Comments (8)
Interesting. This is processing the result of a query to https://api.hackertarget.com/dnslookup. See example:
https://api.hackertarget.com/dnslookup/?q=google.com
Trying to reproduce your error, the only response I've been able to generate which would trigger this error is in the case when the API does not actually return any results, e.g.:
https://api.hackertarget.com/dnslookup/?q=invalidinput
in which case the run of ASM wouldn't make much sense anyway.
from attacksurfacemapper.
Thanks for looking at this. The case where this fails was where I pointed at a subdomain, that has no MX or TXT records for mail handling.
It works fine for whole domain as those records are present.
I am really just suggesting that since this scenario is not uncommon, it would be better to catch this condition and fail this inside hosthunter.py gracefully rather than exit out of the whole test with failure, requiring to start again with different target params.
from attacksurfacemapper.
@superhedgy I think this is solved by simply change the position of the index in the for loop in the hosthunter.py script. It seems to work for me after I made this adjustment.
Orginal
if (word[4] == "TXT") and ("v=spf1" in word[5]):
Adjusted
if (word[0] == "TXT") and ("v=spf1" in word[1]):
from attacksurfacemapper.
Huh, actually this is odd. Looks like that API yields the invalid input error for https://api.hackertarget.com/dnslookup/?q=something.com . I would guess that this is a bug in hackertarget where they're incorrectly treating something.com
as equivalent to example.com
. Do you see this behavior with any other domains?
from attacksurfacemapper.
Nice find! Yeah, that seems sensible to me too.
from attacksurfacemapper.
Hi,
I've got the same error with a domain not a subdomain
File "/home/user/AttackSurfaceMapper/modules/hosthunter.py", line 96, in dnslookup
if (word[4] == "TXT") and ("v=spf1" in word[5]):
IndexError: list index out of range
from attacksurfacemapper.
I am having the same error as @serval21 and I have tried this on multiple hosts now. The domains are legitimate and the results are the expected format from the hackertarget.com service.
The SPF Record matches the results of the google.com query https://api.hackertarget.com/dnslookup/?q=google.com
from attacksurfacemapper.
True, they have changed their format. Thanks again Conor, I am pushing an update tonight.
from attacksurfacemapper.
Related Issues (20)
- Significant number of false positives in S3 buckets HOT 4
- LinkedInner Module not Working HOT 2
- Flake8 / Python standard formatting HOT 2
- Problem with Selenium Screenshot HOT 7
- NameError: name 'colorama' is not defined HOT 4
- Error message in Windows only HOT 3
- Error message in Elementry OS HOT 5
- Duplication in "requirements.txt" HOT 1
- LinkedIN username HOT 9
- [*] Error: Could not authenticate to LinkedIn. object of type 'NoneType' has no len()
- Error on intial run HOT 2
- Could not authenticate to LinkedIn HOT 2
- weleakinfo.com HOT 1
- Linkedin authentcation fail even with correct user/pass HOT 1
- Bug on line 529 HOT 1
- ASM.py Error
- zoom api
- it can't run and just keep stop in domain's ip transeform
- Recommended usage does not work HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from attacksurfacemapper.