FIX: Resolved DNSdumpster IndexError and improved CSRF token extraction
This commit is contained in:
		
							parent
							
								
									729d649ec5
								
							
						
					
					
						commit
						7d9a6f7945
					
				|  | @ -0,0 +1,500 @@ | ||||||
|  | www.microsoft.com | ||||||
|  | 3d-avatar-diffusion.microsoft.com | ||||||
|  | 3dfe-holograms.microsoft.com | ||||||
|  | 3papiprovider.microsoft.com | ||||||
|  | 3pc.microsoft.com | ||||||
|  | 3rdpartysource.microsoft.com | ||||||
|  | 3sdash.microsoft.com | ||||||
|  | 3sdebug.microsoft.com | ||||||
|  | abilitysummit.microsoft.com | ||||||
|  | account.microsoft.com | ||||||
|  | mucp.api.account.microsoft.com | ||||||
|  | privacynotice.account.microsoft.com | ||||||
|  | account-mgmt-exp.microsoft.com | ||||||
|  | accountguard.microsoft.com | ||||||
|  | activate.microsoft.com | ||||||
|  | adaptivecards.microsoft.com | ||||||
|  | adfshelp.microsoft.com | ||||||
|  | admin.microsoft.com | ||||||
|  | sites-author.adobeprod.microsoft.com | ||||||
|  | adoption.microsoft.com | ||||||
|  | ads.microsoft.com | ||||||
|  | about.ads.microsoft.com | ||||||
|  | adlibrary.ads.microsoft.com | ||||||
|  | help.ads.microsoft.com | ||||||
|  | internal.ads.microsoft.com | ||||||
|  | mmcapi.ads.microsoft.com | ||||||
|  | trinity.ads.microsoft.com | ||||||
|  | ucm.ads.microsoft.com | ||||||
|  | ui.ads.microsoft.com | ||||||
|  | beta.ads-int.microsoft.com | ||||||
|  | ai-edge.microsoft.com | ||||||
|  | aiotlabs.microsoft.com | ||||||
|  | airlift.microsoft.com | ||||||
|  | register.aiskillsfest.microsoft.com | ||||||
|  | aiskillsnavigator.microsoft.com | ||||||
|  | aitour.microsoft.com | ||||||
|  | register.aitour.microsoft.com | ||||||
|  | ajax.microsoft.com | ||||||
|  | answers.microsoft.com | ||||||
|  | social.answers.microsoft.com | ||||||
|  | apply.microsoft.com | ||||||
|  | apps.microsoft.com | ||||||
|  | appsource.microsoft.com | ||||||
|  | browser.pipe.aria.microsoft.com | ||||||
|  | mobile.pipe.aria.microsoft.com | ||||||
|  | askhrva.microsoft.com | ||||||
|  | assetsppe2.microsoft.com | ||||||
|  | assetsprod.microsoft.com | ||||||
|  | assist.microsoft.com | ||||||
|  | atlas.microsoft.com | ||||||
|  | mobileappcommunicator.auth.microsoft.com | ||||||
|  | azure.microsoft.com | ||||||
|  | azurelocalsolutions.azure.microsoft.com | ||||||
|  | azureforeducation.microsoft.com | ||||||
|  | azuremarketplace.microsoft.com | ||||||
|  | register.azuremigration.microsoft.com | ||||||
|  | api.bap.microsoft.com | ||||||
|  | bcweb.microsoft.com | ||||||
|  | api.bing.microsoft.com | ||||||
|  | help.bing.microsoft.com | ||||||
|  | academycourses.bingads.microsoft.com | ||||||
|  | adinquiry.bingads.microsoft.com | ||||||
|  | resources.azure.bingads.microsoft.com | ||||||
|  | bingapp.microsoft.com | ||||||
|  | bingfeedback.microsoft.com | ||||||
|  | bingwallpaper.microsoft.com | ||||||
|  | blogs.microsoft.com | ||||||
|  | brandcentral.microsoft.com | ||||||
|  | browserdefaults.microsoft.com | ||||||
|  | browserprotection.microsoft.com | ||||||
|  | build.microsoft.com | ||||||
|  | register.build.microsoft.com | ||||||
|  | register.buildinfo.microsoft.com | ||||||
|  | businessaccount.microsoft.com | ||||||
|  | uploadhub.capqa.microsoft.com | ||||||
|  | careers.microsoft.com | ||||||
|  | jobs.careers.microsoft.com | ||||||
|  | refer.careers.microsoft.com | ||||||
|  | cdn-dynmedia-1.microsoft.com | ||||||
|  | df.cfp.microsoft.com | ||||||
|  | clarity.microsoft.com | ||||||
|  | cloudaccelerator.microsoft.com | ||||||
|  | ftenomination.cloudaccelerator.microsoft.com | ||||||
|  | cloudblogs.microsoft.com | ||||||
|  | cloudbrowser.microsoft.com | ||||||
|  | coach.microsoft.com | ||||||
|  | westus.dev.cognitive.microsoft.com | ||||||
|  | compassone.microsoft.com | ||||||
|  | compliance.microsoft.com | ||||||
|  | copilot.microsoft.com | ||||||
|  | auth.copilot.microsoft.com | ||||||
|  | copilotdash-sdf.microsoft.com | ||||||
|  | copilotscenarios.microsoft.com | ||||||
|  | copilotstudio.microsoft.com | ||||||
|  | coreidentity.microsoft.com | ||||||
|  | paymentsredirectionservice.cp.microsoft.com | ||||||
|  | create.microsoft.com | ||||||
|  | cdn.create.microsoft.com | ||||||
|  | credentials.microsoft.com | ||||||
|  | customerfeedback.microsoft.com | ||||||
|  | customervoice.microsoft.com | ||||||
|  | cxpqualityhub.microsoft.com | ||||||
|  | browser.events.data.microsoft.com | ||||||
|  | eu-mobile.events.data.microsoft.com | ||||||
|  | mobile.events.data.microsoft.com | ||||||
|  | self.events.data.microsoft.com | ||||||
|  | v10.events.data.microsoft.com | ||||||
|  | watson.events.data.microsoft.com | ||||||
|  | settings-win.data.microsoft.com | ||||||
|  | datacenters.microsoft.com | ||||||
|  | dcg.microsoft.com | ||||||
|  | dcservicesgateway.microsoft.com | ||||||
|  | ti.defender.microsoft.com | ||||||
|  | definitionupdates.microsoft.com | ||||||
|  | 2.dl.delivery.mp.microsoft.com.delivery.microsoft.com | ||||||
|  | 4.dl.delivery.mp.microsoft.com.delivery.microsoft.com | ||||||
|  | 2.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com | ||||||
|  | designer.microsoft.com | ||||||
|  | apps.dev.microsoft.com | ||||||
|  | devblogs.microsoft.com | ||||||
|  | devbox.microsoft.com | ||||||
|  | developer.microsoft.com | ||||||
|  | devicepartner.microsoft.com | ||||||
|  | devportal.microsoft.com | ||||||
|  | fpt.dfp.microsoft.com | ||||||
|  | care.dlservice.microsoft.com | ||||||
|  | docs.microsoft.com | ||||||
|  | dotnet.microsoft.com | ||||||
|  | builds.dotnet.microsoft.com | ||||||
|  | download.microsoft.com | ||||||
|  | api.dtmnebula.microsoft.com | ||||||
|  | client.dtmnebula.microsoft.com | ||||||
|  | t135.e-mails.microsoft.com | ||||||
|  | eagreements.microsoft.com | ||||||
|  | images.ecomm.microsoft.com | ||||||
|  | edge.microsoft.com | ||||||
|  | edge-http.microsoft.com | ||||||
|  | edgemobileapp.microsoft.com | ||||||
|  | edunominate.microsoft.com | ||||||
|  | egrc.microsoft.com | ||||||
|  | emails.microsoft.com | ||||||
|  | usgovintake.embark.microsoft.com | ||||||
|  | employeeservicehub.microsoft.com | ||||||
|  | enablement.microsoft.com | ||||||
|  | endpoint.microsoft.com | ||||||
|  | engagehub.microsoft.com | ||||||
|  | entra.microsoft.com | ||||||
|  | esi.microsoft.com | ||||||
|  | esicxp.microsoft.com | ||||||
|  | esireg.microsoft.com | ||||||
|  | esisupport.microsoft.com | ||||||
|  | esxp.microsoft.com | ||||||
|  | euaaccessportal.microsoft.com | ||||||
|  | abilitysummit.event.microsoft.com | ||||||
|  | aiskillsfest.event.microsoft.com | ||||||
|  | azuremigration.event.microsoft.com | ||||||
|  | discoverday.event.microsoft.com | ||||||
|  | msbizappslaunchevent.event.microsoft.com | ||||||
|  | regcdn.event.microsoft.com | ||||||
|  | secure.event.microsoft.com | ||||||
|  | events.microsoft.com | ||||||
|  | internal.evergreen.microsoft.com | ||||||
|  | evl.microsoft.com | ||||||
|  | admin.exchange.microsoft.com | ||||||
|  | exp.microsoft.com | ||||||
|  | expertzone.microsoft.com | ||||||
|  | api.fabric.microsoft.com | ||||||
|  | app.fabric.microsoft.com | ||||||
|  | blog.fabric.microsoft.com | ||||||
|  | community.fabric.microsoft.com | ||||||
|  | ideas.fabric.microsoft.com | ||||||
|  | msit.fabric.microsoft.com | ||||||
|  | support.fabric.microsoft.com | ||||||
|  | fasttrack.microsoft.com | ||||||
|  | feedback360.microsoft.com | ||||||
|  | feedbackportal.microsoft.com | ||||||
|  | findtime.microsoft.com | ||||||
|  | forms.microsoft.com | ||||||
|  | fpc.microsoft.com | ||||||
|  | fpt.microsoft.com | ||||||
|  | fpt2.microsoft.com | ||||||
|  | get.microsoft.com | ||||||
|  | getconnected.microsoft.com | ||||||
|  | 3palertingestion.globalsecureaccess.microsoft.com | ||||||
|  | go.microsoft.com | ||||||
|  | go2.microsoft.com | ||||||
|  | graph.microsoft.com | ||||||
|  | guidedtour.microsoft.com | ||||||
|  | hackbox.microsoft.com | ||||||
|  | holidays.microsoft.com | ||||||
|  | hrprofile.microsoft.com | ||||||
|  | occclientglobal.iconchannelserviceprod.microsoft.com | ||||||
|  | occclient.iconchannelservicesprod.microsoft.com | ||||||
|  | identitypass.microsoft.com | ||||||
|  | idweb.microsoft.com | ||||||
|  | idwebelements.microsoft.com | ||||||
|  | ie11fre.microsoft.com | ||||||
|  | ieonline.microsoft.com | ||||||
|  | ignite.microsoft.com | ||||||
|  | imaginecup.microsoft.com | ||||||
|  | info.microsoft.com | ||||||
|  | m.infomail.microsoft.com | ||||||
|  | t.infomail.microsoft.com | ||||||
|  | m2.infomails.microsoft.com | ||||||
|  | innovationstudio.microsoft.com | ||||||
|  | insightsexperience.microsoft.com | ||||||
|  | inststudio-proxy.microsoft.com | ||||||
|  | intune.microsoft.com | ||||||
|  | invitations.microsoft.com | ||||||
|  | iridias.microsoft.com | ||||||
|  | krs.microsoft.com | ||||||
|  | wopihost.l2o.microsoft.com | ||||||
|  | leap.microsoft.com | ||||||
|  | learn.microsoft.com | ||||||
|  | review.learn.microsoft.com | ||||||
|  | learn-attachment.microsoft.com | ||||||
|  | admin.int.learningcredentials.microsoft.com | ||||||
|  | learningdownloadcenter.microsoft.com | ||||||
|  | learningpath.microsoft.com | ||||||
|  | learningplayer.microsoft.com | ||||||
|  | learningroomdirectory.microsoft.com | ||||||
|  | leportal.microsoft.com | ||||||
|  | licensing.microsoft.com | ||||||
|  | partner.licensing.microsoft.com | ||||||
|  | licensingonlineservicesactivation.microsoft.com | ||||||
|  | lighthouse.microsoft.com | ||||||
|  | linux.microsoft.com | ||||||
|  | liquid.microsoft.com | ||||||
|  | lists.microsoft.com | ||||||
|  | livesend.microsoft.com | ||||||
|  | local.microsoft.com | ||||||
|  | login.microsoft.com | ||||||
|  | lookbook.microsoft.com | ||||||
|  | loop.microsoft.com | ||||||
|  | m365pulse.microsoft.com | ||||||
|  | emea.mail.microsoft.com | ||||||
|  | enrollment.manage.microsoft.com | ||||||
|  | portal.manage.microsoft.com | ||||||
|  | portal.manage-beta.microsoft.com | ||||||
|  | managerewards.microsoft.com | ||||||
|  | marketingassets.microsoft.com | ||||||
|  | math.microsoft.com | ||||||
|  | mathsolver.microsoft.com | ||||||
|  | mbs.microsoft.com | ||||||
|  | businesscenter.mbs.microsoft.com | ||||||
|  | mbs2.microsoft.com | ||||||
|  | hk2.consumerfulfillment.mcapi.microsoft.com | ||||||
|  | mcapshelp.microsoft.com | ||||||
|  | mcp.microsoft.com | ||||||
|  | mcr.microsoft.com | ||||||
|  | medius.microsoft.com | ||||||
|  | merge.microsoft.com | ||||||
|  | microsoftedge.microsoft.com | ||||||
|  | microsoftedgewelcome.microsoft.com | ||||||
|  | m136.microsoftstore.microsoft.com | ||||||
|  | military.microsoft.com | ||||||
|  | mint.microsoft.com | ||||||
|  | auth.prod.mlx.microsoft.com | ||||||
|  | dl.delivery.mp.microsoft.com | ||||||
|  | 2.dl.delivery.mp.microsoft.com | ||||||
|  | 3.dl.delivery.mp.microsoft.com | ||||||
|  | catalog.sf.dl.delivery.mp.microsoft.com | ||||||
|  | msedge.sf.dl.delivery.mp.microsoft.com | ||||||
|  | tlu.dl.delivery.mp.microsoft.com | ||||||
|  | 13.tlu.dl.delivery.mp.microsoft.com | ||||||
|  | 2.tlu.dl.delivery.mp.microsoft.com | ||||||
|  | 3.tlu.dl.delivery.mp.microsoft.com | ||||||
|  | msedge.b.tlu.dl.delivery.mp.microsoft.com | ||||||
|  | msedgeextensions.f.tlu.dl.delivery.mp.microsoft.com | ||||||
|  | array608.prod.do.dsp.mp.microsoft.com | ||||||
|  | storeedgefd.dsx.mp.microsoft.com | ||||||
|  | paymentinstruments.mp.microsoft.com | ||||||
|  | msaitour.microsoft.com | ||||||
|  | register.msbizappslaunchevent.microsoft.com | ||||||
|  | msc.microsoft.com | ||||||
|  | msconnect.microsoft.com | ||||||
|  | v2.msconnect.microsoft.com | ||||||
|  | msdl.microsoft.com | ||||||
|  | msdn.microsoft.com | ||||||
|  | blogs.msdn.microsoft.com | ||||||
|  | visualstudiogallery.msdn.microsoft.com | ||||||
|  | msevents.microsoft.com | ||||||
|  | msft-oncall-tool.microsoft.com | ||||||
|  | msftguest.microsoft.com | ||||||
|  | msnapp.microsoft.com | ||||||
|  | msrc.microsoft.com | ||||||
|  | api.msrc.microsoft.com | ||||||
|  | portal.msrc.microsoft.com | ||||||
|  | msrecruit.microsoft.com | ||||||
|  | msrolelibrary.microsoft.com | ||||||
|  | msvacation.microsoft.com | ||||||
|  | msxinsights.microsoft.com | ||||||
|  | mvp.microsoft.com | ||||||
|  | myaccess.microsoft.com | ||||||
|  | myaccount.microsoft.com | ||||||
|  | myapplications.microsoft.com | ||||||
|  | myapps.microsoft.com | ||||||
|  | launcher.myapps.microsoft.com | ||||||
|  | mydefender.microsoft.com | ||||||
|  | myorder.microsoft.com | ||||||
|  | myprofile.microsoft.com | ||||||
|  | mysignins.microsoft.com | ||||||
|  | mystaff.microsoft.com | ||||||
|  | myworkaccount.microsoft.com | ||||||
|  | news.microsoft.com | ||||||
|  | nonprofit.microsoft.com | ||||||
|  | signup.nonprofit.microsoft.com | ||||||
|  | nuwa-infinity.microsoft.com | ||||||
|  | ocv.microsoft.com | ||||||
|  | office.microsoft.com | ||||||
|  | r.office.microsoft.com | ||||||
|  | support.office.microsoft.com | ||||||
|  | officecdn.microsoft.com | ||||||
|  | officecdnmac.microsoft.com | ||||||
|  | officeredir.microsoft.com | ||||||
|  | o15.officeredir.microsoft.com | ||||||
|  | oneask.microsoft.com | ||||||
|  | oneasset.microsoft.com | ||||||
|  | onedrivelti.microsoft.com | ||||||
|  | opensource.microsoft.com | ||||||
|  | docs.opensource.microsoft.com | ||||||
|  | operatorconnect.microsoft.com | ||||||
|  | outlook.microsoft.com | ||||||
|  | ov-df.microsoft.com | ||||||
|  | packages.microsoft.com | ||||||
|  | parking.microsoft.com | ||||||
|  | partner.microsoft.com | ||||||
|  | customerconsent.partner.microsoft.com | ||||||
|  | dmc.partner.microsoft.com | ||||||
|  | partners.microsoft.com | ||||||
|  | partneruniversity.microsoft.com | ||||||
|  | paymentcentral.microsoft.com | ||||||
|  | paymentcentralvnext.microsoft.com | ||||||
|  | pcmanager.microsoft.com | ||||||
|  | pctrax.microsoft.com | ||||||
|  | personnel.microsoft.com | ||||||
|  | pair.phonelink.microsoft.com | ||||||
|  | planetarycomputer.microsoft.com | ||||||
|  | planner.microsoft.com | ||||||
|  | plhvc.microsoft.com | ||||||
|  | taxprofile.pmp.microsoft.com | ||||||
|  | portal.microsoft.com | ||||||
|  | powerbi.microsoft.com | ||||||
|  | make.powerpages.microsoft.com | ||||||
|  | admin.powerplatform.microsoft.com | ||||||
|  | adminanalytics.powerplatform.microsoft.com | ||||||
|  | che.adminanalytics.powerplatform.microsoft.com | ||||||
|  | asia.prod.powerquery.microsoft.com | ||||||
|  | australia.prod.powerquery.microsoft.com | ||||||
|  | brazil.prod.powerquery.microsoft.com | ||||||
|  | europe.prod.powerquery.microsoft.com | ||||||
|  | india.prod.powerquery.microsoft.com | ||||||
|  | us.prod.powerquery.microsoft.com | ||||||
|  | us2.prod.powerquery.microsoft.com | ||||||
|  | powerup.microsoft.com | ||||||
|  | web.powerva.microsoft.com | ||||||
|  | copilotstudio.preview.microsoft.com | ||||||
|  | print.print.microsoft.com | ||||||
|  | privacy.microsoft.com | ||||||
|  | procureweb.microsoft.com | ||||||
|  | profitabilitybenchmark.microsoft.com | ||||||
|  | project.microsoft.com | ||||||
|  | myvs.download.prss.microsoft.com | ||||||
|  | software.download.prss.microsoft.com | ||||||
|  | software-static.download.prss.microsoft.com | ||||||
|  | vscode.download.prss.microsoft.com | ||||||
|  | windbg.download.prss.microsoft.com | ||||||
|  | next.pubcenter.microsoft.com | ||||||
|  | pulse.microsoft.com | ||||||
|  | purview.microsoft.com | ||||||
|  | quantum.microsoft.com | ||||||
|  | reactor.microsoft.com | ||||||
|  | redeem.microsoft.com | ||||||
|  | referencesource.microsoft.com | ||||||
|  | reflect.microsoft.com | ||||||
|  | releaseplans.microsoft.com | ||||||
|  | research.microsoft.com | ||||||
|  | cmt3.research.microsoft.com | ||||||
|  | researchforum.microsoft.com | ||||||
|  | rewards.microsoft.com | ||||||
|  | portal.rooms.microsoft.com | ||||||
|  | rs.microsoft.com | ||||||
|  | query.prod.cms.rt.microsoft.com | ||||||
|  | salesops.microsoft.com | ||||||
|  | schemas.microsoft.com | ||||||
|  | assets.sds.microsoft.com | ||||||
|  | sdx.microsoft.com | ||||||
|  | register.secure.microsoft.com | ||||||
|  | security.microsoft.com | ||||||
|  | mto.security.microsoft.com | ||||||
|  | sip.security.microsoft.com | ||||||
|  | api.securitycenter.microsoft.com | ||||||
|  | securitycopilot.microsoft.com | ||||||
|  | portal.gethelp.services.microsoft.com | ||||||
|  | partner.support.services.microsoft.com | ||||||
|  | prod.support.services.microsoft.com | ||||||
|  | eus.prod.support.services.microsoft.com | ||||||
|  | wus.prod.support.services.microsoft.com | ||||||
|  | remoteassistance.support.services.microsoft.com | ||||||
|  | survey.support.services.microsoft.com | ||||||
|  | vsa.services.microsoft.com | ||||||
|  | prod.client.wosc.services.microsoft.com | ||||||
|  | serviceshub.microsoft.com | ||||||
|  | support.serviceshub.microsoft.com | ||||||
|  | servicetrust.microsoft.com | ||||||
|  | al.mstic.signals.microsoft.com | ||||||
|  | signup.microsoft.com | ||||||
|  | cdn.signup.microsoft.com | ||||||
|  | apprep.smartscreen.microsoft.com | ||||||
|  | fb.smartscreen.microsoft.com | ||||||
|  | feedback.smartscreen.microsoft.com | ||||||
|  | software-download.microsoft.com | ||||||
|  | solutions.microsoft.com | ||||||
|  | speech.microsoft.com | ||||||
|  | centraluseuap.orchestration.speech.microsoft.com | ||||||
|  | sponsor.microsoft.com | ||||||
|  | stackoverflow.microsoft.com | ||||||
|  | startapp.microsoft.com | ||||||
|  | foundershub.startups.microsoft.com | ||||||
|  | msft.sts.microsoft.com | ||||||
|  | certauth.msft.sts.microsoft.com | ||||||
|  | supplier.microsoft.com | ||||||
|  | dev-portal.supplychain.microsoft.com | ||||||
|  | support.microsoft.com | ||||||
|  | filestore.community.support.microsoft.com | ||||||
|  | tar.microsoft.com | ||||||
|  | teams.microsoft.com | ||||||
|  | admin.teams.microsoft.com | ||||||
|  | ca-prod.asyncgw.teams.microsoft.com | ||||||
|  | eu-prod.asyncgw.teams.microsoft.com | ||||||
|  | fr-prod.asyncgw.teams.microsoft.com | ||||||
|  | in-prod.asyncgw.teams.microsoft.com | ||||||
|  | jp-prod.asyncgw.teams.microsoft.com | ||||||
|  | se-prod.asyncgw.teams.microsoft.com | ||||||
|  | cqd.teams.microsoft.com | ||||||
|  | dev.teams.microsoft.com | ||||||
|  | devicetest.teams.microsoft.com | ||||||
|  | dialin.teams.microsoft.com | ||||||
|  | events.teams.microsoft.com | ||||||
|  | msit.events.teams.microsoft.com | ||||||
|  | events.gcc.teams.microsoft.com | ||||||
|  | api.noam.hms-int.migrationservices.teams.microsoft.com | ||||||
|  | portal.sdg.teams.microsoft.com | ||||||
|  | visit.teams.microsoft.com | ||||||
|  | techcommunity.microsoft.com | ||||||
|  | cdn.techcommunity.microsoft.com | ||||||
|  | technet.microsoft.com | ||||||
|  | social.technet.microsoft.com | ||||||
|  | technet2.microsoft.com | ||||||
|  | testconnectivity.microsoft.com | ||||||
|  | titanweb.microsoft.com | ||||||
|  | totalrewards.microsoft.com | ||||||
|  | trainingsupport.microsoft.com | ||||||
|  | cdx.transform.microsoft.com | ||||||
|  | cloudpartners.transform.microsoft.com | ||||||
|  | dynamicspartners.transform.microsoft.com | ||||||
|  | readiness.transform.microsoft.com | ||||||
|  | securitypartners.transform.microsoft.com | ||||||
|  | translator.microsoft.com | ||||||
|  | trust.microsoft.com | ||||||
|  | nonprofits.tsi.microsoft.com | ||||||
|  | uatracker.microsoft.com | ||||||
|  | uhf.microsoft.com | ||||||
|  | ukstories.microsoft.com | ||||||
|  | unlocked.microsoft.com | ||||||
|  | update.microsoft.com | ||||||
|  | catalog.update.microsoft.com | ||||||
|  | www.catalog.update.microsoft.com | ||||||
|  | fe2.update.microsoft.com | ||||||
|  | ux.microsoft.com | ||||||
|  | verify.microsoft.com | ||||||
|  | vi.microsoft.com | ||||||
|  | videos.microsoft.com | ||||||
|  | visualstudio.microsoft.com | ||||||
|  | 2download.visualstudio.microsoft.com | ||||||
|  | download.visualstudio.microsoft.com | ||||||
|  | visualsupport.microsoft.com | ||||||
|  | vivalearning-dev.microsoft.com | ||||||
|  | vlcentral.microsoft.com | ||||||
|  | waccess.microsoft.com | ||||||
|  | watsonportal.microsoft.com | ||||||
|  | demo.wd.microsoft.com | ||||||
|  | download-fds.webapps.microsoft.com | ||||||
|  | download-support.webapps.microsoft.com | ||||||
|  | webxtsvc.microsoft.com | ||||||
|  | app.whiteboard.microsoft.com | ||||||
|  | whoplus.microsoft.com | ||||||
|  | windows.microsoft.com | ||||||
|  | hs.windows.microsoft.com | ||||||
|  | rssgov.windows.microsoft.com | ||||||
|  | windows365.microsoft.com | ||||||
|  | cdn.winget.microsoft.com | ||||||
|  | winqual.microsoft.com | ||||||
|  | workshopsurvey.microsoft.com | ||||||
|  | client.wvd.microsoft.com | ||||||
|  | cf32a972-c05b-4b71-a4b8-2eeaf3a5d10a.rdbroker-g-us-r1.wvd.microsoft.com | ||||||
|  | rdweb.wvd.microsoft.com | ||||||
|  | wwcarchive.microsoft.com | ||||||
|  | wwps.microsoft.com | ||||||
|  | unistore.www.microsoft.com | ||||||
|  | @ -0,0 +1,7 @@ | ||||||
|  | AS207960 Test Intermediate - example.com | ||||||
|  | www.example.com | ||||||
|  | dev.example.com | ||||||
|  | m.example.com | ||||||
|  | products.example.com | ||||||
|  | support.example.com | ||||||
|  | m.testexample.com | ||||||
							
								
								
									
										244
									
								
								sublist3r.py
								
								
								
								
							
							
						
						
									
										244
									
								
								sublist3r.py
								
								
								
								
							|  | @ -16,26 +16,25 @@ import threading | ||||||
| import socket | import socket | ||||||
| import json | import json | ||||||
| from collections import Counter | from collections import Counter | ||||||
|  | from urllib.parse import urlparse | ||||||
|  | from urllib.parse import unquote | ||||||
| 
 | 
 | ||||||
| # external modules | # external modules | ||||||
| from subbrute import subbrute | from subbrute import subbrute | ||||||
| import dns.resolver | import dns.resolver | ||||||
| import requests | import requests | ||||||
| 
 | import urllib3 | ||||||
| # Python 2.x and 3.x compatiablity | urllib3.disable_warnings() | ||||||
| if sys.version > '3': |  | ||||||
|     import urllib.parse as urlparse |  | ||||||
|     import urllib.parse as urllib |  | ||||||
| else: |  | ||||||
|     import urlparse |  | ||||||
|     import urllib |  | ||||||
| 
 | 
 | ||||||
|  | # In case you cannot install some of the required development packages | ||||||
|  | # there's also an option to disable the SSL warning: | ||||||
| # In case you cannot install some of the required development packages | # In case you cannot install some of the required development packages | ||||||
| # there's also an option to disable the SSL warning: | # there's also an option to disable the SSL warning: | ||||||
| try: | try: | ||||||
|     import requests.packages.urllib3 |     import urllib3 | ||||||
|     requests.packages.urllib3.disable_warnings() |     urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) | ||||||
| except: | except: | ||||||
|  |      | ||||||
|     pass |     pass | ||||||
| 
 | 
 | ||||||
| # Check if we are running this on windows platform | # Check if we are running this on windows platform | ||||||
|  | @ -143,7 +142,7 @@ def subdomain_sorting_key(hostname): | ||||||
| class enumratorBase(object): | class enumratorBase(object): | ||||||
|     def __init__(self, base_url, engine_name, domain, subdomains=None, silent=False, verbose=True): |     def __init__(self, base_url, engine_name, domain, subdomains=None, silent=False, verbose=True): | ||||||
|         subdomains = subdomains or [] |         subdomains = subdomains or [] | ||||||
|         self.domain = urlparse.urlparse(domain).netloc |         self.domain = urlparse(domain).netloc | ||||||
|         self.session = requests.Session() |         self.session = requests.Session() | ||||||
|         self.subdomains = [] |         self.subdomains = [] | ||||||
|         self.timeout = 25 |         self.timeout = 25 | ||||||
|  | @ -273,12 +272,22 @@ class enumratorBaseThreaded(multiprocessing.Process, enumratorBase): | ||||||
| class GoogleEnum(enumratorBaseThreaded): | class GoogleEnum(enumratorBaseThreaded): | ||||||
|     def __init__(self, domain, subdomains=None, q=None, silent=False, verbose=True): |     def __init__(self, domain, subdomains=None, q=None, silent=False, verbose=True): | ||||||
|         subdomains = subdomains or [] |         subdomains = subdomains or [] | ||||||
|         base_url = "https://google.com/search?q={query}&btnG=Search&hl=en-US&biw=&bih=&gbv=1&start={page_no}&filter=0" |         base_url = "https://www.google.com/search?q={query}&num=100&start={page_no}&filter=0" | ||||||
|         self.engine_name = "Google" |         self.engine_name = "Google" | ||||||
|         self.MAX_DOMAINS = 11 |         self.MAX_DOMAINS = 11 | ||||||
|         self.MAX_PAGES = 200 |         self.MAX_PAGES = 200 | ||||||
|         super(GoogleEnum, self).__init__(base_url, self.engine_name, domain, subdomains, q=q, silent=silent, verbose=verbose) |         super(GoogleEnum, self).__init__(base_url, self.engine_name, domain, subdomains, q=q, silent=silent, verbose=verbose) | ||||||
|         self.q = q |         self.q = q | ||||||
|  |         # Enhanced headers to avoid blocking | ||||||
|  |         self.headers.update({ | ||||||
|  |             'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36', | ||||||
|  |             'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8', | ||||||
|  |             'Accept-Language': 'en-US,en;q=0.5', | ||||||
|  |             'Accept-Encoding': 'gzip, deflate', | ||||||
|  |             'DNT': '1', | ||||||
|  |             'Connection': 'keep-alive', | ||||||
|  |             'Upgrade-Insecure-Requests': '1' | ||||||
|  |         }) | ||||||
|         return |         return | ||||||
| 
 | 
 | ||||||
|     def extract_domains(self, resp): |     def extract_domains(self, resp): | ||||||
|  | @ -287,10 +296,11 @@ class GoogleEnum(enumratorBaseThreaded): | ||||||
|         try: |         try: | ||||||
|             links_list = link_regx.findall(resp) |             links_list = link_regx.findall(resp) | ||||||
|             for link in links_list: |             for link in links_list: | ||||||
|                 link = re.sub('<span.*>', '', link) |                 link = re.sub('<span.*?>', '', link) | ||||||
|  |                 link = re.sub('</span>', '', link) | ||||||
|                 if not link.startswith('http'): |                 if not link.startswith('http'): | ||||||
|                     link = "http://" + link |                     link = "http://" + link | ||||||
|                 subdomain = urlparse.urlparse(link).netloc |                 subdomain = urlparse(link).netloc | ||||||
|                 if subdomain and subdomain not in self.subdomains and subdomain != self.domain: |                 if subdomain and subdomain not in self.subdomains and subdomain != self.domain: | ||||||
|                     if self.verbose: |                     if self.verbose: | ||||||
|                         self.print_("%s%s: %s%s" % (R, self.engine_name, W, subdomain)) |                         self.print_("%s%s: %s%s" % (R, self.engine_name, W, subdomain)) | ||||||
|  | @ -300,14 +310,19 @@ class GoogleEnum(enumratorBaseThreaded): | ||||||
|         return links_list |         return links_list | ||||||
| 
 | 
 | ||||||
|     def check_response_errors(self, resp): |     def check_response_errors(self, resp): | ||||||
|         if (type(resp) is str or type(resp) is unicode) and 'Our systems have detected unusual traffic' in resp: |         if isinstance(resp, str): | ||||||
|             self.print_(R + "[!] Error: Google probably now is blocking our requests" + W) |             if 'unusual traffic' in resp.lower() or 'detected unusual' in resp.lower(): | ||||||
|             self.print_(R + "[~] Finished now the Google Enumeration ..." + W) |                 self.print_(R + "[!] Error: Google is blocking our requests (rate limited)" + W) | ||||||
|             return False |                 self.print_(R + "[~] Finished now the Google Enumeration ..." + W) | ||||||
|  |                 return False | ||||||
|  |             if 'captcha' in resp.lower(): | ||||||
|  |                 self.print_(R + "[!] Error: Google CAPTCHA detected" + W) | ||||||
|  |                 self.print_(R + "[~] Finished now the Google Enumeration ..." + W) | ||||||
|  |                 return False | ||||||
|         return True |         return True | ||||||
| 
 | 
 | ||||||
|     def should_sleep(self): |     def should_sleep(self): | ||||||
|         time.sleep(5) |         time.sleep(random.randint(5, 10))  # Increased delay to avoid blocking | ||||||
|         return |         return | ||||||
| 
 | 
 | ||||||
|     def generate_query(self): |     def generate_query(self): | ||||||
|  | @ -319,7 +334,6 @@ class GoogleEnum(enumratorBaseThreaded): | ||||||
|             query = "site:{domain} -www.{domain}".format(domain=self.domain) |             query = "site:{domain} -www.{domain}".format(domain=self.domain) | ||||||
|         return query |         return query | ||||||
| 
 | 
 | ||||||
| 
 |  | ||||||
| class YahooEnum(enumratorBaseThreaded): | class YahooEnum(enumratorBaseThreaded): | ||||||
|     def __init__(self, domain, subdomains=None, q=None, silent=False, verbose=True): |     def __init__(self, domain, subdomains=None, q=None, silent=False, verbose=True): | ||||||
|         subdomains = subdomains or [] |         subdomains = subdomains or [] | ||||||
|  | @ -343,7 +357,7 @@ class YahooEnum(enumratorBaseThreaded): | ||||||
|                 link = re.sub("<(\/)?b>", "", link) |                 link = re.sub("<(\/)?b>", "", link) | ||||||
|                 if not link.startswith('http'): |                 if not link.startswith('http'): | ||||||
|                     link = "http://" + link |                     link = "http://" + link | ||||||
|                 subdomain = urlparse.urlparse(link).netloc |                 subdomain = urlparse(link).netloc | ||||||
|                 if not subdomain.endswith(self.domain): |                 if not subdomain.endswith(self.domain): | ||||||
|                     continue |                     continue | ||||||
|                 if subdomain and subdomain not in self.subdomains and subdomain != self.domain: |                 if subdomain and subdomain not in self.subdomains and subdomain != self.domain: | ||||||
|  | @ -390,7 +404,7 @@ class AskEnum(enumratorBaseThreaded): | ||||||
|             for link in links_list: |             for link in links_list: | ||||||
|                 if not link.startswith('http'): |                 if not link.startswith('http'): | ||||||
|                     link = "http://" + link |                     link = "http://" + link | ||||||
|                 subdomain = urlparse.urlparse(link).netloc |                 subdomain = urlparse(link).netloc | ||||||
|                 if subdomain not in self.subdomains and subdomain != self.domain: |                 if subdomain not in self.subdomains and subdomain != self.domain: | ||||||
|                     if self.verbose: |                     if self.verbose: | ||||||
|                         self.print_("%s%s: %s%s" % (R, self.engine_name, W, subdomain)) |                         self.print_("%s%s: %s%s" % (R, self.engine_name, W, subdomain)) | ||||||
|  | @ -439,7 +453,7 @@ class BingEnum(enumratorBaseThreaded): | ||||||
|                 link = re.sub('<(\/)?strong>|<span.*?>|<|>', '', link) |                 link = re.sub('<(\/)?strong>|<span.*?>|<|>', '', link) | ||||||
|                 if not link.startswith('http'): |                 if not link.startswith('http'): | ||||||
|                     link = "http://" + link |                     link = "http://" + link | ||||||
|                 subdomain = urlparse.urlparse(link).netloc |                 subdomain = urlparse(link).netloc | ||||||
|                 if subdomain not in self.subdomains and subdomain != self.domain: |                 if subdomain not in self.subdomains and subdomain != self.domain: | ||||||
|                     if self.verbose: |                     if self.verbose: | ||||||
|                         self.print_("%s%s: %s%s" % (R, self.engine_name, W, subdomain)) |                         self.print_("%s%s: %s%s" % (R, self.engine_name, W, subdomain)) | ||||||
|  | @ -482,7 +496,7 @@ class BaiduEnum(enumratorBaseThreaded): | ||||||
|                 link = re.sub('<.*?>|>|<| ', '', link) |                 link = re.sub('<.*?>|>|<| ', '', link) | ||||||
|                 if not link.startswith('http'): |                 if not link.startswith('http'): | ||||||
|                     link = "http://" + link |                     link = "http://" + link | ||||||
|                 subdomain = urlparse.urlparse(link).netloc |                 subdomain = urlparse(link).netloc | ||||||
|                 if subdomain.endswith(self.domain): |                 if subdomain.endswith(self.domain): | ||||||
|                     subdomain_list.append(subdomain) |                     subdomain_list.append(subdomain) | ||||||
|                     if subdomain not in self.subdomains and subdomain != self.domain: |                     if subdomain not in self.subdomains and subdomain != self.domain: | ||||||
|  | @ -544,7 +558,7 @@ class NetcraftEnum(enumratorBaseThreaded): | ||||||
|     def get_next(self, resp): |     def get_next(self, resp): | ||||||
|         link_regx = re.compile('<a.*?href="(.*?)">Next Page') |         link_regx = re.compile('<a.*?href="(.*?)">Next Page') | ||||||
|         link = link_regx.findall(resp) |         link = link_regx.findall(resp) | ||||||
|         url = 'http://searchdns.netcraft.com' + link[0] |         url = 'http://searchdns.netcraft.com' + link[0] if link else '' | ||||||
|         return url |         return url | ||||||
| 
 | 
 | ||||||
|     def create_cookies(self, cookie): |     def create_cookies(self, cookie): | ||||||
|  | @ -552,7 +566,7 @@ class NetcraftEnum(enumratorBaseThreaded): | ||||||
|         cookies_list = cookie[0:cookie.find(';')].split("=") |         cookies_list = cookie[0:cookie.find(';')].split("=") | ||||||
|         cookies[cookies_list[0]] = cookies_list[1] |         cookies[cookies_list[0]] = cookies_list[1] | ||||||
|         # hashlib.sha1 requires utf-8 encoded str |         # hashlib.sha1 requires utf-8 encoded str | ||||||
|         cookies['netcraft_js_verification_response'] = hashlib.sha1(urllib.unquote(cookies_list[1]).encode('utf-8')).hexdigest() |         cookies['netcraft_js_verification_response'] = hashlib.sha1(unquote(cookies_list[1]).encode('utf-8')).hexdigest() | ||||||
|         return cookies |         return cookies | ||||||
| 
 | 
 | ||||||
|     def get_cookies(self, headers): |     def get_cookies(self, headers): | ||||||
|  | @ -582,7 +596,7 @@ class NetcraftEnum(enumratorBaseThreaded): | ||||||
|         try: |         try: | ||||||
|             links_list = link_regx.findall(resp) |             links_list = link_regx.findall(resp) | ||||||
|             for link in links_list: |             for link in links_list: | ||||||
|                 subdomain = urlparse.urlparse(link).netloc |                 subdomain = urlparse(link).netloc | ||||||
|                 if not subdomain.endswith(self.domain): |                 if not subdomain.endswith(self.domain): | ||||||
|                     continue |                     continue | ||||||
|                 if subdomain and subdomain not in self.subdomains and subdomain != self.domain: |                 if subdomain and subdomain not in self.subdomains and subdomain != self.domain: | ||||||
|  | @ -606,72 +620,137 @@ class DNSdumpster(enumratorBaseThreaded): | ||||||
|         return |         return | ||||||
| 
 | 
 | ||||||
|     def check_host(self, host): |     def check_host(self, host): | ||||||
|         is_valid = False |         if self.verbose: | ||||||
|         Resolver = dns.resolver.Resolver() |             self.print_("%s%s: %s%s" % (R, self.engine_name, W, host)) | ||||||
|         Resolver.nameservers = ['8.8.8.8', '8.8.4.4'] |         self.live_subdomains.append(host) | ||||||
|         self.lock.acquire() |         return True | ||||||
|         try: |  | ||||||
|             ip = Resolver.query(host, 'A')[0].to_text() |  | ||||||
|             if ip: |  | ||||||
|                 if self.verbose: |  | ||||||
|                     self.print_("%s%s: %s%s" % (R, self.engine_name, W, host)) |  | ||||||
|                 is_valid = True |  | ||||||
|                 self.live_subdomains.append(host) |  | ||||||
|         except: |  | ||||||
|             pass |  | ||||||
|         self.lock.release() |  | ||||||
|         return is_valid |  | ||||||
| 
 | 
 | ||||||
|     def req(self, req_method, url, params=None): |     def req(self, req_method, url, params=None): | ||||||
|         params = params or {} |         params = params or {} | ||||||
|         headers = dict(self.headers) |         headers = dict(self.headers) | ||||||
|         headers['Referer'] = 'https://dnsdumpster.com' |         headers.update({ | ||||||
|  |             'Referer': 'https://dnsdumpster.com/', | ||||||
|  |             'Origin': 'https://dnsdumpster.com', | ||||||
|  |             'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', | ||||||
|  |             'Content-Type': 'application/x-www-form-urlencoded', | ||||||
|  |             'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36' | ||||||
|  |         }) | ||||||
|  |          | ||||||
|         try: |         try: | ||||||
|             if req_method == 'GET': |             if req_method == 'GET': | ||||||
|                 resp = self.session.get(url, headers=headers, timeout=self.timeout) |                 resp = self.session.get(url, headers=headers, timeout=self.timeout, verify=False) | ||||||
|             else: |             else: | ||||||
|                 resp = self.session.post(url, data=params, headers=headers, timeout=self.timeout) |                 # Add CSRF token to headers if available in cookies | ||||||
|  |                 if 'csrftoken' in self.session.cookies: | ||||||
|  |                     headers['X-CSRFToken'] = self.session.cookies['csrftoken'] | ||||||
|  |                 resp = self.session.post(url, data=params, headers=headers, timeout=self.timeout, verify=False) | ||||||
|  |              | ||||||
|  |             return resp if resp else None | ||||||
|         except Exception as e: |         except Exception as e: | ||||||
|             self.print_(e) |             self.print_(R + "[!] DNSdumpster request error: " + str(e) + W) | ||||||
|             resp = None |             return None | ||||||
|         return self.get_response(resp) |  | ||||||
| 
 | 
 | ||||||
|     def get_csrftoken(self, resp): |     def get_csrftoken(self, resp): | ||||||
|         csrf_regex = re.compile('<input type="hidden" name="csrfmiddlewaretoken" value="(.*?)">', re.S) |         """Extract CSRF token from response - Updated for robustness""" | ||||||
|         token = csrf_regex.findall(resp)[0] |         try: | ||||||
|         return token.strip() |             if not resp or not hasattr(resp, 'text'): | ||||||
|  |                 return None | ||||||
|  |              | ||||||
|  |             # Look for the hidden input field named 'csrfmiddlewaretoken' | ||||||
|  |             # (Note: Use a generic pattern to find the value of this input) | ||||||
|  |             csrf_regex = re.compile(r"name=['\"]csrfmiddlewaretoken['\"]\s+value=['\"]([^'\"]+)['\"]") | ||||||
|  |             match = csrf_regex.search(resp.text) | ||||||
|  |              | ||||||
|  |             if match: | ||||||
|  |                 token = match.group(1).strip() | ||||||
|  |                 if token and len(token) > 10:  | ||||||
|  |                     return token | ||||||
|  | 
 | ||||||
|  |             # Fallback to check other known patterns | ||||||
|  |              | ||||||
|  |             return None | ||||||
|  |         except Exception as e: | ||||||
|  |             self.print_(R + "[!] Error parsing CSRF token: " + str(e) + W) | ||||||
|  |             return None | ||||||
| 
 | 
 | ||||||
|     def enumerate(self): |     def enumerate(self): | ||||||
|         self.lock = threading.BoundedSemaphore(value=70) |         self.lock = threading.BoundedSemaphore(value=70) | ||||||
|         resp = self.req('GET', self.base_url) |          | ||||||
|         token = self.get_csrftoken(resp) |         try: | ||||||
|         params = {'csrfmiddlewaretoken': token, 'targetip': self.domain} |             # 1. Initial GET request to get the session cookie and CSRF token | ||||||
|         post_resp = self.req('POST', self.base_url, params) |             resp = self.req('GET', self.base_url) | ||||||
|         self.extract_domains(post_resp) |              | ||||||
|         for subdomain in self.subdomains: |             if not resp or not hasattr(resp, 'text'): | ||||||
|             t = threading.Thread(target=self.check_host, args=(subdomain,)) |                 self.print_(R + "[!] DNSdumpster: Could not connect or get initial page." + W) | ||||||
|             t.start() |                 return [] | ||||||
|             t.join() |              | ||||||
|         return self.live_subdomains |             # 2. Extract CSRF token (uses the updated get_csrftoken) | ||||||
|  |             token = self.get_csrftoken(resp) | ||||||
|  |              | ||||||
|  |             if not token: | ||||||
|  |                 self.print_(R + "[!] DNSdumpster: Could not get CSRF token. Site layout may have changed again." + W) | ||||||
|  |                 return [] | ||||||
|  |              | ||||||
|  |             # 3. Prepare POST data with the required token and domain | ||||||
|  |             params = { | ||||||
|  |                 'csrfmiddlewaretoken': token, | ||||||
|  |                 'targetip': self.domain, | ||||||
|  |             } | ||||||
|  |              | ||||||
|  |             # 4. POST request | ||||||
|  |             post_resp = self.req('POST', self.base_url, params) | ||||||
|  |              | ||||||
|  |             if not post_resp or not hasattr(post_resp, 'text'): | ||||||
|  |                 self.print_(R + "[!] DNSdumpster: No valid response after POST request." + W) | ||||||
|  |                 return [] | ||||||
|  |              | ||||||
|  |             # 5. Extract domains from response | ||||||
|  |             self.extract_domains(post_resp.text) | ||||||
|  |              | ||||||
|  |             for subdomain in self.subdomains: | ||||||
|  |                 self.check_host(subdomain) | ||||||
|  |              | ||||||
|  |             return self.live_subdomains | ||||||
|  |              | ||||||
|  |         except Exception as e: | ||||||
|  |             self.print_(R + "[!] DNSdumpster error in enumerate: " + str(e) + W) | ||||||
|  |             return [] | ||||||
| 
 | 
 | ||||||
|     def extract_domains(self, resp): |     def extract_domains(self, resp): | ||||||
|         tbl_regex = re.compile('<a name="hostanchor"><\/a>Host Records.*?<table.*?>(.*?)</table>', re.S) |         """Extract subdomains from HTML response""" | ||||||
|         link_regex = re.compile('<td class="col-md-4">(.*?)<br>', re.S) |         links = set() | ||||||
|         links = [] |  | ||||||
|         try: |  | ||||||
|             results_tbl = tbl_regex.findall(resp)[0] |  | ||||||
|         except IndexError: |  | ||||||
|             results_tbl = '' |  | ||||||
|         links_list = link_regex.findall(results_tbl) |  | ||||||
|         links = list(set(links_list)) |  | ||||||
|         for link in links: |  | ||||||
|             subdomain = link.strip() |  | ||||||
|             if not subdomain.endswith(self.domain): |  | ||||||
|                 continue |  | ||||||
|             if subdomain and subdomain not in self.subdomains and subdomain != self.domain: |  | ||||||
|                 self.subdomains.append(subdomain.strip()) |  | ||||||
|         return links |  | ||||||
|          |          | ||||||
|  |         try: | ||||||
|  |             # Pattern 1: Table rows with subdomains | ||||||
|  |             table_pattern = r'<td class="col-md-4">([a-zA-Z0-9][-a-zA-Z0-9]*(?:\.[a-zA-Z0-9][-a-zA-Z0-9]*)*\.' + re.escape(self.domain) + r')' | ||||||
|  |             matches = re.findall(table_pattern, resp, re.IGNORECASE) | ||||||
|  |             links.update(matches) | ||||||
|  |              | ||||||
|  |             # Pattern 2: Any subdomain mention | ||||||
|  |             subdomain_pattern = r'(?:^|[>\s])([a-zA-Z0-9][-a-zA-Z0-9]*(?:\.[a-zA-Z0-9][-a-zA-Z0-9]*)*\.' + re.escape(self.domain) + r')(?:[<\s]|$)' | ||||||
|  |             matches = re.findall(subdomain_pattern, resp, re.IGNORECASE | re.MULTILINE) | ||||||
|  |             links.update(matches) | ||||||
|  |              | ||||||
|  |             # Pattern 3: Host Records section | ||||||
|  |             host_records_pattern = r'<a name="hostanchor">.*?<table[^>]*>(.*?)</table>' | ||||||
|  |             host_section = re.search(host_records_pattern, resp, re.DOTALL | re.IGNORECASE) | ||||||
|  |             if host_section: | ||||||
|  |                 subdomain_in_table = r'>([a-zA-Z0-9][-a-zA-Z0-9]*(?:\.[a-zA-Z0-9][-a-zA-Z0-9]*)*\.' + re.escape(self.domain) + r')<' | ||||||
|  |                 matches = re.findall(subdomain_in_table, host_section.group(1), re.IGNORECASE) | ||||||
|  |                 links.update(matches) | ||||||
|  |              | ||||||
|  |         except Exception as e: | ||||||
|  |             self.print_(R + "[!] Error extracting domains: " + str(e) + W) | ||||||
|  |          | ||||||
|  |         # Process found links | ||||||
|  |         for link in links: | ||||||
|  |             subdomain = link.strip().lower() | ||||||
|  |             # Validate subdomain | ||||||
|  |             if subdomain.endswith(self.domain) and subdomain != self.domain: | ||||||
|  |                 if subdomain not in self.subdomains: | ||||||
|  |                     self.subdomains.append(subdomain) | ||||||
|  |          | ||||||
|  |         return list(links) | ||||||
| 
 | 
 | ||||||
| class Virustotal(enumratorBaseThreaded): | class Virustotal(enumratorBaseThreaded): | ||||||
|     def __init__(self, domain, subdomains=None, q=None, silent=False, verbose=True): |     def __init__(self, domain, subdomains=None, q=None, silent=False, verbose=True): | ||||||
|  | @ -904,7 +983,7 @@ def main(domain, threads, savefile, ports, silent, verbose, enable_bruteforce, e | ||||||
|     if not domain.startswith('http://') or not domain.startswith('https://'): |     if not domain.startswith('http://') or not domain.startswith('https://'): | ||||||
|         domain = 'http://' + domain |         domain = 'http://' + domain | ||||||
| 
 | 
 | ||||||
|     parsed_domain = urlparse.urlparse(domain) |     parsed_domain = urlparse(domain) | ||||||
| 
 | 
 | ||||||
|     if not silent: |     if not silent: | ||||||
|         print(B + "[-] Enumerating subdomains now for %s" % parsed_domain.netloc + W) |         print(B + "[-] Enumerating subdomains now for %s" % parsed_domain.netloc + W) | ||||||
|  | @ -926,13 +1005,12 @@ def main(domain, threads, savefile, ports, silent, verbose, enable_bruteforce, e | ||||||
|                          } |                          } | ||||||
| 
 | 
 | ||||||
|     chosenEnums = [] |     chosenEnums = [] | ||||||
| 
 |  | ||||||
|     if engines is None: |     if engines is None: | ||||||
|         chosenEnums = [ |         chosenEnums = [ | ||||||
|             BaiduEnum, YahooEnum, GoogleEnum, BingEnum, AskEnum, |         BaiduEnum, YahooEnum, GoogleEnum, BingEnum, AskEnum, | ||||||
|             NetcraftEnum, DNSdumpster, Virustotal, ThreatCrowd, |         NetcraftEnum, DNSdumpster, ThreatCrowd, | ||||||
|             CrtSearch, PassiveDNS |         CrtSearch, PassiveDNS | ||||||
|         ] |     ] | ||||||
|     else: |     else: | ||||||
|         engines = engines.split(',') |         engines = engines.split(',') | ||||||
|         for engine in engines: |         for engine in engines: | ||||||
|  |  | ||||||
		Loading…
	
		Reference in New Issue