Edited analysis section to be more resilient against errors. Found subdomain candidates that began with a dot (ex .domain.com) caused the DNS query to choke. Modified exception catch block to catch unknown errors and continue around to try the next subdomain candidate.
Changed the analysis DNS requests to use dnslib for better subdomain takeover detection. The dns.resolver library could miss out on some subdomains pointing to vulnerable cloud services that returned NXDOMAIN status since the cloud service did not exist but the target domain's pointer record still existed and pointed to it.
Damian Schwyrz
fleetcaptain
kartikeya puri
fleetcaptain