celerystalk
celerystalk copied to clipboard
Published
20 hours ago •
sethsec
sethsec
Importing domains using -D is not setting them in scope
I thought that the -D parameter is supposed to import domains to scope, but it's importing them to DB without setting the flag In Scope as seen here:
./celerystalk import -D /root/x/scope.txt
celerystalk - An asynchronous network enumeration/vulnerability scanner
v1.3.1 Run all your tools against all your hosts (IPs/virtual hosts/subdomains)
by @sethsec
Build: 245
[+] Found subdomain (out of scope): srv-sql-p4.xx.xyz.de
[+] Found subdomain (out of scope): srv-fs-p04.xx.xyz.de
[+] Found subdomain (out of scope): xx-develop.xx.xyz.de
[+] Found subdomain (out of scope): srv-xx-ea2.xx.xyz.de
[!] There are no in scope hosts in the DB
./celerystalk db hosts
celerystalk - An asynchronous network enumeration/vulnerability scanner
v1.3.1 Run all your tools against all your hosts (IPs/virtual hosts/subdomains)
by @sethsec
Build: 245
[+] Showing hosts for the [prima] workspace
+---------------+--------------------------+----------+-----------------------+-----------+
| IP | Vhost | In Scope | Explicit Out of Scope | Submitted |
+---------------+--------------------------+----------+-----------------------+-----------+
| 10.35.100.103 | srv-xx-ea2.xx.xyz.de | 0 | 0 | 0 |
| 10.35.100.202 | srv-sql-p4.xx.xyz.de | 0 | 0 | 0 |
| 10.35.100.214 | srv-fs-p04.xx.xyz.de | 0 | 0 | 0 |
| 10.35.100.94 | xx-develop.xx.xyz.de | 0 | 0 | 0 |
+---------------+--------------------------+----------+-----------------------+-----------+
Am I missing something?
Nevermind, I have just RTFM.. but I am not seeing the logic of importing IPs first, than domains. The documentation says:
celerystalk determines whether each subdomain is in scope by resolving the IP and looking for IP in the DB. If there is a match, the domain is marked as in scope and will be scanned.