independent.co.uk | [80, 443]
        -> mature.independent.co.uk | [80, 443]
        -> tatic.independent.co.uk | [80, 443]
        -> mycrowdpay.com | [21, 22, 25, 53, 80, 110, 143, 443, 465, 587, 993, 995, 3306]                                                                                                                                                                                           
        -> www.enjoyment.independent.co.uk | [80, 443, 8080]
        -> newsletter.independent.co.uk | [80, 443]
        -> www.studentdiscounts.independent.co.uk | FAIL MAYBE HOST DIED
        -> prod.independent.co.uk | [80, 443]
        -> student.independent.co.uk | FAIL MAYBE HOST DIED
        -> www.search.independent.co.uk | FAIL MAYBE HOST DIED
        -> education.independent.co.uk | FAIL MAYBE HOST DIED
        -> origin.education.independent.co.uk | FAIL MAYBE HOST DIED
        -> stats.independent.co.uk | FAIL MAYBE HOST DIED
        -> property.independent.co.uk | FAIL MAYBE HOST DIED
        -> newswwc.com | [80, 443, 8080, 8443]
        -> environment.independent.co.uk | FAIL MAYBE HOST DIED
        -> forums.independent.co.uk | FAIL MAYBE HOST DIED
        -> 2fwww.independent.co.uk | [80, 443]
        -> comment.independent.co.uk | FAIL MAYBE HOST DIED
        -> www.financial-advisor.independent.co.uk | FAIL MAYBE HOST DIED
        -> register.independent.co.uk | [80, 443]
        -> origin.premium.independent.co.uk | FAIL MAYBE HOST DIED
        -> dahl-brogaard.blogbright.net | [22, 80, 443, 3306]
        -> uat.independent.co.uk | [80, 443]
        -> motoring.independent.co.uk | FAIL MAYBE HOST DIED
        -> dev3.independent.co.uk | FAIL MAYBE HOST DIED
        -> recruiters.independent.co.uk | [80, 443]
        -> origin.news.independent.co.uk | FAIL MAYBE HOST DIED
        -> news.independent.co.uk | FAIL MAYBE HOST DIED
        -> u002fwww.independent.co.uk | [80, 443]
        -> login.yukana.com.au | [22, 80, 443]
        -> static-dev.independent.co.uk | [80, 443]
        -> m.independent.co.uk | FAIL MAYBE HOST DIED
        -> assets.independent.co.uk | [80, 443]
        -> tickets.independent.co.uk | [80, 443]
        -> prod-origin.independent.co.uk | FAIL MAYBE HOST DIED
        -> indynewsletters.independent.co.uk | FAIL MAYBE HOST DIED
        -> news-archive.independent.co.uk | FAIL MAYBE HOST DIED
        -> date.independent.co.uk | [80, 443, 8080, 8443]
        -> live.independent.co.uk | [80, 443]
        -> www.newsncr.com | [80, 443, 8080, 8443]
        -> wvwv.independent.co.uk | [80, 443]
        -> canucksjerseysshop.com | [80, 443, 8080, 8443]
        -> us.independent.co.uk | [80, 443]
        -> www.news.independent.co.uk | FAIL MAYBE HOST DIED
        -> 22.independent.co.uk | [80, 443]
        -> compare.independent.co.uk | [80, 443]
        -> elk.independent.co.uk | FAIL MAYBE HOST DIED
        -> marcomms.londonfirst.co.uk | [80, 443, 8080]
        -> www.arts.independent.co.uk | FAIL MAYBE HOST DIED
        -> ftp.independent.co.uk | FAIL MAYBE HOST DIED
        -> independent.co.uk | [80, 443]
        -> i100.independent.co.uk | [80]
        -> origin.www.independent.co.uk | FAIL MAYBE HOST DIED
        -> sip.independent.co.uk | [443]
        -> register.i100.independent.co.uk | [80, 443]
        -> www.feeds.independent.co.uk | FAIL MAYBE HOST DIED
        -> www.property.independent.co.uk | [80, 443]
        -> portal.homeflow.co.uk.independent.co.uk | [80, 443]
        -> directory.independent.co.uk | [53, 80, 443, 1025, 3389, 5900]
        -> www.accountants.independent.co.uk | FAIL MAYBE HOST DIED
        -> staging.independent.co.uk | [80, 443]
        -> horizon.e.independent.co.uk | [80, 443]
        -> today.independent.co.uk | [80, 443]
        -> olive92.com | [80, 443, 8080, 8443]
        -> www.mbasearch.independent.co.uk | FAIL MAYBE HOST DIED
        -> broadband.independent.co.uk | [80]
        -> www.phonerecycling.independent.co.uk | FAIL MAYBE HOST DIED
        -> ssc.independent.co.uk | [80, 443]
        -> www.indy100.com | [80, 443]
        -> eminetra.co.uk | [22, 80, 443, 3389]
        -> www2.independent.co.uk | FAIL MAYBE HOST DIED
        -> blogs.independent.co.uk | [80]
        -> telegra.ph | [80, 443]
        -> enjoyment.independent.co.uk | [80]
        -> msdn.independent.co.uk | [80, 443]
        -> london2012.independent.co.uk | [80, 443]
        -> pdf.independent.co.uk | [80, 443]
        -> flatshare.independent.co.uk | FAIL MAYBE HOST DIED
        -> argument.independent.co.uk | FAIL MAYBE HOST DIED
        -> lux-fix.independent.co.uk | [80, 443]
        -> www.rugby.independent.co.uk | FAIL MAYBE HOST DIED
        -> sport.independent.co.uk | FAIL MAYBE HOST DIED
        -> www.sport.independent.co.uk | FAIL MAYBE HOST DIED
        -> squareblogs.net | [80, 443, 8080, 8443]
        -> isawthenews.com | [80, 443]
        -> search.independent.co.uk | FAIL MAYBE HOST DIED
        -> customerservices.independent.co.uk | [80]
        -> wwww.independent.co.uk | [80, 443]
        -> money.independent.co.uk | FAIL MAYBE HOST DIED
        -> www.jb3img.top | [80, 443, 8080, 8443]
        -> loveislandjournal.com | [22, 80, 443]
        -> m.ijobs.independent.co.uk | [80, 443]
        -> cardiffcity2022.com | [80, 443, 8080, 8443]
        -> cncnews.tech | [21, 22, 25, 53, 80, 106, 110, 143, 443, 465, 587, 646, 993, 995, 3000, 8443]                                                                                                                                                                             
        -> fwww.independent.co.uk | [80, 443]
        -> intiv.leaderboardscore.online | [21, 22, 25, 53, 80, 110, 143, 443, 465, 587, 993, 995, 32768, 49152, 49153, 49154, 49155, 49156, 49157]                                                                                                                                 
        -> uk.alertbreakingnews.com | [80, 443, 8080, 8443]
        -> sc.independent.co.uk | [80, 443]
        -> a.independent.co.uk | FAIL MAYBE HOST DIED
        -> financial-advisor.independent.co.uk | [80, 443]
        -> ukwww.independent.co.uk | [80, 443]
        -> www.trendolizer.com | [22, 80, 135, 139, 443, 445]
        -> syndication.independent.co.uk | [80, 443]
        -> leedsunited2022.com | [80, 443, 8080, 8443]
        -> accountants.independent.co.uk | FAIL MAYBE HOST DIED
        -> link.e.independent.co.uk | [80, 443]
        -> www.independent.co.uk | [80, 443]
        -> from.hydneahidiberbunc.gq | [80, 443, 8080, 8443]
        -> reddit.independent.co.uk | [80]
        -> prooftamapost.tk | [80, 443, 8080, 8443]
        -> studentdiscounts.independent.co.uk | [80, 443]
        -> independentwww.independent.co.uk | [80, 443]
        -> 0.rockstonesecond.com | [22, 80, 443, 8080]
        -> do.independent.co.uk | [80]
        -> www.evaneos.independent.co.uk | FAIL MAYBE HOST DIED
        -> tions.independent.co.uk | [80, 443]
        -> team-noir.net | [80, 443, 8080, 8443]
        -> app.independent.co.uk | [80, 443]
        -> 2fstatic.independent.co.uk | [80, 443]
        -> living.independent.co.uk | FAIL MAYBE HOST DIED
        -> mobile.independent.co.uk | FAIL MAYBE HOST DIED
        -> my.independent.co.uk | [80, 443]
        -> link.indy100.independent.co.uk | [80, 443]
        -> x3d.independent.co.uk | [80, 443]
        -> www.gallery.independent.co.uk | FAIL MAYBE HOST DIED
        -> fantasyrugby.independent.co.uk | FAIL MAYBE HOST DIED
        -> solicitors.independent.co.uk | FAIL MAYBE HOST DIED
        -> theindependentwww.independent.co.uk | [80, 443]
        -> www.independentespanol.com | [80, 443]
        -> www.lux-fix.independent.co.uk | FAIL MAYBE HOST DIED
        -> www.register.independent.co.uk | FAIL MAYBE HOST DIED
        -> parship.independent.co.uk | [80, 443, 8080, 8443]
        -> travel.independent.co.uk | FAIL MAYBE HOST DIED
        -> guardiola.xyz | [80, 443, 8080, 8443]
        -> mortgage-advisor.independent.co.uk | [7, 9, 13, 21, 22, 23, 25, 26, 37, 53, 79, 80, 81, 88, 106, 110, 111, 113, 119, 135, 139, 143, 144, 179, 199, 389, 427, 443,                                                                                                         444, 445, 465, 513, 514, 515, 543, 544, 548, 554, 587, 631, 646, 873, 990, 993, 995, 10                                                                                                        25, 1026, 1027, 1028, 1029, 1110, 1433, 1720, 1723, 1755, 1900, 2000, 2001, 2049, 2121,                                                                                                         2717, 3000, 3128, 3306, 3389, 3986, 4899, 5000, 5009, 5051, 5060, 5101, 5190, 5357, 5432                                                                                                        , 5631, 5666, 5800, 5900, 6000, 6001, 6646, 7070, 8000, 8008, 8009, 8080, 8081, 8443, 88                                                                                                        88, 9100, 9999, 10000, 32768, 49152, 49153, 49154, 49155, 49156, 49157]                                                                                                                         
        -> beefnepal7.bravejournal.net | [22, 80, 443]
        -> hacksawridge.independent.co.uk | [80, 443]
        -> gallery.independent.co.uk | FAIL MAYBE HOST DIED
        -> pbase.com | [80, 443]
        -> ijobs.independent.co.uk | [80, 443]
        -> edition.independent.co.uk | [80, 443]
        -> www.sneakernews25.top | FAIL MAYBE HOST DIED
        -> www.news-archive.independent.co.uk | FAIL MAYBE HOST DIED
        -> dev4.independent.co.uk | FAIL MAYBE HOST DIED
        -> classified.independent.co.uk | FAIL MAYBE HOST DIED
        -> www.techsghost.com | [21, 25, 26, 53, 80, 110, 143, 443, 465, 587, 993, 995]                                                                                                                                                                                             
        -> publicnewstime.com | [80, 443, 8080, 8443]
        -> eflchampionship.net | [80, 443, 8080, 8443]
        -> www.classified.independent.co.uk | FAIL MAYBE HOST DIED
        -> origin.comment.independent.co.uk | FAIL MAYBE HOST DIED
        -> fstatic.independent.co.uk | [80, 443]
        -> usapp.independent.co.uk | [80, 443]
        -> anotepad.com | [25, 80, 143, 443, 465, 993]
        -> mba.independent.co.uk | [80, 443]
        -> www.mortgage-advisor.independent.co.uk | FAIL MAYBE HOST DIED
        -> 252fwww.independent.co.uk | [80, 443]
        -> logger.independent.co.uk | [80, 443]
        -> origin.motoring.independent.co.uk | FAIL MAYBE HOST DIED
        -> kahlua.independent.co.uk | [80, 443]
        -> evaneos.independent.co.uk | FAIL MAYBE HOST DIED
        -> uat-web.independent.co.uk | [80, 443]
        -> www.courses.independent.co.uk | [80, 443]
        -> www.jb4img.top | [80, 443, 8080, 8443]
        -> blogfreely.net | [80, 443, 8080, 8443]
        -> atic.independent.co.uk | [80, 443]
        -> www.fantasyrugby.independent.co.uk | FAIL MAYBE HOST DIED
        -> arts.independent.co.uk | FAIL MAYBE HOST DIED
        -> bitlive.stream | [80, 443, 8443]
        -> pixelrz.com | [80, 443, 8080, 8443]
        -> preview.independent.co.uk | FAIL MAYBE HOST DIED
        -> www.environment.independent.co.uk | FAIL MAYBE HOST DIED
        -> dev-web.independent.co.uk | [80, 443]
        -> jenkins.independent.co.uk | FAIL MAYBE HOST DIED
        -> feeds.independent.co.uk | FAIL MAYBE HOST DIED
        -> www.mba.independent.co.uk | [80, 443]
        -> bluemoon.atshop.io | [80, 443, 8080, 8443]
        -> sanmiguelrichlist.independent.co.uk | [80, 443]
        -> media.independent.co.uk | [21, 22, 80, 443, 646]
        -> www.sexpicturespass.com | [80, 443, 8080, 8443]
        -> sc2.independent.co.uk | FAIL MAYBE HOST DIED
        -> admin.independent.co.uk | [80, 443]
        -> naijal.com | [80, 443, 8080, 8443]
        -> dating.independent.co.uk | [80, 443]
        -> www.directory.independent.co.uk | [21, 80, 110, 199, 443, 587, 8080]
        -> rugby.independent.co.uk | FAIL MAYBE HOST DIED
        -> uat-origin.independent.co.uk | FAIL MAYBE HOST DIED
        -> help.independent.co.uk | [80, 443, 8080, 8443]
        -> zcashpredictions.com | [80, 443, 8080, 8443]
        -> coach.independent.co.uk | [80, 443]
        -> advancement.independent.co.uk | [80, 443]
        -> ww.independent.co.uk | [80, 443]
        -> indy100.independent.co.uk | [80]
        -> origin.jobs.independent.co.uk | FAIL MAYBE HOST DIED
        -> puzzles.independent.co.uk | [53, 80, 443]
        -> mbasearch.independent.co.uk | FAIL MAYBE HOST DIED
        -> jobs.independent.co.uk | [80, 443]
        -> fip.independent.co.uk | [21, 80, 443]
        -> www.fip.independent.co.uk | FAIL MAYBE HOST DIED
        -> www.www.independent.co.uk | FAIL MAYBE HOST DIED
        -> newsncr.com | [80, 443, 8080, 8443]
        -> autodiscover.independent.co.uk | [80, 443]
        -> feature-indy-premium-prod.independent.co.uk | [80, 443]
        -> www.solicitors.independent.co.uk | FAIL MAYBE HOST DIED
        -> www.haberm.com | [80, 443, 8080, 8443]
        -> writeablog.net | [80, 443, 8080, 8443]
        -> subscriptions.independent.co.uk | [80, 443]
        -> sagtenews.independent.co.uk | [80, 443]
        -> pm.independent.co.uk | FAIL MAYBE HOST DIED
        -> www.holidayoffers.independent.co.uk | FAIL MAYBE HOST DIED
        -> dev.independent.co.uk | FAIL MAYBE HOST DIED
        -> sslvpn.independent.co.uk | [80, 443]

      [+] DIRECTORIES: 0                                                            `

i was try to scanning independent.co.uk and there is no error at all, I'm very confused now why it happened, maybe it happened because there was a problem from the domain we scanned, or maybe a connection problem

doncalli commented 2 years ago

is it possible to run the script with a error log? that way, we can see why the script actually failed while doing the enum of the sub-domains?

doncalli commented 2 years ago

Also can you pls send your current copy of sicon.py that is in use on your machine to my email doncalli46@hotmail.com if possible?

x0rr-dan commented 2 years ago

Also can you pls send your current copy of sicon.py that is in use on your machine to my email doncalli46@hotmail.com if possible?

actually the sicon script will get some additional features, but I haven't started it yet, and the one I use on my machine is actually the same as the one on github, okay I'll send

x0rr-dan commented 2 years ago

is it possible to run the script with a error log? that way, we can see why the script actually failed while doing the enum of the sub-domains?

idk, maybe its possible if i recreate sicon script

doncalli commented 2 years ago

Thank you ...received your sicon.py script and ran it against "southlandind.com". See output below:

         ┏━┓╺┓ ┏━╸┏━┓┏┓╻
              ┗━┓ ┃ ┃  ┃┃┃┃┗┫
              ┗━┛╺┻╸┗━╸┗━┛╹ ╹

                Simple Recon
            Coded by UnknownSec666 / roo@x-krypt0n-x
               Thanks to: Jeager

    [*] Starting recon on southlandind.com:

      [+] WAF: NOT DETECTED

      [+] OPENED PORTS: 2
        -> 80/tcp  open  http
        -> 443/tcp open  https

      [+] SUBDOMAINS DETECTED: 54
        -> sentry.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> sipedge02.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> webconfedge02.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> aesslvpn.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> officewebapps.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> ggsslvpn.southlandind.com | [443]
        -> sentrymad.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> legacy.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> webmail4.southlandind.com | FAIL MAYBE HOST IS OFFLINE

Traceback (most recent call last): File "/home/doncalli/Repo/s1c0n/sicon3.py", line 169, in tcp_open = str(list(quick_scan["scan"][host[0]]["tcp"].keys())) KeyError: 'tcp' ┌──(root💀sa9901793)-[/home/doncalli/Repo/s1c0n] └─#

I have no idea why it works for some domains and not others such as southlandind.com. The only way to find out is to run the script with an error log recording what really happened. I am running the script with python3 on kali linux installed within windows sub-system (WSL) 2.0

doncalli commented 2 years ago

I did "formula1.com" and hre is the output with NO ISSUES:

 ┏━┓╺┓ ┏━╸┏━┓┏┓╻
              ┗━┓ ┃ ┃  ┃┃┃┃┗┫
              ┗━┛╺┻╸┗━╸┗━┛╹ ╹

                Simple Recon
            Coded by UnknownSec666 / roo@x-krypt0n-x
               Thanks to: Jeager

    [*] Starting recon on formula1.com:

      [+] WAF: DETECTED [ Cloudfront (Amazon) ]

      [+] OPENED PORTS: 2
        -> 80/tcp  open  http
        -> 443/tcp open  https

      [+] SUBDOMAINS DETECTED: 166
        -> f1.eu | [80, 443, 8008]
        -> alpha.formula1.com | [80, 443]
        -> ottdev-config.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> ottdev-video-cf.formula1.com | [80, 443]
        -> f1store2.formula1.com | [80, 443]
        -> f1live.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> test.corp.formula1.com | [80, 443]
        -> www.formula1.com | [80, 443]
        -> ottdev-api.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> performance-f1tv-images.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> pp-video-cf.formula1.com | [80, 443]
        -> f1store.formula1.com | [80, 443]
        -> drive.formula1.com | [80, 443]
        -> pp-config.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> fantasy-stage-api.formula1.com | [80, 443]
        -> preprod2-f1tv-images.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> s3.amazonaws.com | [80, 443]
        -> login-stage.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> amp.formula1.com | [80, 443]
        -> pp-api.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> pp-ott.formula1.com | [80, 443]
        -> digitalstore.formula1.com | [80, 443]
        -> pp-video-ak.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> www.jwdamg4.top | [80, 443, 8080, 8443]
        -> sit.formula1.com | [80, 443]
        -> live.formula1.com | [80, 443]
        -> preprod-f1tv-images.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> performance-f1tv.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> live-timing.lb.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> pp-video-fer-ak.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> f1tv-images.formula1.com | [80, 443]
        -> www.jihoyoll.top | FAIL MAYBE HOST IS OFFLINE
        -> www.china.formula1.com | [80, 443]
        -> ottdev-ott.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> matchreplaytv.com | [21, 22, 80, 443, 3306, 8080, 8443]
        -> fans.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> uat-static.formula1.com | [80, 443]
        -> ott-video-ak.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> dev-video-cf.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> ottdev-video-ak.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> svc-staging.formula1.com | [80, 443]
        -> e2e-video-fer-ak.formula1.com | [53, 80, 443]
        -> pitwall.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> origin.formula1.com | [80, 443]
        -> pp-img.formula1.com | [80, 443]
        -> login.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> mobilestore.formula1.com | [80, 443]
        -> notifications.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> news-board.oiya.xyz | [80, 443, 8080, 8443]
        -> corp.formula1.com | [80, 443]
        -> account-hotfix.formula1.com | [80, 443]
        -> staging-f1tv-api.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> ottdev-video-fer-cf.formula1.com | [80, 443]
        -> convictconviction1612.blogspot.ru | [80, 443]
        -> live-timing.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> origin-f1.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> f1tv-livedata.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> f1store4.formula1.com | [53, 80, 443]
        -> api.formula1.com | [80, 443]
        -> m.f1store.formula1.com | [53, 80, 443]
        -> www.f1.com | [21, 80, 443, 1028, 5009, 5800, 8008]
        -> ottdev-img.formula1.com | [80, 443]
        -> svc.formula1.com | [80, 443]
        -> replies.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> raceprogramme.formula1.com | [80, 443]
        -> account-staging-f1tv.formula1.com | [7, 9, 13, 21, 22, 23, 25, 26, 37, 53, 79, 80, 81, 88, 106, 110, 111, 113, 119, 135, 139, 143, 144, 179, 199, 389, 427, 443, 444, 445, 465, 513, 514, 515, 543, 544, 548, 554, 587, 631, 646, 873, 990, 993, 995, 1025, 1026, 1027, 1028, 1029, 1110, 1433, 1720, 1723, 1755, 1900, 2000, 2001, 2049, 2121, 2717, 3000, 3128, 3306, 3389, 3986, 4899, 5000, 5009, 5051, 5060, 5101, 5190, 5357, 5432, 5631, 5666, 5800, 5900, 6000, 6001, 6646, 7070, 8000, 8008, 8009, 8080, 8081, 8443, 8888, 9100, 9999, 10000, 32768, 49152, 49153, 49154, 49155, 49156, 49157]
        -> staging-f1tv-images.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> www.f1authentics.com | [80, 443, 8080, 8443]
        -> e2e-config.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> mail.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> privacy.formula1.com | [80, 443]
        -> formula1.com | [80, 443]
        -> sit-static.formula1.com | [80, 443]
        -> prod-support-f1tv-livedata.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> stage.formula1.com | [80, 443]
        -> gtm-hbg.formula1.com | [53, 113]
        -> dev-livetiming.formula1.com | [53, 80, 443]
        -> amp-staging.formula1.com | [80, 443]
        -> outpost-es.com | [80, 443, 8080, 8443]
        -> e2e-api.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> www.f1store.formula1.com | [53, 80, 443]
        -> ott-api.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> rdio-staging.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> fantasypreprod-f1tv-livedata.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> sa.e-m.media | [80, 443]
        -> f1fragrances.com | [22, 80, 443]
        -> horizon.formula1.com | [80, 443]
        -> e2e-img.formula1.com | [80, 443]
        -> secure.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> amp-qa.formula1.com | [80, 443]
        -> view.e.f1store.formula1.com | [80, 113, 443]
        -> izo-stage.formula1.com | [80, 443]
        -> livetiming.formula1.com | [80, 443, 49157]
        -> performance-f1tv-livedata.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> ott-video-cf.formula1.com | [80, 443]
        -> dev-api.formula1.com | [80, 443]
        -> www.bookrooms.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> hotfix-api.formula1.com | [80, 443]
        -> pp-video-fer-cf.formula1.com | [80, 443]
        -> link.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> preprod2-f1tv-api.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> m.formula1.com | [80, 443]
        -> f1tv-api.formula1.com | [80, 443]
        -> f1tv-cdn-cent-west.formula1.com | [53, 80, 443]
        -> staging-static.formula1.com | [80, 443]
        -> e2e-video-ak.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> dev.ott.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> gtm-crx.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> fantasy-stage.formula1.com | [80, 443]
        -> newsletter.formula1.com | [80, 135, 139, 443, 445]
        -> track.f1store.formula1.com | [80, 443]
        -> www.bing.com | [53, 80, 443]
        -> preprod-f1tv-livedata.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> ftp.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> f1store3.formula1.com | [80, 443]
        -> static.formula1.com | [80, 443]
        -> svc-hotfix.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> rdio.formula1.com | [80, 443]
        -> izo-origin.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> bookrooms.formula1.com | [80, 443]
        -> mobile.formula1.com | [80, 443]
        -> f1tv-cdn-cent-vod.formula1.com | [53, 80, 443]
        -> f1tv.formula1.com | [80, 443]
        -> f1rocks.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> f1tv-cdn-cent-live.formula1.com | [53, 80, 443]
        -> fantasy.formula1.com | [80, 443]
        -> tickets.formula1.com | [80, 443, 8080, 8443]
        -> china.formula1.com | [80, 443]
        -> uat-api.formula1.com | [80, 443]
        -> f1tv-cdn-cent-east.formula1.com | [53, 80, 443]
        -> ott-video-fer-cf.formula1.com | [80, 443]
        -> e.f1store.formula1.com | [25, 113, 465, 587]
        -> izo-prod-origin.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> ott-img.formula1.com | [80, 443]
        -> e2e-video-cf.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> f1.com | [80, 443, 9999]
        -> dev-img.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> automobilist.com | [80, 443, 515, 2717]
        -> fantasy-dev.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> dev-f1tv.formula1.com | [80, 443]
        -> ott.formula1.com | [80, 443]
        -> origin.lb.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> e2e-video-fer-cf.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> click.e.f1store.formula1.com | [80, 113]
        -> ottdev-video-fer-ak.formula1.com | [80, 443]
        -> e2e-ott.formula1.com | [80, 443]
        -> video.formula1.com | [80, 443]
        -> strack.f1store.formula1.com | [80, 443]
        -> beta.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> convictconviction1612.blogspot.com | [80, 443]
        -> account.formula1.com | [80, 443]
        -> staging-f1tv.formula1.com | [80, 443]
        -> support.formula1.com | [80, 443, 8080, 8443]
        -> f1vod.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> staging-api.formula1.com | [80, 443]
        -> payments.f1store.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> fantasy-api.formula1.com | [80, 443]
        -> account-staging.formula1.com | [80, 443]
        -> dev-config.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> qa-api.formula1.com | [80, 443]
        -> ott-config.formula1.com | [80, 443]
        -> ott-video-fer-ak.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> preprod2-f1tv.formula1.com | FAIL MAYBE HOST IS OFFLINE
        -> integration-api.formula1.com | [80, 443]
        -> preprod-f1tv.formula1.com | [80, 443]
        -> rdio-dev.formula1.com | [80, 443]

      [+] DIRECTORIES: 0

I just don't understand what is happening

doncalli commented 2 years ago

I showed the script to a friend as to the errors and he came up with a little workaround, which I think, should be a change to your script. See below:

if (len(host) > 0): try:

tcp ports were found

        tcp_open = str(list(quick_scan["scan"][host[0]]["tcp"].keys()))
        print(Colors.RESET + Colors.GREEN + "\t    -> " + Colors.RESET + Colors.BOLD + s +
                                        " | " +  Colors.GREEN + tcp_open + Colors.RESET)
    **except:
        # port scan failed
        print(Colors.RESET + Colors.GREEN + "\t    -> " + Colors.RESET + Colors.BOLD + s +
                                    " | " +  Colors.RED + "FAIL MAYBE HOST IS OFFLINE" + Colors.RESET)**
else:
    # port scan failed
    print(Colors.RESET + Colors.GREEN + "\t    -> " + Colors.RESET + Colors.BOLD + s +
                                    " | " +  Colors.RED + "FAIL MAYBE HOST IS OFFLINE" + Colors.RESET)

An except statement was added to "skip" the error that was causing the traceback error.

Now I am able to scan southlandind.com:

              **┏━┓╺┓ ┏━╸┏━┓┏┓╻
              ┗━┓ ┃ ┃  ┃┃┃┃┗┫
              ┗━┛╺┻╸┗━╸┗━┛╹ ╹

                Simple Recon
            Coded by UnknownSec666 / roo@x-krypt0n-x
               Thanks to: Jeager

    [*] Starting recon on southlandind.com:

      [+] WAF: NOT DETECTED

      [+] OPENED PORTS: 2
        -> 80/tcp  open  http
        -> 443/tcp open  https

      [+] SUBDOMAINS DETECTED: 54
        -> sip.southlandind.com | [80, 443, 49152, 49153, 49154, 49155, 49156, 49157]
        -> tmpsslvpn.southlandind.com | [443]
        -> southlandind.com | [80, 443]
        -> mdlyncweb2013.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> aesslvpn.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> photos.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> meet.southlandind.com | [80, 443, 49152, 49153, 49154, 49155, 49156, 49157]
        -> coins.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> coins2-mobiletech.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> daw.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> sentry.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> lyncweb2013.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> exchangehybrid.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> help.southlandind.com | [80, 443, 8080, 8443]
        -> webconfedge01.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> sip13.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> lyncweb.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> mx.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> sipedge02.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> mail2k3.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> smtp-east.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> tableau.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> sentrymad.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> webconf.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> webconfedge02.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> lyncdiscover.southlandind.com | [80, 443, 49152, 49153, 49154, 49155, 49156, 49157]
        -> share.southlandind.com | [80, 443]
        -> uccrew.southlandind.com | [443]
        -> legacy.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> intranet.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> smtp.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> registry.devops.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> aw2sslvpn.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> webmail4.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> dialin.southlandind.com | [80, 443, 49152, 49153, 49154, 49155, 49156, 49157]
        -> autodiscover.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> rs2.southlandind.com | [25, 80, 443, 465, 587]
        -> webmail.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> webconf13.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> dae.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> vsp.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> mail2k.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> www.southlandind.com | [80, 443]
        -> madsslvpn.southlandind.com | [443]
        -> dev.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> webmail3.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> smartchecklist.southlandind.com | [80, 443]
        -> ggsslvpn.southlandind.com | [443]
        -> webmail2.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> coins-mobiletech.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> officewebapps.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> lyncdiscoverinternal.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> coins-mobiletech2.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> rs.southlandind.com | [25, 80, 443, 465, 587]

      [+] DIRECTORIES: 5
        -> 200 | https://southlandind.com/.well-known/acme-challenge/dtfy
        -> 403 | https://southlandind.com/vendor/phpunit/Util/PHP/eval-stdin.php
        -> 403 | https://southlandind.com/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php
        -> 403 | https://southlandind.com/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
        -> 403 | https://southlandind.com/vendor/phpunit/src/Util/PHP/eval-stdin.php

┌──(root💀sa9901793)-[/home/doncalli/Repo/s1c0n]** └─#

x0rr-dan commented 2 years ago

I showed the script to a friend as to the errors and he came up with a little workaround, which I think, should be a change to your script. See below:

if (len(host) > 0): try: # tcp ports were found tcp_open = str(list(quick_scan["scan"][host[0]]["tcp"].keys())) print(Colors.RESET + Colors.GREEN + "\t -> " + Colors.RESET + Colors.BOLD + s + " | " + Colors.GREEN + tcp_open + Colors.RESET) except: # port scan failed print(Colors.RESET + Colors.GREEN + "\t -> " + Colors.RESET + Colors.BOLD + s + " | " + Colors.RED + "FAIL MAYBE HOST IS OFFLINE" + Colors.RESET) else: # port scan failed print(Colors.RESET + Colors.GREEN + "\t -> " + Colors.RESET + Colors.BOLD + s + " | " + Colors.RED + "FAIL MAYBE HOST IS OFFLINE" + Colors.RESET)

An except statement was added to "skip" the error that was causing the traceback error.

Now I am able to scan southlandind.com:

              **┏━┓╺┓ ┏━╸┏━┓┏┓╻
              ┗━┓ ┃ ┃  ┃┃┃┃┗┫
              ┗━┛╺┻╸┗━╸┗━┛╹ ╹

                Simple Recon
            Coded by UnknownSec666 / roo@x-krypt0n-x
               Thanks to: Jeager

    [*] Starting recon on southlandind.com:

      [+] WAF: NOT DETECTED

      [+] OPENED PORTS: 2
        -> 80/tcp  open  http
        -> 443/tcp open  https

      [+] SUBDOMAINS DETECTED: 54
        -> sip.southlandind.com | [80, 443, 49152, 49153, 49154, 49155, 49156, 49157]
        -> tmpsslvpn.southlandind.com | [443]
        -> southlandind.com | [80, 443]
        -> mdlyncweb2013.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> aesslvpn.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> photos.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> meet.southlandind.com | [80, 443, 49152, 49153, 49154, 49155, 49156, 49157]
        -> coins.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> coins2-mobiletech.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> daw.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> sentry.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> lyncweb2013.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> exchangehybrid.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> help.southlandind.com | [80, 443, 8080, 8443]
        -> webconfedge01.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> sip13.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> lyncweb.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> mx.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> sipedge02.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> mail2k3.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> smtp-east.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> tableau.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> sentrymad.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> webconf.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> webconfedge02.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> lyncdiscover.southlandind.com | [80, 443, 49152, 49153, 49154, 49155, 49156, 49157]
        -> share.southlandind.com | [80, 443]
        -> uccrew.southlandind.com | [443]
        -> legacy.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> intranet.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> smtp.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> registry.devops.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> aw2sslvpn.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> webmail4.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> dialin.southlandind.com | [80, 443, 49152, 49153, 49154, 49155, 49156, 49157]
        -> autodiscover.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> rs2.southlandind.com | [25, 80, 443, 465, 587]
        -> webmail.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> webconf13.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> dae.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> vsp.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> mail2k.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> www.southlandind.com | [80, 443]
        -> madsslvpn.southlandind.com | [443]
        -> dev.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> webmail3.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> smartchecklist.southlandind.com | [80, 443]
        -> ggsslvpn.southlandind.com | [443]
        -> webmail2.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> coins-mobiletech.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> officewebapps.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> lyncdiscoverinternal.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> coins-mobiletech2.southlandind.com | FAIL MAYBE HOST IS OFFLINE
        -> rs.southlandind.com | [25, 80, 443, 465, 587]

      [+] DIRECTORIES: 5
        -> 200 | https://southlandind.com/.well-known/acme-challenge/dtfy
        -> 403 | https://southlandind.com/vendor/phpunit/Util/PHP/eval-stdin.php
        -> 403 | https://southlandind.com/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php
        -> 403 | https://southlandind.com/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
        -> 403 | https://southlandind.com/vendor/phpunit/src/Util/PHP/eval-stdin.php

┌──(rootskullsa9901793)-[/home/doncalli/Repo/s1c0n]** └─#

thx for your report

Majboor commented 1 year ago

here try this out if the problem doesnt work simple wrapper for many tools feel free to contribute https://github.com/Tech-Realm/The-Exploiter