Add bruteforce module.

Findomain · Feb 7, 2020 · fbdfe07 · fbdfe07
1 parent c7132e1
commit fbdfe07
Show file tree

Hide file tree

Showing 5 changed files with 65 additions and 27 deletions.
diff --git a/src/args.rs b/src/args.rs
@@ -37,9 +37,12 @@ pub struct Args {
     pub enable_empty_push: bool,
     pub check_updates: bool,
     pub as_resolver: bool,
+    pub bruteforce: bool,
     pub files: Vec<String>,
     pub subdomains: HashSet<String>,
+    pub wordlists_data: HashSet<String>,
     pub import_subdomains_from: Vec<String>,
+    pub wordlists: Vec<String>,
     pub time_wasted: Instant,
     pub domain_resolver: Resolver,
 }
@@ -118,7 +121,9 @@ pub fn get_args() -> Args {
         enable_empty_push: matches.is_present("enable-empty-push"),
         check_updates: matches.is_present("check-updates"),
         as_resolver: matches.is_present("as-resolver"),
+        bruteforce: matches.is_present("wordlists"),
         subdomains: HashSet::new(),
+        wordlists_data: HashSet::new(),
         import_subdomains_from: if matches.is_present("import-subdomains") {
             matches
                 .values_of("import-subdomains")
@@ -128,6 +133,15 @@ pub fn get_args() -> Args {
         } else {
             Vec::new()
         },
+        wordlists: if matches.is_present("wordlists") {
+            matches
+                .values_of("wordlists")
+                .unwrap()
+                .map(str::to_owned)
+                .collect()
+        } else {
+            Vec::new()
+        },
         time_wasted: Instant::now(),
         domain_resolver: {
             let resolver =

diff --git a/src/cli.yml b/src/cli.yml
@@ -159,3 +159,12 @@ args:
         conflicts_with:
           - query-database
           - monitoring-flag
+
+    - wordlists:
+        help: Wordlist file to use in the bruteforce process.
+        short: w
+        long: wordlist
+        takes_value: true
+        conflicts_with:
+          - query-database
+          - monitoring-flag
diff --git a/src/lib.rs b/src/lib.rs
@@ -39,6 +39,14 @@ pub fn get_subdomains(args: &mut args::Args) -> Result<()> {
     }
     if args.query_database {
         query_findomain_database(args)?
+    }
+    if args.bruteforce {
+        args.subdomains = args
+            .wordlists_data
+            .iter()
+            .map(|target| format!("{}.{}", target, &args.target))
+            .collect();
+        manage_subdomains_data(args)?
     } else {
         if args.monitoring_flag {
             args.discord_webhook = get_vars::get_webhook("discord");
@@ -189,16 +197,16 @@ fn manage_subdomains_data(args: &mut args::Args) -> Result<()> {
     Ok(())
 }
 
-fn return_file_targets(args: &mut args::Args) -> HashSet<String> {
+pub fn return_file_targets(args: &mut args::Args, files: Vec<String>) -> HashSet<String> {
     let mut targets: HashSet<String> = HashSet::new();
-    args.files.dedup();
-    for f in &args.files {
+    files.clone().dedup();
+    for f in files {
         match File::open(&f) {
             Ok(file) => {
                 for target in BufReader::new(file)
                     .lines()
                     .flatten()
-                    .map(|target| misc::sanitize_target_string(target))
+                    .map(misc::sanitize_target_string)
                     .collect::<HashSet<String>>()
                 {
                     targets.insert(target);
@@ -217,7 +225,14 @@ fn return_file_targets(args: &mut args::Args) -> HashSet<String> {
             }
         }
     }
-    targets.retain(|target| !target.is_empty() && misc::validate_target(target));
+    if args.bruteforce {
+    } else if args.with_imported_subdomains {
+        let base_target = &format!(".{}", args.target);
+        targets
+            .retain(|target| !target.is_empty() && misc::sanitize_subdomain(&base_target, &target))
+    } else {
+        targets.retain(|target| !target.is_empty() && misc::validate_target(target))
+    }
     targets
 }
 
@@ -226,17 +241,16 @@ pub fn read_from_file(args: &mut args::Args) -> Result<()> {
     if args.unique_output_flag {
         misc::check_output_file_exists(&args.file_name)?
     }
-    let targets = return_file_targets(args);
     if args.as_resolver {
         if !args.only_resolved && !args.with_ip && !args.ipv6_only {
             println!("To use Findomain as resolver, use one of the --resolved/-r, --ip/-i or --ipv6-only options.");
             std::process::exit(1)
         } else {
-            args.subdomains = targets;
+            args.subdomains = return_file_targets(args, args.files.clone());
             manage_subdomains_data(args)?
         }
     } else {
-        for domain in targets {
+        for domain in return_file_targets(args, args.files.clone()) {
             args.target = domain;
             args.file_name = if file_name.is_empty() && !args.with_ip {
                 format!("{}.txt", &args.target)
@@ -398,7 +412,7 @@ fn push_data_to_webhooks(args: &mut args::Args, new_subdomains: &HashSet<String>
 
 fn subdomains_alerts(args: &mut args::Args) -> Result<()> {
     if args.with_imported_subdomains {
-        let imported_subdomains = import_subdomains_from_file(args)?;
+        let imported_subdomains = return_file_targets(args, args.import_subdomains_from.clone());
         for subdomain in imported_subdomains {
             args.subdomains.insert(subdomain);
         }
@@ -516,20 +530,3 @@ fn query_findomain_database(args: &mut args::Args) -> Result<()> {
     misc::works_with_data(args)?;
     Ok(())
 }
-
-fn import_subdomains_from_file(args: &mut args::Args) -> Result<HashSet<String>> {
-    let base_target = &format!(".{}", args.target);
-    let mut subdomains_from_file: HashSet<String> = HashSet::new();
-    if !args.import_subdomains_from.is_empty() {
-        for file in &args.import_subdomains_from {
-            let file =
-                File::open(&file).with_context(|_| format!("Can't open file 📁 {}", &file))?;
-            for subdomain in BufReader::new(file).lines().flatten() {
-                if misc::sanitize_subdomain(&base_target, &subdomain) {
-                    subdomains_from_file.insert(subdomain);
-                }
-            }
-        }
-    }
-    Ok(subdomains_from_file)
-}
diff --git a/src/main.rs b/src/main.rs
@@ -1,4 +1,6 @@
-use findomain::{args, errors::*, get_subdomains, read_from_file, update_checker};
+use findomain::{
+    args, errors::*, get_subdomains, read_from_file, return_file_targets, update_checker,
+};
 
 fn run() -> Result<()> {
     let mut arguments = args::get_args();
@@ -8,6 +10,15 @@ fn run() -> Result<()> {
     if arguments.threads > 500 {
         arguments.threads = 500
     }
+    if arguments.bruteforce {
+        if !arguments.only_resolved && !arguments.with_ip && !arguments.ipv6_only {
+            println!("To use Findomain bruteforce method, use one of the --resolved/-r, --ip/-i or --ipv6-only options.");
+            std::process::exit(1)
+        } else {
+            let wordlists = arguments.wordlists.clone();
+            arguments.wordlists_data = return_file_targets(&mut arguments, wordlists)
+        }
+    }
     rayon::ThreadPoolBuilder::new()
         .num_threads(arguments.threads)
         .build_global()

diff --git a/src/misc.rs b/src/misc.rs
@@ -26,6 +26,13 @@ pub fn show_subdomains_found(subdomains_found: usize, args: &mut args::Args) {
                 args.subdomains.len(),
                 args.time_wasted.elapsed().as_secs()
             );
+        } else if args.bruteforce {
+            println!(
+                "\n{} of {} bruteforce combinations were resolved in {} seconds.⏲️",
+                subdomains_found,
+                args.subdomains.len(),
+                args.time_wasted.elapsed().as_secs()
+            );
         } else {
             println!(
                 "\n{} of {} subdomains found were resolved for domain {} 👽 in {} seconds.⏲️",