Firewall bypass script based on DNS history records. This script will search for DNS A history records and check if the server replies for that domain. Handy for bugbounty hunters.
License: MIT License
The command that i use it was:
C:\Users\deskc\bypass-firewalls-by-DNS-history>bash bypass-firewalls-by-DNS-history.sh -d sitewebtarget.com
The error i recive:
bypass-firewalls-by-DNS-history.sh: line 14: syntax error in conditional expression
'ypass-firewalls-by-DNS-history.sh: line 14: syntax error near ]] 'ypass-firewalls-by-DNS-history.sh: line 14: while [[ $# -gt 0
]]
curl -H 'user-agent: Mozilla' -s https://www.virustotal.com/ui/domains/bugcrowd.com/subdomains\?limit\={
"error": {
"message": "Please re-send request with a valid reCAPTCHA response in the \"x-recaptcha-response\" header",
"code": "RecaptchaRequiredError"
}Try out spyse.com for a historical DNS. Pretty similar to Securitytrails, but sometimes updates faster. Nevertheless sometimes is not, so better to use both I guess.
This is all im getting there's no ip or anything
and this is exactly what i pasted
"bash bypass-firewalls-by-DNS-history.sh -d example.com"
any help or something im doing wrong? thanks!
Hello @vincentcox ,
Its not an issue but I am curious that by abusing the DNS history can we able to access the ip / domain which is throwing 403 ?
Thank You.
{"code":"api_discontinued","message":"Cert Spotter APIv0 has been discontinued in favor of APIv1. Please see https://sslmate.com/certspotter/api/docs-v1 for documentation."}
I'm trying this:
$bash bypass-firewalls-by-DNS-history.sh -d google.com
and had this response:
bypass-firewalls-by-DNS-history.sh: line 8: syntax error near unexpected token newline' bypass-firewalls-by-DNS-history.sh: line 8: '
bypass-firewalls-by-DNS-history.sh: 13: bypass-firewalls-by-DNS-history.sh: Syntax error: "(" unexpected
Jq is installed on the sytem
#domain=example.com
#curl -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36' -s https://www.virustotal.com/ui/domains/$domain/subdomains\?limit\= | jq '.data[].id' | grep -o '"[^"]\+"' | grep "$domain" | sed 's/"//g' >> /tmp/waf-bypass-alldomains-$domain.txt
jq: error (at <stdin>:5): Cannot iterate over null (null)
#curl -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36' -s https://www.virustotal.com/ui/domains/$domain/subdomains\?limit\=
{
"error": {
"code": "RecaptchaRequiredError",
"message": "Please re-send request with a valid reCAPTCHA response in the \"x-recaptcha-response\" header"
}
}
Hey there,
great tool! SecurityTrails has a great API available for querying the information you are currently scraping from the free app. The free app regularly changes and the method you are using will not work in the future.
Our API is free of charge for your use-case and fairly easy to query, please check out
https://docs.securitytrails.com/reference#history-dns
In case you have questions, I will be around to help you switching over ;)
jq: error (at :0): Cannot index string with string "dns_names"
jq: error (at :5): Cannot iterate over null (null)
parse error: Invalid numeric literal at line 3, column 0
debian 9 and debian 10
sudo apt install jq
$ git clone https://github.com/vincentcox/bypass-firewalls-by-DNS-history
bash ./bypass-firewalls-by-DNS-history.sh -a -d dadadadada.de
I'm not sure if this is a bug or my own mistake. I tried this on Parrot OS with jq installed.
Tried both commands on three different domains, to find out if there is an equal address from those three domains. Unfortunately results are not as expected:
No bypass found;
Neither creates output file (this should?)
My input as follows...
$ bash waf.sh -d DOMAIN.BLA -o output
$ bash waf.sh -d DOMAIN.BLA -o /media/user/data/Scripts/wafbypass/output.txt
Output from terminal...
[-] 3 Domains collected...
[-] Scraping IP's from (sub)domains (100%)
[-] 24 IP's gathered from DNS history...
[-] Launching requests to origin servers...
[-] Waiting on replies from origin servers...
[-] No Bypass found!
$ locate output
returns nothing...
$ locate output.txt
returns nothing...
$ cd /media/user/data/Scripts/wafbypass/
$ ls
LICENSE README.md waf.sh
Python is installed by default on most machine, but you use jq(1) that is requires to be install. In the light of that, why do not use python -m json.tool instead?
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.