/
dnsdumpster.go
executable file
·112 lines (95 loc) · 2.86 KB
/
dnsdumpster.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
package dnsdumpster
import (
"context"
"io/ioutil"
"net"
"net/http"
"net/url"
"regexp"
"strings"
"time"
"github.com/projectdiscovery/subfinder/pkg/subscraping"
)
var re = regexp.MustCompile("<input type=\"hidden\" name=\"csrfmiddlewaretoken\" value=\"(.*)\">")
// getCSRFToken gets the CSRF Token from the page
func getCSRFToken(page string) string {
if subs := re.FindStringSubmatch(page); len(subs) == 2 {
return strings.TrimSpace(subs[1])
}
return ""
}
// postForm posts a form for a domain and returns the response
func postForm(token, domain string) (string, error) {
dial := net.Dialer{}
client := &http.Client{
Transport: &http.Transport{
DialContext: dial.DialContext,
TLSHandshakeTimeout: 10 * time.Second,
},
}
params := url.Values{
"csrfmiddlewaretoken": {token},
"targetip": {domain},
}
req, err := http.NewRequest("POST", "https://dnsdumpster.com/", strings.NewReader(params.Encode()))
if err != nil {
return "", err
}
// The CSRF token needs to be sent as a cookie
cookie := &http.Cookie{
Name: "csrftoken",
Domain: "dnsdumpster.com",
Value: token,
}
req.AddCookie(cookie)
req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36")
req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
req.Header.Set("Referer", "https://dnsdumpster.com")
req.Header.Set("X-CSRF-Token", token)
resp, err := client.Do(req)
if err != nil {
return "", err
}
// Now, grab the entire page
in, err := ioutil.ReadAll(resp.Body)
resp.Body.Close()
return string(in), err
}
// Source is the passive scraping agent
type Source struct{}
// Run function returns all subdomains found with the service
func (s *Source) Run(ctx context.Context, domain string, session *subscraping.Session) <-chan subscraping.Result {
results := make(chan subscraping.Result)
go func() {
resp, err := session.NormalGetWithContext(ctx, "https://dnsdumpster.com/")
if err != nil {
results <- subscraping.Result{Source: s.Name(), Type: subscraping.Error, Error: err}
close(results)
return
}
body, err := ioutil.ReadAll(resp.Body)
if err != nil {
results <- subscraping.Result{Source: s.Name(), Type: subscraping.Error, Error: err}
resp.Body.Close()
close(results)
return
}
resp.Body.Close()
csrfToken := getCSRFToken(string(body))
data, err := postForm(csrfToken, domain)
if err != nil {
results <- subscraping.Result{Source: s.Name(), Type: subscraping.Error, Error: err}
close(results)
return
}
for _, subdomain := range session.Extractor.FindAllString(data, -1) {
results <- subscraping.Result{Source: s.Name(), Type: subscraping.Subdomain, Value: subdomain}
}
close(results)
}()
return results
}
// Name returns the name of the source
func (s *Source) Name() string {
return "dnsdumpster"
}