[Issue] Shodan source reports false subdomains when enumerating a subdomain

**Describe the bug**
A clear and concise description of what the bug is.

First, enumerate the parent domain.
```
  % subfinder -d hackerone.com                                                                          !10001

               __    _____           __
   _______  __/ /_  / __(_)___  ____/ /__  _____
  / ___/ / / / __ \/ /_/ / __ \/ __  / _ \/ ___/
 (__  ) /_/ / /_/ / __/ / / / / /_/ /  __/ /
/____/\__,_/_.___/_/ /_/_/ /_/\__,_/\___/_/

		projectdiscovery.io

[INF] Current subfinder version v2.6.6 (latest)
[INF] Loading provider config from /Users/gby/Library/Application Support/subfinder/provider-config.yaml
[INF] Enumerating subdomains for hackerone.com
design.hackerone.com
zendesk1.hackerone.com
3d.hackerone.com
hackerone.com
a.ns.hackerone.com
api.hackerone.com
mta-sts.managed.hackerone.com
mta-sts.forwarding.hackerone.com
support.hackerone.com
```
Then, enumerate a subdomain, and notice that zendesk2, docs, all of these subdomains suddenly appear underneath api.hackerone.com ?

```
  % subfinder -d api.hackerone.com                                                                      !10002

               __    _____           __
   _______  __/ /_  / __(_)___  ____/ /__  _____
  / ___/ / / / __ \/ /_/ / __ \/ __  / _ \/ ___/
 (__  ) /_/ / /_/ / __/ / / / / /_/ /  __/ /
/____/\__,_/_.___/_/ /_/_/ /_/\__,_/\___/_/

		projectdiscovery.io

[INF] Current subfinder version v2.6.6 (latest)
[INF] Loading provider config from /Users/gby/Library/Application Support/subfinder/provider-config.yaml
[INF] Enumerating subdomains for api.hackerone.com
zendesk2.api.hackerone.com
mta-sts.managed.api.hackerone.com
support.api.hackerone.com
mta-sts.forwarding.api.hackerone.com
gslink.api.hackerone.com
mta-sts.api.hackerone.com
resources.api.hackerone.com
www.api.hackerone.com
b.ns.api.hackerone.com
docs.api.hackerone.com
zendesk1.api.hackerone.com
_dmarc.api.hackerone.com
api.api.hackerone.com
[INF] Found 13 subdomains for api.hackerone.com in 21 seconds 284 milliseconds

```


**Subfinder version**
Include the version of subfinder you are using, `subfinder -version`
v2.6.6

The bug is exactly here https://github.com/projectdiscovery/subfinder/blob/6537b327867861ec4eb90d07604f8bb79bdce88d/v2/pkg/subscraping/sources/shodan/shodan.go#L79

Because subdomains are generated from concatenating the user input (api.hackerone.com) with the API response, which is giving you the subdomains of hackerone.com, NOT api.hackerone.com.
<img width="444" alt="image" src="https://github.com/user-attachments/assets/a7b211d1-dd7c-4d11-9f3b-c8ab3dd282d6">
<img width="464" alt="image" src="https://github.com/user-attachments/assets/aedd9fb0-dbb2-4489-a296-24f1ca6ba036">

cc @dwisiswant0 


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Issue] Shodan source reports false subdomains when enumerating a subdomain #1389

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Issue] Shodan source reports false subdomains when enumerating a subdomain #1389

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions