Assetfinder fetches out-of-scope domains

[mrsin15]

Yo @tomnomnom , firstly I love how much you contribute to the community...
I wanted to inform you that there is an issue when using Assetfinder.
I used this command-

cat scope.txt | assetfinder | tee output.txt

In the scope.txt I wrote hackerone.com

As you can see in the above image that Assetfinder fetches out-of-scope subdomains when we try to run it with
cat scope.txt | assetfinder

This means that this tool will not work on multiple targets at once.

I am not sure that this behavior was expected....
If your tool was supposed to work on only 1 target then let me know.

Thanks ;)

[aminvakil]

If you execute assetfinder hackerone.com you will get those subdomains as well.

$ assetfinder hackerone.com
api.hackerone.com
docs.hackerone.com
ns.hackerone.com
1.ns.hackerone.com
a.ns.hackerone.com
b.ns.hackerone.com
support.hackerone.com
www.hackerone.com
hackerone.com
phineasphreak.github.io
yashkorat.github.io
red-assassin.github.io
hacker0x01.github.io
go.hacker.one
secure-web.cisco.com
hackerone.intercom-clicks.com
mta-sts.forwarding.hackerone.com
mta-sts.hackerone.com
mta-sts.managed.hackerone.com
events.hackerone.com

Also I wrote two domains in a file separated with newline and exected cat file | assetfinder and it worked fine, but results were mixed, so that probably is not your purpose.

But you can put your domains separating them with newline and use this command:
while read domain; do assetfinder $domain; done < file

Also if you want to put each result in a separated file:
while read domain; do assetfinder $domain > $domain.txt; done < file
This way each domain result will be put in a file named domain.txt.