这是indexloc提供的服务,不要输入任何密码
Skip to content

Adds the "driftnet" source. #1612

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Jul 21, 2025
Merged

Adds the "driftnet" source. #1612

merged 8 commits into from
Jul 21, 2025

Conversation

0x4500
Copy link
Contributor

@0x4500 0x4500 commented Jul 2, 2025
edited by coderabbitai bot
Loading

This PR adds driftnet.io as a default source.

Driftnet has multiple endpoints which can return subdomains, and so internally the code for this source makes multiple HTTP requests and combines the results. Results are de-duplicated so that the "driftnet" source does not return the same subdomain multiple times.

The Driftnet API can legitimately return an HTTP 204 code when there are no results. To prevent this causing an error, the httpRequestWrapper() function inside v2/pkg/subscraping/agent.go is updated to handle 204 responses in the same way as 200 responses are currently handled.

Summary by CodeRabbit

  • New Features

    • Added integration with the Driftnet service as a new passive subdomain enumeration source.
    • Driftnet is now included in the default and recursive sources for subdomain discovery.

  • Tests

    • Updated test coverage to include Driftnet in expected source lists.

@coderabbitai coderabbitai
Copy link

coderabbitai bot commented Jul 2, 2025
edited
Loading

Walkthrough

A new passive subdomain enumeration source named "driftnet" has been integrated. This includes its implementation, registration in the list of available sources, and updates to relevant test expectations. The "driftnet" source supports concurrent API queries, recursive enumeration, and requires API keys.

Changes

File(s) Change Summary
pkg/subscraping/sources/driftnet/... Added new "driftnet" source implementation for passive subdomain scraping, including concurrency and API support.
pkg/passive/sources.go Imported "driftnet" and added it to the AllSources array for enumeration.
pkg/passive/sources_test.go Updated test expectations to include the new "driftnet" source in all relevant arrays.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant PassiveEnum
    participant DriftnetSource
    participant DriftnetAPI

    User->>PassiveEnum: Start subdomain enumeration
    PassiveEnum->>DriftnetSource: Run(domain, session)
    DriftnetSource->>DriftnetAPI: Query multiple endpoints (concurrently)
    DriftnetAPI-->>DriftnetSource: Return subdomain data (JSON)
    DriftnetSource->>PassiveEnum: Send unique subdomain results
    PassiveEnum->>User: Aggregate and return results
Loading

Suggested reviewers

  • ehsandeep

Poem

In the warren of code, a new tunnel appears,
Driftnet hops in—subdomains it steers!
With keys in its paws and concurrency in mind,
It sniffs out the secrets that others can’t find.
So here’s to new sources, and tests that all pass—
May your subdomain hunts be as swift as a hare in the grass! 🐇

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b2f1963 and dcc7f4b.

📒 Files selected for processing (1)
  • pkg/subscraping/sources/driftnet/driftnet.go (1 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
  • pkg/subscraping/sources/driftnet/driftnet.go
✨ Finishing Touches
  • 📝 Generate Docstrings

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Explain this complex logic.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai explain this code block.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and explain its main purpose.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR.
  • @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@0x4500 0x4500 mentioned this pull request Jul 2, 2025
Closed
coderabbitai[bot]
coderabbitai bot reviewed Jul 2, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a3674ed and d0e6690.

📒 Files selected for processing (4)
  • v2/pkg/passive/sources.go (2 hunks)
  • v2/pkg/passive/sources_test.go (3 hunks)
  • v2/pkg/subscraping/agent.go (1 hunks)
  • v2/pkg/subscraping/sources/driftnet/driftnet.go (1 hunks)
🧰 Additional context used
🧠 Learnings (2)
v2/pkg/passive/sources.go (1) 
Learnt from: x-stp
PR: projectdiscovery/subfinder#0
File: :0-0
Timestamp: 2025-06-24T16:03:30.467Z
Learning: When fixing HTTP response handling bugs in subfinder sources, the correct pattern is to use `defer session.DiscardHTTPResponse(resp)` after successful requests to ensure the response body remains open for reading, and call `session.DiscardHTTPResponse(resp)` immediately in error cases.
v2/pkg/subscraping/agent.go (1) 
Learnt from: x-stp
PR: projectdiscovery/subfinder#0
File: :0-0
Timestamp: 2025-06-24T16:03:30.467Z
Learning: When fixing HTTP response handling bugs in subfinder sources, the correct pattern is to use `defer session.DiscardHTTPResponse(resp)` after successful requests to ensure the response body remains open for reading, and call `session.DiscardHTTPResponse(resp)` immediately in error cases.
🧬 Code Graph Analysis (2)
v2/pkg/passive/sources.go (2)
v2/pkg/subscraping/sources/driftnet/driftnet.go (1)
  • Source (24-30)
v2/pkg/subscraping/types.go (1)
  • Source (37-62)
v2/pkg/subscraping/sources/driftnet/driftnet.go (2)
v2/pkg/subscraping/types.go (2)
  • Session (71-78)
  • Statistics (29-34)
v2/pkg/subscraping/utils.go (1)
  • PickRandom (12-20)
🔇 Additional comments (4)
v2/pkg/passive/sources.go (1)

29-29: LGTM!

The driftnet source is correctly imported and registered in the AllSources array, following the established pattern.

Also applies to: 74-74

v2/pkg/passive/sources_test.go (1)

29-29: Test data correctly updated.

The inclusion of "driftnet" in all three test arrays aligns with the source implementation returning true for both IsDefault() and HasRecursiveSupport().

Also applies to: 76-76, 106-106

v2/pkg/subscraping/agent.go (1)

140-140: Confirm global acceptance of HTTP 204 responses

The update to agent.go now treats 204 (No Content) as successful for all subscraping sources, not just driftnet. That means any source that only expected 200 OK will now see a “successful” response on 204 and proceed to parse an empty body.

Please verify that none of these endpoints legitimately return 204, or else restrict 204-acceptance to driftnet only. Impacted sources include (but may not be limited to):

  • v2/pkg/subscraping/sources/threatcrowd/threatcrowd.go
  • v2/pkg/subscraping/sources/pugrecon/pugrecon.go
  • v2/pkg/subscraping/sources/leakix/leakix.go
  • v2/pkg/subscraping/sources/netlas/netlas.go
  • v2/pkg/subscraping/sources/digitalyama/digitalyama.go
  • v2/pkg/subscraping/sources/anubis/anubis.go

If any of these APIs can send a 204, ensure their code handles an empty response body correctly or scope the 204 check to driftnet.

v2/pkg/subscraping/sources/driftnet/driftnet.go (1)

60-184: Well-implemented source with proper concurrency and deduplication.

The implementation demonstrates good practices:

  • Concurrent requests to multiple endpoints with proper synchronization
  • Deduplication across endpoints using sync.Map
  • Comprehensive error handling and statistics tracking
  • Proper cleanup in all code paths

@0x4500
Copy link
Contributor Author

0x4500 commented Jul 2, 2025
edited
Loading

@dogancanbakir Is it likely to be safe to allow 204 responses globally, as this PR currently proposes to do?

If you think it isn't safe, it would be okay to leave that section of code as-is. The only issue would be a warning when one of Driftnet's endpoints fails to return any results and sends code 204.

@0x4500
Copy link
Contributor Author

0x4500 commented Jul 3, 2025

Test failure here seems unrelated:

=== RUN   TestSourcesWithoutKeys/threatcrowd
    sources_wo_auth_test.go:76: 
        	Error Trace:	/Users/runner/work/subfinder/subfinder/v2/pkg/passive/sources_wo_auth_test.go:76
        	Error:      	Not equal: 
        	            	expected: <nil>(<nil>)
        	            	actual  : *reflect.rtype(&reflect.rtype{t:abi.Type{Size_:0x8, PtrBytes:0x8, Hash:0x19a986b3, TFlag:0x9, Align_:0x8, FieldAlign_:0x8, Kind_:0x36, Equal:(func(unsafe.Pointer, unsafe.Pointer) bool)(0x10056a920), GCData:(*uint8)(0x1015393c0), Str:152696, PtrToThis:0}})
        	Test:       	TestSourcesWithoutKeys/threatcrowd
        	Messages:   	threatcrowd: invalid character 'C' looking for beginning of value

I'm also seeing the same failure on the dev branch, without this PR applied.

0x4500 added 3 commits July 17, 2025 12:30
@0x4500
Adds the "driftnet" source.
90f4c00 
Updates the httpRequestWrapper() function to allow 204 responses.
@0x4500
remove cruft
0afa0e5
@0x4500
match new path
8f5680e
@0x4500 0x4500 force-pushed the feat/add-driftnet branch from 172cdb9 to 8f5680e Compare July 17, 2025 11:34
coderabbitai[bot]
coderabbitai bot reviewed Jul 17, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🧹 Nitpick comments (2)
pkg/subscraping/sources/driftnet/driftnet.go (2)

85-86: Fix typo in comment.

-	// Return the result c
+	// Return the results channel

124-124: Add description to the incomplete comment.

-// runSubsource
+// runSubsource queries a specific driftnet endpoint for subdomains and sends results to the channel
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 172cdb9 and 8f5680e.

📒 Files selected for processing (4)
  • pkg/passive/sources.go (2 hunks)
  • pkg/passive/sources_test.go (3 hunks)
  • pkg/subscraping/agent.go (1 hunks)
  • pkg/subscraping/sources/driftnet/driftnet.go (1 hunks)
✅ Files skipped from review due to trivial changes (2)
  • pkg/passive/sources.go
  • pkg/passive/sources_test.go
🧰 Additional context used
🧠 Learnings (1)
pkg/subscraping/agent.go (1) 
Learnt from: x-stp
PR: projectdiscovery/subfinder#0
File: :0-0
Timestamp: 2025-06-24T16:03:30.467Z
Learning: When fixing HTTP response handling bugs in subfinder sources, the correct pattern is to use `defer session.DiscardHTTPResponse(resp)` after successful requests to ensure the response body remains open for reading, and call `session.DiscardHTTPResponse(resp)` immediately in error cases.
🧬 Code Graph Analysis (1)
pkg/subscraping/sources/driftnet/driftnet.go (2)
pkg/subscraping/types.go (2)
  • Session (71-78)
  • Statistics (29-34)
pkg/subscraping/utils.go (1)
  • PickRandom (12-20)

@0x4500
Copy link
Contributor Author

0x4500 commented Jul 17, 2025

@dogancanbakir I think the bot has resolved the query I had on 204s, and the tests are passing for me now.

@dogancanbakir
Copy link
Member

@0x4500 Thanks for the PR! I'll review it asap.

@dogancanbakir
Copy link
Member

@0x4500 Is this expected?

$ go run . -d vulnerabletarget.com -s driftnet -v

               __    _____           __         
   _______  __/ /_  / __(_)___  ____/ /__  _____
  / ___/ / / / __ \/ /_/ / __ \/ __  / _ \/ ___/
 (__  ) /_/ / /_/ / __/ / / / / /_/ /  __/ /    
/____/\__,_/_.___/_/ /_/_/ /_/\__,_/\___/_/

                projectdiscovery.io

[INF] Current subfinder version v2.8.0 (latest)
[INF] Loading provider config from /Users/dogancanbakir/Library/Application Support/subfinder/provider-config.yaml
[DBG] API key(s) found for driftnet.
[DBG] Selected source(s) for this search: driftnet
[INF] Enumerating subdomains for vulnerabletarget.com
[driftnet] www.vulnerabletarget.com
- [DBG] Response for failed request against https://api.driftnet.io/v1/domain/rdns?host=vulnerabletarget.com&summarize=host&summary_context=dns-ptr&summary_limit=10000:
- [DBG] Response for failed request against https://api.driftnet.io/v1/scan/protocols?field=host:vulnerabletarget.com&summarize=host&summary_context=cert-dns-name&summary_limit=10000:
www.vulnerabletarget.com
[INF] Found 1 subdomains for vulnerabletarget.com in 828 milliseconds 654 microseconds

@0x4500
Copy link
Contributor Author

0x4500 commented Jul 21, 2025
edited
Loading 

- [DBG] Response for failed request against https://api.driftnet.io/v1/domain/rdns?host=vulnerabletarget.com&summarize=host&summary_context=dns-ptr&summary_limit=10000:

@dogancanbakir Yeah, this is the 204 issue I was mentioning above.

In detail, the issue is that the Driftnet API legitimately responds with a 204 (No Content) response if it has no results from one of its applicable endpoints. This is not intended to indicate an error, just a lack of results, and there might still be results from one of the other Driftnet endpoints (as there are in your test).

However, the code in agent.go treats any HTTP response other than 200 as an error:

	if response.StatusCode != http.StatusOK {
		requestURL, _ := url.QueryUnescape(request.URL.String())

		gologger.Debug().MsgFunc(func() string {
			buffer := new(bytes.Buffer)
			_, _ = buffer.ReadFrom(response.Body)
			return fmt.Sprintf("Response for failed request against %s:\n%s", requestURL, buffer.String())
		})
		return response, fmt.Errorf("unexpected status code %d received from %s", response.StatusCode, requestURL)
	}

I did initially update agent.go to treat 204 in the same way as 200, but the Rabbit did not like this and warned me that it might break other sources, so I wound it back.

I'm not really sure how to handle this issue properly within the subfinder framework, and your advice would be very welcome! As things stand with this PR, it all seems to work but you do get the error you see in debug mode.

@dogancanbakir
Copy link
Member

dogancanbakir commented Jul 21, 2025
edited
Loading

Got it, thanks! Let's leave it as is for now. I'll open another issue to track it. Tracking at #1620

@dogancanbakir dogancanbakir merged commit 5b5486c into projectdiscovery:dev Jul 21, 2025
7 of 10 checks passed
This was referenced Jul 23, 2025
Open
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@0x4500 @dogancanbakir