Battalion icon indicating copy to clipboard operation
Battalion copied to clipboard

Published 20 hours ago verified publisher icon theabraxas

Handle DNS Wildcard entries

Open theabraxas opened this issue 8 years ago • 1 comments

Adapt domain-scan to handle edge cases when a wildcard entry is in use. There are still ways to get around the issue using other tools but it slows down the scan tremendously.

Description: DNSRecon with -t 'brt' does not handle wildcard entries well, data is not usable in it's current form.

Fix: On detection of Wildcard - display notification that a slower scan will take place and trigger a different DNS scan which can handle wildcards and determine valid entries.

theabraxas avatar Oct 28 '16 15:10 theabraxas

Plan is to do the following:

Procedural:

  1. Prior to DNS scan send a test request to longweirduniquestring.target.com and see if it returns an 'A' record
  2. Check if enable wildcard flag is set
  3. (a)If 'No" Stop DNS Brute Force and try to proceed
  4. (b)If 'Yes' Record IP address resolution from 1 and run standard brute force.
  5. (b)Once completed, remove all resolutions from output file which match the recorded IP from 1
  6. (b)Return modified list plus the default domain (if not present) at the IP recorded from 1

Required changes:

  1. Create flag for enable wildcard
  2. Write routing to test for wildcard being probable
  3. Modify output of DNSRecon if enable wildcard is set
  4. Prevent DNSRecon from running if enable wildcard is not set and wildcard is detected
  5. Note presence of wildcard record in report and the value associated with it.

theabraxas avatar Mar 30 '17 18:03 theabraxas