Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Understanding the Process of we couldn't find any subdomain #47

Open
GangGreenTemperTatum opened this issue Oct 7, 2023 · 0 comments
Open

Understanding the Process of we couldn't find any subdomain #47

GangGreenTemperTatum opened this issue Oct 7, 2023 · 0 comments

Comments

@GangGreenTemperTatum
Copy link

GangGreenTemperTatum commented Oct 7, 2023
edited
Loading

Howdy

I picked a random example here: (anthropic.com)

~/sublert$ python3 sublert.py -u anthropic.com

                   _____       __    __          __
                  / ___/__  __/ /_  / /__  _____/ /_
                  \__ \/ / / / __ \/ / _ \/ ___/ __/
                 ___/ / /_/ / /_/ / /  __/ /  / /_
                /____/\__,_/_.___/_/\___/_/   \__/

             Author: Yassine Aboukir (@yassineaboukir)
                           Version: 1.4.7

[!] Added but unfortunately, we couldn't find any subdomain for anthropic.com

I am struggling to understand why no [!] Added but unfortunately, we couldn't find any subdomain for anthropic.com as an example domain, could not be found.

If I navigate to https://crt.sh/ and perform a query for the Certificate Transparency DB, I do see matching entries:

image

10552791737 2023-10-01 2023-09-29 2023-12-28 anthropic.com anthropic.com C=US, O=Google Trust Services LLC, CN=GTS CA 1D4
10530892335 2023-09-29 2023-09-29 2023-12-28 anthropic.com anthropic.com C=US, O=Google Trust Services LLC, CN=GTS CA 1D4

10552791737 2023-10-01 2023-09-29 2023-12-28 anthropic.com anthropic.com C=US, O=Google Trust Services LLC, CN=GTS CA 1D4
10530892335 2023-09-29 2023-09-29 2023-12-28 anthropic.com anthropic.com C=US, O=Google Trust Services LLC, CN=GTS CA 1D4

I can confirm this is not a DNS-related error for example:

;; ANSWER SECTION:
anthropic.com.		300	IN	A	160.79.104.10

I ran a packet-capture on the host, I see the following DNS resolution process being performed:

~$ sudo tcpdump -i any 'udp and port 53' -nvv
tcpdump: data link type LINUX_SLL2
tcpdump: listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
00:00:51.897858 ens4  Out IP (tos 0x0, ttl 64, id 6162, offset 0, flags [DF], proto UDP (17), length 52)
    10.128.0.4.36219 > 169.254.169.254.53: [bad udp cksum 0x5eb2 -> 0x8842!] 43500+ A? crt.sh. (24)
00:00:51.897862 ens4  Out IP (tos 0x0, ttl 64, id 6163, offset 0, flags [DF], proto UDP (17), length 52)
    10.128.0.4.36219 > 169.254.169.254.53: [bad udp cksum 0x5eb2 -> 0x8333!] 44768+ AAAA? crt.sh. (24)
00:00:51.901073 ens4  In  IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 68)
    169.254.169.254.53 > 10.128.0.4.36219: [udp sum ok] 43500 q: A? crt.sh. 1/0/0 crt.sh. A 91.199.212.73 (40)
00:00:51.901075 ens4  In  IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 80)
    169.254.169.254.53 > 10.128.0.4.36219: [udp sum ok] 44768 q: AAAA? crt.sh. 1/0/0 crt.sh. AAAA 2a0e:ac00:c7:d449::5bc7:d449 (52)

This looks identical to a working example:

:~/sublert$ python3 sublert.py -u openai.com

                   _____       __    __          __
                  / ___/__  __/ /_  / /__  _____/ /_
                  \__ \/ / / / __ \/ / _ \/ ___/ __/
                 ___/ / /_/ / /_/ / /  __/ /  / /_
                /____/\__,_/_.___/_/\___/_/   \__/

             Author: Yassine Aboukir (@yassineaboukir)
                           Version: 1.4.7

[+] Adding openai.com to the monitored list of domains.

[?] Do you wish to list subdomains found for openai.com? [Y]es [N]o (default: [N]) y


...

00:05:00.194661 ens4  Out IP (tos 0x0, ttl 64, id 27180, offset 0, flags [DF], proto UDP (17), length 52)
    10.128.0.4.39400 > 169.254.169.254.53: [bad udp cksum 0x5eb2 -> 0x49f6!] 56267+ A? crt.sh. (24)
00:05:00.194666 ens4  Out IP (tos 0x0, ttl 64, id 27181, offset 0, flags [DF], proto UDP (17), length 52)
    10.128.0.4.39400 > 169.254.169.254.53: [bad udp cksum 0x5eb2 -> 0x58e5!] 52417+ AAAA? crt.sh. (24)
00:05:00.198196 ens4  In  IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 80)
    169.254.169.254.53 > 10.128.0.4.39400: [udp sum ok] 52417 q: AAAA? crt.sh. 1/0/0 crt.sh. AAAA 2a0e:ac00:c7:d449::5bc7:d449 (52)
00:05:00.198496 ens4  In  IP (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 68)
    169.254.169.254.53 > 10.128.0.4.39400: [udp sum ok] 56267 q: A? crt.sh. 1/0/0 crt.sh. A 91.199.212.73 (40)

crt.sh here

Can somebody nudge me in the correct direction here? Is there a debug functionality I can run to understand why I yield zero results?

TYIA!
@GangGreenTemperTatum GangGreenTemperTatum changed the title Understanding the Process of Understanding the Process of we couldn't find any subdomain Oct 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GangGreenTemperTatum