-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Script hostmap-crtsh does not return just subdomains #2183
Labels
Comments
The original idea was subdomains but I do see value of discovering other domains, possibly malicious used for phishing. I think the best way would be to add an argument so we support both use cases. Ps. Thanks for updating the script! We are currently down to only 1 hostmap script, hostmap-robtex is still broken! |
Hi! I would like to work on it. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The script is described as
At the moment the script reports all hostname-like identities where the input/target hostname is present somewhere in the identity. Specifically, the script does not verify that a returned identity is truly a subdomain of the target hostname.
As an example, one of the returned identities for
google.com
isgoogle.com.gr
. An even more egregious example is thatwww.google.com
returnswww.google.com-----------------r.reflectiz.com
.I am inclined to fix this but first I am soliciting feedback whether there are users that use the script to fish out domains that are not strictly subdomains. One possibility is to control the script behavior with a script argument.
The text was updated successfully, but these errors were encountered: