better bruteforce tool, debug tqdm loading bar, better handle of erro…

…r while getting proxy
ugomeguerditchian · Sep 9, 2023 · acb6f5f · acb6f5f
1 parent d0fbf6f
commit acb6f5f
Show file tree

Hide file tree

Showing 5 changed files with 3,730 additions and 9,941 deletions.
diff --git a/default_configuration.yaml b/default_configuration.yaml
@@ -4,7 +4,6 @@ Proxy :
     activate: true
     file: null #path to file, one proxy per line
     links:
-        https://raw.githubusercontent.com/mertguvencli/http-proxy-list/main/proxy-list/data.txt : "http"
         https://raw.githubusercontent.com/TheSpeedX/PROXY-List/master/http.txt : "http"
         https://raw.githubusercontent.com/monosans/proxy-list/main/proxies/http.txt: "http"
         https://raw.githubusercontent.com/TheSpeedX/SOCKS-List/master/socks5.txt : "socks"

diff --git a/lib/configuration.py b/lib/configuration.py
@@ -106,13 +106,16 @@ def load(self):
                 logger.info("[*] Info: Proxy activated")
                 # logger.info("[*] Testing proxy...")
                 for link, type in self.config["Proxy"]["links"].items():
-                    for line in requests.get(link).text.splitlines():
-                        if type == "http":
-                            self.http_proxy.append(line)
-                        elif type == "https":
-                            self.https_proxy.append(line)
-                        elif type == "socks":
-                            self.socks_proxy.append(line)
+                    try :
+                        for line in requests.get(link).text.splitlines():
+                            if type == "http":
+                                self.http_proxy.append(line)
+                            elif type == "https":
+                                self.https_proxy.append(line)
+                            elif type == "socks":
+                                self.socks_proxy.append(line)
+                    except:
+                        logger.warning("[!] Warning: {} returned an error".format(link))
                 # self.check_proxy()
 
     def is_in_scope(self, to_test: str, mode: str):

diff --git a/manifest.json b/manifest.json
@@ -1,4 +1,4 @@
 {
-    "version": "V3.1.2",
+    "version": "V3.1.3",
     "configuration_file_version": "2.0.1"
 }
diff --git a/tools/AS_scan/brute_subs.py b/tools/AS_scan/brute_subs.py
@@ -6,17 +6,41 @@
 import lib.generics as gen
 import lib.custom_logger as custom_logger
 import time
-
+import uuid
 logger = custom_logger.logger
 
+ips = set()
+def is_wildcard(fqdn: str) -> bool:
+    """
+    Checks if the fqdn is a wildcard.
 
+    :param fqdn: A string representing the fully qualified domain name.
+    :return: A boolean indicating if the fqdn is a wildcard.
+    """
+    try:
+        random_subdomain = str(uuid.uuid4())
+        answer = dns.resolver.resolve(random_subdomain + "." + fqdn)
+        if answer:
+            # Test 100 random subdomains and store the ips inside ips set
+            for i in range(100):
+                random_subdomain = str(uuid.uuid4())
+                answer = dns.resolver.resolve(random_subdomain + "." + fqdn)
+                if answer:
+                    ips.add(str(answer[0]))
+            return True
+        else:
+            return False
+
+    except:
+        return False
 def resolve_and_store(
     resolver: dns.resolver.Resolver,
     subdomain: str,
     fqdn: str,
     config: gen.configuration,
     res: result,
     pbar: tqdm,
+    wildcard: bool = False,
 ) -> None:
     """
     Resolves the subdomain and stores the result inside res.result.
@@ -31,14 +55,15 @@ def resolve_and_store(
     try:
         answer = resolver.resolve(subdomain + "." + fqdn)
         ip = str(answer[0])
+        if ip in ips and wildcard:
+            return
         name = str(answer.qname)
         ip = ip_lib.ip(ip, config)
         res.add_fqdn(ip, name)
-        # simulate some work being done
-        time.sleep(0.1)
-        pbar.update(1)
     except:
         pass
+    finally:
+        pbar.update(1)
 
 
 def main(config: gen.configuration, res: result, name: str) -> result:
@@ -63,6 +88,11 @@ def main(config: gen.configuration, res: result, name: str) -> result:
         logger.info("[*] Skipping brute_subs")
         return
     logger.info(f"[*] Bruteforcing subdomains for {name}")
+    wildcard = False
+    if is_wildcard(name):
+        logger.info(f"[*] {name} is a wildcard")
+        wildcard = True
+
     # get wordlist inside tools/worldlists
     wordlist = f"tools/wordlists/{this_tool_config['wordlist_name']}"
     # get resolver inside tools/resolvers
@@ -82,7 +112,7 @@ def main(config: gen.configuration, res: result, name: str) -> result:
             with tqdm(total=len(subdomains), leave=False) as pbar:
                 futures = [
                     executor.submit(
-                        resolve_and_store, resolver, subdomain, fqdn, config, res, pbar
+                        resolve_and_store, resolver, subdomain, fqdn, config, res, pbar, wildcard
                     )
                     for subdomain in subdomains
                 ]