Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upGitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
Script hostmap-crtsh does not return just subdomains #2183
Labels
Comments
|
The original idea was subdomains but I do see value of discovering other domains, possibly malicious used for phishing. I think the best way would be to add an argument so we support both use cases. Ps. Thanks for updating the script! We are currently down to only 1 hostmap script, hostmap-robtex is still broken! |
|
Hi! I would like to work on it. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The script is described as
At the moment the script reports all hostname-like identities where the input/target hostname is present somewhere in the identity. Specifically, the script does not verify that a returned identity is truly a subdomain of the target hostname.
As an example, one of the returned identities for
google.comisgoogle.com.gr. An even more egregious example is thatwww.google.comreturnswww.google.com-----------------r.reflectiz.com.I am inclined to fix this but first I am soliciting feedback whether there are users that use the script to fish out domains that are not strictly subdomains. One possibility is to control the script behavior with a script argument.