-
-
Notifications
You must be signed in to change notification settings - Fork 158
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Wildcard Domains with CNAME not filtered #14
Comments
Hello, Thanks for reporting the first issue, it should be fixed in a future release. There is indeed a bug preventing the wildcard detection from kicking in when the domain doesn't have an A record. For 2), this is very tricky. This is a edge case happening because the DNS server is returning a different answer for each query, effectively bypassing the wildcard filter. Trying to fix this in code could create other false positives or false negatives in other domains. Maybe there should be an option to ignore CNAME records that the user could specify on domains exhibiting this behavior but I'll have to give it more thought. |
Thank you for the response @d3mondev . Looking forward for the fix :) |
Hi ! I got the exact same problem as mentionned by @proabiral In the case of algolia.net, it returns CNAMEs that don't resolve. so "empty" key should be taken into account. Therefore, filtering-out wildcards that don't resolve would also impact ability to find potential subdomain takeovers, so if such feature is implemented, outputing CNAMEs to another file (e.g: |
I pushed an update (2.0.1) to resolve the first issue:
I'll keep this issue open while the second issue is addressed. Thanks! |
Hello,
First of all, thank you for the awesome tool.
NXDOMAIN
are not filtered. (have not checked if NOERROR with CNAME are filtered or not) .Example domain : doesnotexists.paypal.cn
Example domain : algolia.net
The text was updated successfully, but these errors were encountered: