tomnomnom / assetfinder Goto Github PK

View Code? Open in Web Editor NEW

2.8K 2.8K 467.0 16 KB

Find domains and subdomains related to a given domain

License: MIT License

Go 88.64% Shell 11.36%

assetfinder's People

Contributors

Stargazers

Watchers

Forkers

bbhunter inosec hankolsen pareshparmar magnologan nutronex vineshchauhan24 nomadh7 offxec muneebirfan safisec rainser kanav-raina pager5cx415cx415cx69 lewerkun yuhisern7 jjsdub556 gnebbia lestnica kjigs fersingb asirvathjames x0rb3l souhailelhamdi victoriadrake l1nuxg4m32 mmg1 jinone 5p3c7er alextudu cybersealops johndoex1 benmcewan7e rkreddypandu ismailbozkurt jack51706 antityping hacky1997 rzzvtfwyxwyu gavz shalekesan dewankpant talkedkestrel chicagoman realalexbarge nayeemahmed-m toygang talibosmani santiago0072002 rajkrishnamurthy garudags aaap-repos lordpython757 ankitdevnalkar websecresearch shad0w008 5up3rc gr3atgroot mitooooo susantaroy2002 sireof uid-root diogomrsilva pixelza zer0codex elamaran619 ashang pentest-tools th-watch3r luied sasqwatch aminvakil mrvsandiego 5l1v3r1 sn4k3-meyer zzhacked spartaken sec99 backwardn vaginessa developer-box h4ck1n6404 kakuye lilc1 blockchainguard modulexcite cyb3r-w0lf magma2 kukuhsw lexbryan minnumolu21 toyota365 njahrckstr sarakainimame zaidozaid pellodonastia zhuxinkai an4kein sec000 abhinavdwivedi440

assetfinder's Issues

Some issues

Hi Tom,

u r building nice tool here as usal BUT i need to calrify some points to be fixed

CertSpotter need some filtration
Virus total not working at all
FindSubDomains not working at all
FetchUrlscan need some filtration

i tested each function via disable others in main.go

bufferoverrun.go needs an x-api-token in the header

previously it worked , but looking now it need

'https://tls.bufferover.run/dns?q=.target.com -H 'x-api-key:

x-api-token to work ......so any one who know go can contribute in this ....

I'm unable to install asset finder using the command
go get -u github.com/tomnomnom/assetfinder
says got get is deprecated
so i tried go install github.com/tomnomnom/assetinder@latest.
and seems like its doing nothing.
Any help is appreciated and also please update the readme.md for installation.

ThanksTicket

Absolutely no issue here - just wanted to drop you a note to say thanks for an awesome tool :)

Guide to install it on linux

Hello.. i use kali linux 2019 and when install assetfinder i have this error

my command

root@kali :#~ go run main.go 
# command-line-arguments
./main.go:31:3: undefined: fetchCertSpotter
./main.go:32:3: undefined: fetchHackerTarget
./main.go:33:3: undefined: fetchThreatCrowd
./main.go:34:3: undefined: fetchCrtSh
./main.go:35:3: undefined: fetchFacebook
./main.go:37:3: undefined: fetchVirusTotal
./main.go:38:3: undefined: fetchFindSubDomains
./main.go:39:3: undefined: fetchUrlscan
./main.go:40:3: undefined: fetchBufferOverrun
./main.go:47:8: undefined: newRateLimiter
./main.go:47:8: too many errors

It's not working, don't know why

Spyse API Key (Update)

We noticed that you used the API of one of Spyse's products most likely it was Findsubdomains, Cert DB or DNS table. We want to notify you about the release of a new and improved API key which you can find in your personal account at spyse.com.
Unfortunately, we should stop supporting the old API a few weeks earlier, starting from Monday. Thanks for being with us.

assetfinder in osx 10

Hello guys im a total noob most experience i have is learning python, anyways when trying to run
assetfinder [--subs-only] it says
users-MacBook-Pro:assetfinder-master user$ assetfinder -subs-only twitter.com
-bash: assetfinder: command not found

No feedback on mac1 when running assetfinder + no flags

When i run assetfinder on Kali VM hosted on m1 mac there is no feedback in terminal suggesting flags to run. Just blank infinite loop:

However wen running tool against domain, or with --help it runs as expected.

Request is to create error if tool is run with no flag.

output flag

We need output flag so we can save the result in a file

results include '*' in the output file

Results include domains like *.example.com, *.subs.example.com. Later found that it's because of crtsh.go file. Is this part of scan? or something went wrong?

unable to use it in windows pls tell how to use it in windows

im a windwos 7 user im typing command here linke assetfiner --subs-only domains from the going to the path but its not working pls help me how to run in windows

i have error when install tool

when i run tool i encounter this problem

Spyse API Key (Update)

Hi there. You previously used one of our services as a part of your development. We want to notify you, that we are releasing our updated Spyse API search. We hope you will be interested in testing and implementing a much broader functionality to your developments. Thanks for being with us.

Cloudflare protected domains show a lot of false positives.

Sites using e.g.Cloudflare and their shared certificates are showing a lot of false positives.

The results contain the domains completely unrelated to the queried domain.

Example:

Queried domain : example.com
Results:
example.com
www.example.com
somethingelse.com
randomdomain.com

How about a small check that verifies the domain names from cert search results match the queried domain?

go get deprecated with go1.17.7

I tried with suggested replace got install, but I got:

$ go install github.com/tomnomnom/assetfinder/assetfinder@latest
go install: github.com/tomnomnom/assetfinder/assetfinder@latest: module github.com/tomnomnom/assetfinder@latest found (v0.1.1), but does not contain package github.com/tomnomnom/assetfinder/assetfinder

Subdomain Result Parse Error

It brings results other than the searched domain. The second is,Results are not uniqe. I'm using the anew command.

# assetfinder --subs-only testfire.net                        
demo.testfire.net
www.testfire.net
testfire.net
evil.testfire.net
domain2.testfire.net
demo2.testfire.net
httpdemo.testfire.net
wellpoint.se srchttpdemo.testfire.net
hkcastte.com srchttpdemo.testfire.net
superkeychain.com srchttpdemo.testfire.net
computerserviceandsales.cn srchttpdemo.testfire.net
wellpoint.jobs.net srchttpdemo.testfire.net
altoro.testfire.net
ftp.testfire.net
localhost.testfire.net

I use it this way.

assetfinder --subs-only testfire.net|xurls -r|anew|grep "testfire.net"|tee testfire.net.txt

assetfinder --subs-only $1|xurls -r|anew|grep "$1"|tee $1.txt

Not working with go1.15

does it not work with go1.15 or i am doing something wrong

Assetfinder não instala

Já segui como que se instala segundo esse github https://github.com/tomnomnom/assetfinder , já baixei o assetfinder no meu virtual box, quando abro o executável ele me retorna "chdir(2) failed.:Not a directory". Quando coloco go get -u github.com/tomnomnom/assetfinder ele me volta com um fatal unable access port 443:no route to host package.
Já tentei fazer tanto no kali, windows 10 e ubuntu, e nos 3 me retorna isso

go get deprecated

Can you please update the go download command for assetfinder since from go 1.17 go get has been removed and cannot be used.

Unable to launch Assetfinder

Got a new and fully updated Ubuntu 18.04 server and installed the latest version of Go. However I can not seem to be able to launch the script. I don't see a actual assetfinder.go file, and unable to run the other go files either.

Guide to install it on linux

Please help me in installing it on linux as when cloning it and running with the command
go run main.go it is showing some command line arguments add error. Please help

Error reporting needs work

See https://twitter.com/gustavorobertux/status/1143545880601079808 for an example

An empty response from cert spotter results in an umarshal error, and it's reported badly.

Given it's perfectly legitimate for there to be no results it might be a good idea just to swallow these errors.

I can not install it on my ubuntu 16.04

github.com/tomnomnom/assetfinder

/root/go/src/github.com/tomnomnom/assetfinder/urlscan.go:46: u.Hostname undefined (type *url.URL has no field or method Hostname)
/root/go/src/github.com/tomnomnom/assetfinder/urlscan.go:55: u.Hostname undefined (type *url.URL has no field or method Hostname)
/root/go/src/github.com/tomnomnom/assetfinder/wayback.go:38: u.Hostname undefined (type *url.URL has no field or method Hostname)

What's wrong with my machine ? any hints ?

How can I print the log into .txt file

Can we print the log into the .txt file ? ex: assetfinder --subs-only asd.com -o asd.txt

-subs-only is broken

Unless I'm reading this incorrectly https://github.com/tomnomnom/assetfinder/blob/master/main.go#L90 will continue execution as normal if the identified domain doesn't match the root. I haven't tested but wouldn't a return be a better fit here?

I'll take a poke at this if I get some time, just adding it here for tracking purposes.

can't build main.go

when I try to install this using git clone and try to build the main.go I got this message

go run main.go

command-line-arguments

./main.go:31:3: undefined: fetchCertSpotter
./main.go:32:3: undefined: fetchHackerTarget
./main.go:33:3: undefined: fetchThreatCrowd
./main.go:34:3: undefined: fetchCrtSh
./main.go:35:3: undefined: fetchFacebook
./main.go:37:3: undefined: fetchVirusTotal
./main.go:38:3: undefined: fetchFindSubDomains
./main.go:39:3: undefined: fetchUrlscan
./main.go:40:3: undefined: fetchBufferOverrun
./main.go:47:8: undefined: newRateLimiter
./main.go:47:8: too many errors

Assetfinder Error

Hi @tomnomnom

Command1: assetfinder -subs-only domain.com
Command2: assetfinder --subs-only domain.com
Command3: assetfinder domain.com

panic: runtime error: index out of range [1] with length 1

goroutine 14 [running]:
main.fetchBufferOverrun(0xc000014390, 0xa, 0x18, 0x1, 0x1, 0xc0000189c0, 0x18)
	/root/go/src/github.com/tomnomnom/assetfinder/bufferoverrun.go:23 +0x346
main.main.func1(0xc000014380, 0xc00000e2a0, 0x717520, 0xc000014390, 0xa, 0xc00001e180)
	/root/go/src/github.com/tomnomnom/assetfinder/main.go:61 +0x123
created by main.main
	/root/go/src/github.com/tomnomnom/assetfinder/main.go:57 +0x385

Solution my Problem

Install

Install
If you have Go installed and configured (i.e. with $GOPATH/bin in your $PATH):

go install github.com/tomnomnom/assetfinder@latest

Assetfinder fetches out-of-scope domains

Yo @tomnomnom , firstly I love how much you contribute to the community...
I wanted to inform you that there is an issue when using Assetfinder.
I used this command-

cat scope.txt | assetfinder | tee output.txt

In the scope.txt I wrote hackerone.com

As you can see in the above image that Assetfinder fetches out-of-scope subdomains when we try to run it with
cat scope.txt | assetfinder

This means that this tool will not work on multiple targets at once.

I am not sure that this behavior was expected....
If your tool was supposed to work on only 1 target then let me know.

Thanks ;)

Virus Total Config

How can i configure virus total api after installing assetfinder?

Feature request : TLD scan

Thanks for this amazing tool.

It will be good if somehow we can also get all TLDs.

Like specifying flag like assetfinder --subs-only --tld xyz.com will return domains for xyz.com and xyz.net domains also if available.

lack of information

dosent have a doc shows requests/second. and also -c or -t to how to limit number of requests.

import cycle not allowed

When running $ go get -u github.com/tomnomnom/assetfinder , I get this ::

import cycle not allowed
package github.com/tomnomnom/assetfinder
imports bufio
imports bytes
imports errors
imports internal/reflectlite
imports runtime
imports internal/bytealg
imports internal/cpu
imports runtime

Assetfinder support status

Hi, @tomnomnom!

I am going to update the Spyse integration to use the new API version, but the Assetfinder repo seems to be abandoned.

Does it make sense to send a merge request?

install on vps ubuntu

~$ go install github.com/tomnomnom/assetfinder@latest
/usr/local/go/src/crypto/rand/rand_unix.go:14:2: //go:build comment without // +build comment
/usr/local/go/src/crypto/aes/aes_gcm.go:10:2: //go:build comment without // +build comment
/usr/local/go/src/crypto/tls/auth.go:10:2: //go:build comment without // +build comment
/usr/local/go/src/crypto/ecdsa/ecdsa.go:33:2: //go:build comment without // +build comment
/usr/local/go/src/crypto/sha1/boring.go:15:2: //go:build comment without // +build comment
/usr/local/go/src/crypto/ecdh/x25519.go:8:2: //go:build comment without // +build comment
/usr/local/go/src/crypto/elliptic/nistec.go:8:2: //go:build comment without // +build comment
/usr/local/go/src/crypto/internal/nistec/p224.go:10:2: //go:build comment without // +build comment
/usr/local/go/src/net/http/h2_bundle.go:26:2: //go:build comment without // +build comment
/usr/local/go/src/crypto/tls/auth.go:13:2: //go:build comment without // +build comment
/usr/local/go/src/crypto/tls/cipher_suites.go:15:2: //go:build comment without // +build comment
/usr/local/go/src/crypto/ecdsa/ecdsa.go:35:2: //go:build comment without // +build comment
/usr/local/go/src/crypto/cipher/gcm.go:9:2: //go:build comment without // +build comment
/usr/local/go/src/net/http/client.go:14:2: //go:build comment without // +build comment
/usr/local/go/src/crypto/tls/cache.go:8:2: //go:build comment without // +build comment
/usr/local/go/src/encoding/base64/base64.go:9:2: //go:build comment without // +build comment
/usr/local/go/src/runtime/stkframe.go:8:2: //go:build comment without // +build comment
/usr/local/go/src/runtime/error.go:7:8: //go:build comment without // +build comment
/usr/local/go/src/internal/bytealg/bytealg.go:8:2: //go:build comment without // +build comment
/usr/local/go/src/internal/abi/abi.go:8:2: //go:build comment without // +build comment
/usr/local/go/src/runtime/internal/sys/consts.go:9:2: //go:build comment without // +build comment
/usr/local/go/src/os/error.go:9:2: //go:build comment without // +build comment
/usr/local/go/src/internal/poll/copy_file_range_linux.go:8:2: //go:build comment without // +build comment
/usr/local/go/src/encoding/binary/binary.go:27:2: //go:build comment without // +build comment
/usr/local/go/src/net/http/fs.go:14:2: //go:build comment without // +build comment
/usr/local/go/src/crypto/x509/parser.go:20:2: //go:build comment without // +build comment
go/pkg/mod/github.com/tomnomnom/[email protected]/crtsh.go:7:2: //go:build comment without // +build comment
/usr/local/go/src/fmt/print.go:10:2: //go:build comment without // +build comment
/usr/local/go/src/io/ioutil/tempfile.go:10:2: //go:build comment without // +build comment
/usr/local/go/src/encoding/binary/binary.go:28:2: //go:build comment without // +build comment
/usr/local/go/src/internal/reflectlite/value.go:9:2: //go:build comment without // +build comment
package github.com/tomnomnom/assetfinder
imports net/http
imports crypto/tls
imports crypto/x509
imports net: //go:build comment without // +build comment
/usr/local/go/src/runtime/arena.go:87:2: //go:build comment without // +build comment
/usr/local/go/src/runtime/internal/math/math.go:7:8: //go:build comment without // +build comment
/usr/local/go/src/internal/syscall/unix/at.go:10:2: //go:build comment without // +build comment
/usr/local/go/src/internal/poll/fd_poll_runtime.go:13:2: //go:build comment without // +build comment