diff --git a/README.md b/README.md index d35e5e7..76a5f0c 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ SubBrute is a community driven project with the goal of creating the fastest, an Whats new in v1.2.1? ===================== The big news in this version is that SubBrute is now a recursive DNS-spider, and also a library, more on this later. SubBrute should be easy to use, so the interface should be intuitive (like nmap!), if you would like the interface to change, let us know. In this version we are opening up SubBrute's fast DNS resolution pipeline for any DNS record type. Additionally, SubBrute now has a feature to detect subdomains were their resolution is intentionally blocked, which sometimes happens when the a subdomain cannot be externally resolved. -- subbrute is now a dns spider that recursively crawls DNS records. This feature boosted *.google.com from 123 to 162 subdomains. +- subbrute is now a DNS spider that recursively crawls enumerated DNS records. This feature boosted *.google.com from 123 to 162 subdomains. (Always enabled) - --type enumerate an arbitrary record type (AAAA, CNAME, SOA, TXT, MX...) - -s can now read subdomains from result files. - SubBrute is now a library: subbrute.run() @@ -14,7 +14,7 @@ The big news in this version is that SubBrute is now a recursive DNS-spider, and - New useage - The subdomains enumerated from previous scans can now be used as input to enumerate other DNS records. The following commands demonstrate this new functionality: ``` ./subbrute.py google.com -o google.names - ... 162 domain found ... + ... 162 subdomains found ... ./subbrute.py -s google.names google.com --type TXT google.com,"v=spf1 include:_spf.google.com ip4:216.73.93.70/31 ip4:216.73.93.72/31 ~all" @@ -28,11 +28,12 @@ The big news in this version is that SubBrute is now a recursive DNS-spider, and ``` -Do you want to use SubBrute in your python projects? Consider the new library interface: +``` import subbrute for d in subbrute.run("google.com"): print d - +``` Feedback welcome. Whats new in v1.1? diff --git a/subbrute.py b/subbrute.py index 8fa92f3..88b769b 100755 --- a/subbrute.py +++ b/subbrute.py @@ -403,7 +403,7 @@ def extract_subdomains(file_name): subs_sorted = sorted(subs.keys(), key = lambda x: subs[x], reverse = True) return subs_sorted -def print_target(target, record_type = None, subdomains = "names.txt", resolve_list = "resolvers.txt", process_count = 32, output = False): +def print_target(target, record_type = None, subdomains = "names.txt", resolve_list = "resolvers.txt", process_count = 16, output = False): for result in run(target, record_type, subdomains, resolve_list, process_count): (hostname, record_type, response) = result if not record_type: @@ -416,7 +416,7 @@ def print_target(target, record_type = None, subdomains = "names.txt", resolve_l output.write(result + "\n") output.flush() -def run(target, record_type = None, subdomains = "names.txt", resolve_list = "resolvers.txt", process_count = 32): +def run(target, record_type = None, subdomains = "names.txt", resolve_list = "resolvers.txt", process_count = 16): subdomains = check_open(subdomains) resolve_list = check_open(resolve_list) if (len(resolve_list) / 16) < process_count: @@ -565,8 +565,8 @@ def signal_init(): parser.add_option("--type", dest = "type", default = False, type = "string", help = "(optional) Print all reponses for an arbitrary DNS record type (CNAME, AAAA, TXT, SOA, MX...)") parser.add_option("-c", "--process_count", dest = "process_count", - default = 32, type = "int", - help = "(optional) Number of lookup theads to run. default = 32") + default = 16, type = "int", + help = "(optional) Number of lookup theads to run. default = 16") parser.add_option("-v", "--verbose", action = 'store_true', dest = "verbose", default = False, help = "(optional) Print debug information.") (options, args) = parser.parse_args()