blark / aiodnsbrute Goto Github PK
View Code? Open in Web Editor NEWPython 3.5+ DNS asynchronous brute force utility
License: GNU General Public License v3.0
aiodnsbrute's People
Contributors
Stargazers
Watchers
Forkers
methos2016 grukz 4nh51rk p0x exploitcollection w00t3k ankushgoel27 3453-315h b13bs vimokumar carlcj hsis007 deeby 0patch orf53975 w1ck3dth1ngs k0x557 exploit-inters juntian1983 sasqwatch z3v2cicidi alilangtest seymer weeshlow dirkwilken goupodro marciopocebon d1pakda5 sha-512 raystyle joeldeleep averroes sumgr0 bill-greybeard dankmemes bevennyamande xstpl ahmedsakrr iamstoxe chubbymaggie keystroke95 masterscott optionalg princejnr ldbfpiaoran clicknull terabytechris elamaran619 chazmacc 5l1v3r1 humble-desser cybersecurity-team bonedaddy sleepyeinstein chanpu9 mmg1 marvel2199 cesarhub ph0sph8 admdev8 ravkishu 6igsmok3y 7rust hartl3y94 fuzzy-one cartylinuxcpu mihailotomic trickest-community father-stalin naphtaline modulexcite sinsixx ymgh96 butong21 123ysys limkokholefork gvilkson z10mx7 yalonso7 gh-balthazarbratt mlynchcogent c0axial jackienguyen-be-dev carboncrystal injacker comk88 madusec directlx xmardus nadiaschutz wavesurfmaster informaticacba gprime31 hxlxmjxbbxs aking23t jonas807900643 dusheeno p4n7h3rx superuser5 nxg-7aiodnsbrute's Issues
directory traversal Bug
●When reading a dictionary file with "os.path.dirname (os.path.realpath (__ file__)))", it is possible to read arbitrary directories.
●You can resolve by specifying the base directory. (Example using * startswith)
os.path.realpath("/../../../../../..//etc/passwd").startswith("/root/pen/aiodnsbrute/aiodnsbrute")
False
●PoC
python3 cli.py -w /../../../../../etc/passwd -vv -t 1024 example.com
[] Brute forcing example.com with a maximum of 1024 concurrent tasks...
[] Wordlist loaded, brute forcing 54 DNS records
[*] Using recursive DNS with the following servers: ['192.168.31.2']
[-] Debian-gdm:x:131:139:Gnome Display Manager:/var/lib/gdm3:/bin/false.example.com generated an unexpected exception: encoding with 'idna' codec failed (UnicodeError: label empty or too long)
aiodnsbrute: command not found
aiodnsbrute: command not found
get this when iam running it. Why does it now recognize the command?
Pipsi Install Fails | Fails to create virtualenv
I've tried following the documentation for installing aiodnsbrute but having some issues. I'm running on MAC OS X so not sure if that is part of the issue but I've installed virtualenv via brew, and also installed pipsi as documented in the README file.
Where I have issues is when I attempt to invoke: pipsi install . from within the repo directory. Here is the output I receive:
$ pipsi install . Running virtualenv with interpreter /Users/user/.local/venvs/pipsi/bin/python3.6 Using base prefix '/usr/local/Cellar/python/3.6.4_3/bin/../Frameworks/Python.framework/Versions/3.6' New python executable in /Users/user/.local/venvs/aiodnsbrute/bin/python3.6 Also creating executable in /Users/user/.local/venvs/aiodnsbrute/bin/python ERROR: The executable /Users/user/.local/venvs/aiodnsbrute/bin/python3.6 is not functioning ERROR: It thinks sys.prefix is '/usr/local/Cellar/python/3.6.4_3/Frameworks/Python.framework/Versions/3.6' (should be '/Users/user/.local/venvs/aiodnsbrute') ERROR: virtualenv is not compatible with this system or executable Failed to create virtualenv. Aborting.
Note that the python3.6 binary it seems to depends on does not exist for me:
$ file /Users/user/.local/venvs/aiodnsbrute/bin/python3.6 /Users/user/.local/venvs/aiodnsbrute/bin/python3.6: cannot open `/Users/user/.local/venvs/aiodnsbrute/bin/python3.6' (No such file or directory)
Any assistance would be greatly appreciated. Cheers!
stdout differences between locales
We came across an issue where output is unique with LANG=en_US which is causing issues with automation. While we can work around it by forcing LANG=en_US it's still vexing.
# python --version
Python 3.8.0
# locale -a
C
C.UTF-8
en_US
en_US.iso88591
en_US.utf8
POSIX
Here is what we expect:
# export LANG=en_US
# aiodnsbrute --no-verify --gethostbyname -f - -o json example.org
[{"domain": "www.example.org", "ip": ["93.184.216.34"]}]
When LANG is not one of the en* locales, things I expect to be on stderr come out on stdout.
# export LANG=C.UTF-8
# aiodnsbrute --no-verify --gethostbyname -f - -o json example.org
[*] Brute forcing example.org with a maximum of 512 concurrent tasks...
[!] Skipping domain verification. YOLO!
[*] Using recursive DNS with the following servers: ['8.8.8.8', '8.8.4.4', '114.114.114.114']
[*] No wildcard response was detected for this domain.
[*] Using pycares `gethostbyname` function to perform lookups, CNAME data will be appended to results (** denotes CNAME, show actual name with -vv)
[*] Wordlist loaded, proceeding with 1000 DNS requests
[+] www.example.org ['93.184.216.34']
100%|███████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████| 1000/1000 [00:06<00:00, 163.37rec/s]
[*] Completed, 1 subdomains found
# export LANG=en_US.utf8
# aiodnsbrute --no-verify --gethostbyname -f - -o json example.org
[{"domain": "www.example.org", "ip": ["93.184.216.34"]}]
Is this an issue in aiodnsbrute, or an issue in an underlying library used, or a problem between monitor & chair?
License mismatch
The setup.py file says the license is BSD but the LICENSE.txt file that it's GPLv3.
Which one is the right license?
UnicodeDecodeError and AttributeError
Hello, thanks for creating this tool. I wanted to try it out but there seem to be 2 issues that I am facing:
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xf3 in position 167457: invalid continuation byteAttributeError: 'aioDNSBrute' object has no attribute 'pbar'
I followed the steps to create virtualenv as per instructions and also installed the application using pipsi install ..
Below is the full error message:
root@kali:/opt# aiodnsbrute -w test.txt -vv -t 1024 google.com
[*] Brute forcing google.com with a maximum of 1024 concurrent tasks...
Traceback (most recent call last):
File "/root/.local/venvs/aiodnsbrute/lib/python3.5/site-packages/aiodnsbrute/cli.py", line 86, in run
w = words.read().splitlines()
File "/root/.local/venvs/aiodnsbrute/lib/python3.5/codecs.py", line 321, in decode
(result, consumed) = self._buffer_decode(data, self.errors, final)
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xf3 in position 167457: invalid continuation byte
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/root/.local/bin/aiodnsbrute", line 11, in <module>
sys.exit(main())
File "/root/.local/venvs/aiodnsbrute/lib/python3.5/site-packages/click/core.py", line 722, in __call__
return self.main(*args, **kwargs)
File "/root/.local/venvs/aiodnsbrute/lib/python3.5/site-packages/click/core.py", line 697, in main
rv = self.invoke(ctx)
File "/root/.local/venvs/aiodnsbrute/lib/python3.5/site-packages/click/core.py", line 895, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/root/.local/venvs/aiodnsbrute/lib/python3.5/site-packages/click/core.py", line 535, in invoke
return callback(*args, **kwargs)
File "/root/.local/venvs/aiodnsbrute/lib/python3.5/site-packages/aiodnsbrute/cli.py", line 122, in main
results = bf.run(wordlist=wordlist, domain=domain, recursive=recursive)
File "/root/.local/venvs/aiodnsbrute/lib/python3.5/site-packages/aiodnsbrute/cli.py", line 104, in run
self.pbar.close()
AttributeError: 'aioDNSBrute' object has no attribute 'pbar'
Extract subdomains from links in webpages
This would be a helpful addition, and ideally enabled by default whenever a wildcard response is detected, in order to find the canonical name for the wildcarded IP.
Import Domains From File
As a potential feature request. It would be great if aiodnsbrute would import a list of domains from a file. This would be quite useful to perform sub-domain enumeration across multiple domains.
Update subdomain lists
https://github.com/carlbordum/common-crawl-subdomains has good data
And https://github.com/kevin91nl/common-crawl-subdomain has tools to analyse the Common Crawl data.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.