Fatal error in processing email DNS records in hosthunter.py about attacksurfacemapper HOT 8 CLOSED

Interesting. This is processing the result of a query to https://api.hackertarget.com/dnslookup. See example:
https://api.hackertarget.com/dnslookup/?q=google.com

Trying to reproduce your error, the only response I've been able to generate which would trigger this error is in the case when the API does not actually return any results, e.g.:
https://api.hackertarget.com/dnslookup/?q=invalidinput

in which case the run of ASM wouldn't make much sense anyway.

from attacksurfacemapper.

Thanks for looking at this. The case where this fails was where I pointed at a subdomain, that has no MX or TXT records for mail handling.
It works fine for whole domain as those records are present.

I am really just suggesting that since this scenario is not uncommon, it would be better to catch this condition and fail this inside hosthunter.py gracefully rather than exit out of the whole test with failure, requiring to start again with different target params.

from attacksurfacemapper.

@superhedgy I think this is solved by simply change the position of the index in the for loop in the hosthunter.py script. It seems to work for me after I made this adjustment.

Orginal
if (word[4] == "TXT") and ("v=spf1" in word[5]):

Adjusted
if (word[0] == "TXT") and ("v=spf1" in word[1]):

from attacksurfacemapper.

Huh, actually this is odd. Looks like that API yields the invalid input error for https://api.hackertarget.com/dnslookup/?q=something.com . I would guess that this is a bug in hackertarget where they're incorrectly treating something.com as equivalent to example.com. Do you see this behavior with any other domains?

from attacksurfacemapper.

Nice find! Yeah, that seems sensible to me too.

from attacksurfacemapper.

Hi,
I've got the same error with a domain not a subdomain
File "/home/user/AttackSurfaceMapper/modules/hosthunter.py", line 96, in dnslookup
if (word[4] == "TXT") and ("v=spf1" in word[5]):
IndexError: list index out of range

from attacksurfacemapper.

I am having the same error as @serval21 and I have tried this on multiple hosts now. The domains are legitimate and the results are the expected format from the hackertarget.com service.

The SPF Record matches the results of the google.com query https://api.hackertarget.com/dnslookup/?q=google.com

from attacksurfacemapper.

True, they have changed their format. Thanks again Conor, I am pushing an update tonight.

from attacksurfacemapper.