这是indexloc提供的服务,不要输入任何密码
Skip to content

fix: shodan source filter subdomains properly #1388

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 0 commits into from
Closed

fix: shodan source filter subdomains properly #1388

wants to merge 0 commits into from

Conversation

@Gby56
Copy link
Contributor

@Gby56 Gby56 commented Sep 24, 2024
edited
Loading

Hi ! I noticed that the Shodan source was completely falsely reporting subdomains when querying a subdomain.

Shodan returns all subdomains they can find under the parent domain from the query (if you ask api.example.com, you get all subdomains for example.com regardless.)

Their API response format is

{
  "domain": "example.com",
  "tags": [],
  "subdomains": [],
  "data": [],
  "more": true
}

The bug was that we assembled the subdomains with the queried subdomain, making fake subdomains attached to the queried domain.

Query: test.example.com

Actual subdomains under example.com:

Current bug output:

Expected:

  • test.example.com (itself)

@Gby56
Copy link
Contributor Author

Gby56 commented Sep 25, 2024
edited
Loading

Fixing the tests
EDIT: nevermind, I think the tests are mostly broken due to timeout, APIs throwing errors etc...
I think the bug is pretty serious though, given how many false positives it generates, @dwisiswant0 could you take a look ?

@ehsandeep ehsandeep added the Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors. label Sep 25, 2024
@dwisiswant0
Copy link
Member

dwisiswant0 commented Sep 26, 2024

Seems like the previous implementation was already correct, right? I don't see any results outside of what I had input. What am I missing here? How are you reproducing this issue? It would be better if you could go ahead and create the issue first.

image

@Gby56
Copy link
Contributor Author

Gby56 commented Sep 26, 2024
edited
Loading

Sure thing, here is the issue with screenshots and clearer explanation.
I think the screenshots explain perfectly the behavior of the Shodan API, and why an extract filtering is required for subfinder if a subdomain is enumerated, to only get children of the subdomain.

#1389

PS: I think example.com is not a great example 😅 I just saw that the shodan API returns barely anything on that, it's better to use hackerone.com

@dwisiswant0 dwisiswant0 linked an issue Sep 26, 2024 that may be closed by this pull request
[Issue] Shodan source reports false subdomains when enumerating a subdomain #1389
Closed
Gby56
Gby56 commented Sep 26, 2024
View reviewed changes
dwisiswant0
dwisiswant0 requested changes Sep 26, 2024
View reviewed changes
@Gby56
Copy link
Contributor Author

Gby56 commented Sep 26, 2024

I think we're all OK here, thanks for the help @dwisiswant0 ! This should greatly increase quality, the difference is significant, from 70 subdomains on analysiscenter.veracode.com, to 4, the bug was generating quite some false positives

dogancanbakir
dogancanbakir approved these changes Sep 27, 2024
View reviewed changes
@dwisiswant0
Copy link
Member

dwisiswant0 commented Sep 27, 2024

Superseded by #1392

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dwisiswant0 dwisiswant0 dwisiswant0 approved these changes

@dogancanbakir dogancanbakir dogancanbakir approved these changes

Assignees

No one assigned

Labels

Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Issue] Shodan source reports false subdomains when enumerating a subdomain

4 participants

@Gby56 @dwisiswant0 @dogancanbakir @ehsandeep