Comments (6)
Initially there was no all resolved domains list, which was causing all the tools to hang on non-existent domains. So I added the resolved list to prevent exactly this problem. Domains only get added to the list if they have been successfully resolved, so I don't see a good way to further refine the list. Last I checked, nikto didn't have a good way of detecting unreachable domains and quitting early, but I need to look again.
from chomp-scan.
we could insert the following script inside massdns function which will filter the real active web server based on response status code for curl the subdomain url and sort only 200 status code URLs .
while read LINE; do curl -o /dev/null --connect-timeout 5 --silent --head --write-out "%{http_code} $LINE\n" "$LINE" done < all_resolved_domains.txt | grep "^200.*$" | cut -d$' ' -f2 | sed 's=.*://==' | tee all_active_domain.txt
BUT all_resolved_domains.txt has to be include full url like https://www.google.com
NOT www.google.com
So if could figure out solution for this it would be great because you could match your script especially it depend on non existing http://
in the all list
AND BTW this list all_active_domains.txt
will replace all_resolved_domains.txt
in all content discovery tools, and this would save alot of time which we will brute force only excising subdomains
from chomp-scan.
So an issue I see is that many domains that are found are not false positive necessarily, they just may not have port 80 or 443 open. I don't want to exclude successfully resolved domains just because they don't have an HTTP port open.
Your script above will only find domains with 443 open and return a 200 response code, while excluding potentially many other domains and ports.
Another issue is bad DNS resolvers/results, which is why I use a different list of resolvers than comes with massdns. But I don't know a good way to make 100% sure a result is good, which inevitably leads to false positives.
Is your issue mainly with nikto? Because I can add a max scan time flag to prevent non-HTTP domains from hanging forever or a long time.
from chomp-scan.
your suggestion is appreciated BUT the questions is max scan time flag
would skip domains which have error based of non-HTTP servers only, OR it would minimize also the scan time of the potential servers .
because some servers take too long time to scan couse of it has a lot of vulnerabilities or bugs SO i do not want to skip this !
i hope you got what i meant .
from chomp-scan.
I know what you mean. I haven't added the ma scan time flag to nikto yet because I don't want it to miss anything on good HTTP domains. It's a tradeoff at this point. The total Chomp Scan time will be longer because of false positives, but to me that is better than missing out on nikto results.
Overall, my intent with Chomp Scan was never to make it the fastest tool possible overall. I did test as many individual component tools in order to find the fastest ones. No reason to make it take longer than necessary. But given all the options Chomp Scan supports, you can make it take days if you enable every tool. I think the best way to use it is to run it multiple times, even concurrently, with each set of options you want. This way you can minimize the scan time of each run, while still getting the best possible results. I will update the wiki with some suggested scanning strategies to reflect this. Also I plan on seeing if I can get some tools to run in parallel to reduce scan times.
As always, thanks for your input!
from chomp-scan.
thanks for the clarification, I appreciate your time developing this amazing script and sharing your knowledge with the community
from chomp-scan.
Related Issues (20)
- Can not understand this, i think both if statement will scan same list ! HOT 3
- [Info] Missing or fake domains. HOT 1
- What exactly this function DO? HOT 1
- ParrotOS installation error HOT 2
- file not even exist HOT 3
- suggestion install using go HOT 1
- [Error] directory error HOT 6
- Suggestion to add tool parameth HOT 3
- reconsidering redirect
- problem to set custom directory HOT 1
- HTML Dashboard Of Scan Results
- New Tool Requests HOT 4
- Suggestion to minimize running time by Nikto HOT 1
- inception is not available for download HOT 3
- amass HOT 1
- Subfinder changed HOT 1
- Bump GO to 1.16 or higher
- S3Scanner moved to pip
- Error running the script
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from chomp-scan.