Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Unexpected behavior in dns + patterns #364

Open
secu77 opened this issue Nov 2, 2022 · 1 comment
Open

Unexpected behavior in dns + patterns #364

secu77 opened this issue Nov 2, 2022 · 1 comment

Comments

@secu77
Copy link

secu77 commented Nov 2, 2022

Hello,

I was trying the dns mode combined with the "patterns", but I'm not getting the expected results:

  • I'm trying to fuzz subdomains of westeurope.cloudapp.azure.com.
  • I'm using a basic wordlist with words like: dev, prod, test, etc.
  • I intend to use a pattern list containing patters like: <org>-{GOBUSTER}, producing a result like: acme-dev.westeurope.cloudapp.azure.com

Under this context, I form the command to launch which is as follows: gobuster dns -d westeurope.cloudapp.azure.com -t 1 -w wordlist.txt -p patterns.txt -o results.txt -v

wordlist.txt

dev
test
prod
testing
demo
demoapp
beta
alpha

patterns.txt

acme-{GOBUSTER}
acme-{GOBUSTER}dev
acme-{GOBUSTER}build
acme-{GOBUSTER}demo
{GOBUSTER}-acme

But, when fuzzing starts, I notice in the results subdomains like: "dev.westeurope.cloudapp.azure.com" or "test.westeurope.cloudapp.azure.com".

By enabling the verbose, I can see that the patterns are being used, but how can I prevent DNS queries that do not use the pattern from being made?

image_2022-11-02_10-43-51

Best regards and thanks in advance

@firefart
Copy link
Collaborator

firefart commented Nov 2, 2022

Hi,
the pattern is currently in addition to the wordlist. Will look into adding a switch to disable this behaviour.

# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants