From a83eb839d08fe0bf9f083d3818bc1818c061dbff Mon Sep 17 00:00:00 2001 From: Sajad Parra Date: Mon, 6 Dec 2021 14:31:32 +0530 Subject: [PATCH 1/3] while probing remove wildcard from domain if detected and then process --- runner/runner.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/runner/runner.go b/runner/runner.go index 1536102a3..130ac8bf1 100644 --- a/runner/runner.go +++ b/runner/runner.go @@ -712,7 +712,8 @@ func (r *Runner) targets(hp *httpx.HTTPX, target string) chan string { // * // spaces if strings.ContainsAny(target, " *") { - return + // trim *. from the target to return the domain instead of wildard + target = strings.Trim(target, "*.") } // test if the target is a cidr From 2a05756f8b558b90489c2720e6934179cbb6005d Mon Sep 17 00:00:00 2001 From: Sajad Parra Date: Mon, 6 Dec 2021 17:51:14 +0530 Subject: [PATCH 2/3] trim prefix . from target ##447 --- runner/runner.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/runner/runner.go b/runner/runner.go index 130ac8bf1..610124c62 100644 --- a/runner/runner.go +++ b/runner/runner.go @@ -711,9 +711,9 @@ func (r *Runner) targets(hp *httpx.HTTPX, target string) chan string { // A valid target does not contain: // * // spaces - if strings.ContainsAny(target, " *") { - // trim *. from the target to return the domain instead of wildard - target = strings.Trim(target, "*.") + if strings.ContainsAny(target, "*") || strings.HasPrefix(target, ".") { + // trim * and/or . (prefix) from the target to return the domain instead of wildard + target = strings.TrimPrefix(strings.Trim(target, "*"), ".") } // test if the target is a cidr From b0b3ae00749e2c4c054548cdbb85f316ed3b21a5 Mon Sep 17 00:00:00 2001 From: Sajad Parra Date: Tue, 7 Dec 2021 15:53:23 +0530 Subject: [PATCH 3/3] add check to ignore duplicate target #447 --- runner/runner.go | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/runner/runner.go b/runner/runner.go index 610124c62..e997aa680 100644 --- a/runner/runner.go +++ b/runner/runner.go @@ -653,15 +653,24 @@ func (r *Runner) process(t string, wg *sizedwaitgroup.SizedWaitGroup, hp *httpx. if scanopts.TLSProbe && result.TLSData != nil { scanopts.TLSProbe = false for _, tt := range result.TLSData.DNSNames { + if !r.testAndSet(tt) { + continue + } r.process(tt, wg, hp, protocol, scanopts, output) } for _, tt := range result.TLSData.CommonName { + if !r.testAndSet(tt) { + continue + } r.process(tt, wg, hp, protocol, scanopts, output) } } if scanopts.CSPProbe && result.CSPData != nil { scanopts.CSPProbe = false for _, tt := range result.CSPData.Domains { + if !r.testAndSet(tt) { + continue + } r.process(tt, wg, hp, protocol, scanopts, output) } } @@ -686,9 +695,15 @@ func (r *Runner) process(t string, wg *sizedwaitgroup.SizedWaitGroup, hp *httpx. if scanopts.TLSProbe && result.TLSData != nil { scanopts.TLSProbe = false for _, tt := range result.TLSData.DNSNames { + if !r.testAndSet(tt) { + continue + } r.process(tt, wg, hp, protocol, scanopts, output) } for _, tt := range result.TLSData.CommonName { + if !r.testAndSet(tt) { + continue + } r.process(tt, wg, hp, protocol, scanopts, output) } } @@ -711,9 +726,12 @@ func (r *Runner) targets(hp *httpx.HTTPX, target string) chan string { // A valid target does not contain: // * // spaces - if strings.ContainsAny(target, "*") || strings.HasPrefix(target, ".") { + if strings.ContainsAny(target, "*") || strings.HasPrefix(target, ".") { // trim * and/or . (prefix) from the target to return the domain instead of wildard target = strings.TrimPrefix(strings.Trim(target, "*"), ".") + if !r.testAndSet(target) { + return + } } // test if the target is a cidr