Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

wildcard subdomains #73

Closed
JackandBlackLLL opened this issue Jul 8, 2020 · 2 comments
Closed

wildcard subdomains #73

JackandBlackLLL opened this issue Jul 8, 2020 · 2 comments

Comments

@JackandBlackLLL
Copy link

I get a list of subdomains with other scripts.
After that I get DNS records and based on this I get valid subdomains.
But often I get a lot of false results, in particular because of the fact that the subdomain has a wildcard configured on the domain.
How to enable the function of checking the wildcard subdomains so that I get cleaner results that exclude the wildcard subdomains?
I see massdns have this function "Add wildcard detection for reconnaissance"
@blechschmidt
Copy link
Owner

Since wildcard detection is listed as a todo, this feature is not yet implemented. In case you perform reconnaissance scans, it is worth to have a look at shuffledns, which is a wrapper around massdns improving usability and supporting wildcard detection.

@storenth
Copy link

But using shuffledns we need one more step to get the final IP, because it doesn't provide with IPs output, so

  1. Sieving for wildcard enabled DNS using shuffledns
  2. Get IPs from filtered subdomains.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@storenth @blechschmidt @JackandBlackLLL