Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DNS Bruteforce Injection Point Definition #169

Open
wants to merge 2 commits into
base: master
from

Conversation

@hdbreaker
Copy link

hdbreaker commented Jul 27, 2019

Adding Injection Point indicator in DNS Bruteforce Process in order to expand the subdomain enumeration capabilities.

The modified code can be triaged using the following execution line:

go run main.go dns -t 50 -d *-app.abumedia.yql.yahoo.com -w wordlist.txt

Result:

===============================================================
Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
===============================================================
[+] Domain:     *-app.abumedia.yql.yahoo.com
[+] Threads:    50
[+] Timeout:    1s
[+] Wordlist:   /Users/hdbreaker/Desktop/Scripts/DirBuster/directory-list-lowercase-2.3-medium.txt
===============================================================
2019/07/27 15:19:58 Starting gobuster
===============================================================
2019/07/27 15:19:58 [-] Warning: Injection char (*) was provided, no base domain validation will be performed!
Found: news-app.abumedia.yql.yahoo.com
Found: tv-app.abumedia.yql.yahoo.com
===============================================================
2019/07/27 15:20:06 Finished
===============================================================

If the * character is not provided Gobuster will work as before.

hdbreaker added 2 commits Jul 27, 2019
@OJ OJ added this to the v3.1 milestone Oct 1, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.