		@@ -7,38 +7,48 @@ var dns = require('native-dns');

		// Function for Generic Brute Forcing
		function find(obj){

		var dictionary = {};
		dictionary.top_50 = "dictionary/top-50.txt";
		dictionary.top_100 = "dictionary/top-100.txt";
		dictionary.top_150 = "dictionary/top-150.txt";
		dictionary.top_200 = "dictionary/top-200.txt";
		dictionary.all = "dictionary/all.txt";
		dictionary.resolver = "dictionary/resolvers.txt";
		var validResolvers = [];
		var dictionary = {};
		dictionary.top_50 = "dictionary/top_50.txt";
		dictionary.top_100 = "dictionary/top_100.txt";
		dictionary.top_150 = "dictionary/top_150.txt";
		dictionary.top_200 = "dictionary/top_200.txt";
		dictionary.all = "dictionary/all.txt";
		dictionary.resolver = "dictionary/resolvers.txt";

		var rateLimit = 5;
		if(typeof obj.rateLimit != "undefined")
		rateLimit = obj.rateLimit;
		var dictionary_path = dictionary.top_100;

		// This can all be in parallel, since its all different servers.
		// The callback is fired with the first found valid DNS Resolver.
		// ARGS-> all, callback - all = Populate all the valid DNS Servers.
		function getResolvers(all, foundDnsServer, dnsServer){
		if(typeof dnsServer != "undefined"){
		queryResolvers(dnsServer);
		return;
		}
		var FIRST_DNS = 0;
		if(all == 1)
		console.log('Hold on a second ! We are populating the list of valid DNS Resolvers.');
		var dictionary_path = dictionary.resolver;
		var dictionary_arr = fs.readFileSync(path.join(__dirname, dictionary_path)).toString().split("\r\n");
		var domain = 'google.com';
		if(typeof obj.domain != "undefined")
		domain = obj.domain;

		async.eachLimit(dictionary_arr, rateLimit, bruteSubDomain, function(err){
		// if any of the saves produced an error, err would equal that error
		async.eachLimit(dictionary_arr, 1, queryResolvers, function(err){
		if(validResolvers.length == 0){
		console.log('Could not find any active DNS resolver. Quitting now.');
		process.exit(1);
		} else {
		if(all == 1)
		console.log('Good ! We have populated the active DNS resolvers.');
		return;
		}
		});

		function bruteSubDomain(item, callback){
		var Sdomain = item + '.' + domain;

		function queryResolvers(item, callback){
		var domain = 'www.google.com';
		var question = dns.Question({
		name: Sdomain,
		name: domain,
		type: 'A',
		});


		var start = Date.now();

		var req = dns.Request({
		question: question,
		server: { address: '10.140.50.5', port: 53, type: 'udp' },
		server: { address: item, port: 53, type: 'udp' },
		timeout: 4000
		@@ -54,4 +64,9 @@ });
		req.on('message', function (err, answer) {
		if(answer.header.rcode == 0)
		console.log(Sdomain);
		if(answer.header.rcode == 0){
		validResolvers.push(item);
		if(all == 0){
		foundDnsServer(item);
		callback(true);
		}
		}
		});
		@@ -62,9 +77,130 @@
		//console.log('Finished processing request: ' + delta.toString() + 'ms');
		callback();
		if(all == 0)
		callback(true);
		else
		callback(null);
		});

		req.send();
		}

		}

		// Function to check a given DNS Resolver
		function checkDnsServer(dnsServer, callback){
		var isValid = 0;
		var question = dns.Question({
		name: 'www.google.com',
		type: 'A',
		});

		var start = Date.now();
		var req = dns.Request({
		question: question,
		server: { address: dnsServer, port: 53, type: 'udp' },
		timeout: 4000
		});

		req.on('timeout', function () {
		console.log('Timeout while querying the DNS Server, ' + dnsServer);
		isValid = 0;
		});

		// rcode = 0 , NoError
		// rcode = 3 , NXDomain
		req.on('message', function (err, answer) {
		if(answer.header.rcode == 0)
		isValid = 1;
		});

		req.on('end', function () {
		var delta = (Date.now()) - start;
		//console.log('Finished processing request: ' + delta.toString() + 'ms');
		callback(null, isValid);
		});

		req.send();
		}
		// Function for Generic Brute Forcing
		function find(obj){
		var rateLimit = 5;
		if(typeof obj.rateLimit != "undefined")
		rateLimit = obj.rateLimit;
		var dictionary_path = dictionary.top_100;
		if(typeof obj.dictionary != "undefined")
		dictionary_path = dictionary[obj.dictionary];
		var dictionary_arr = fs.readFileSync(path.join(__dirname, dictionary_path)).toString().split("\r\n");
		var domain = 'google.com';
		if(typeof obj.domain != "undefined")
		domain = obj.domain;
		if(typeof obj.resolver != "undefined"){
		checkDnsServer(obj.resolver, function(err, x){
		if(x == 1){
		doFind(obj.resolver);
		} else {
		console.log('The DNS Server, ' + obj.resolver + ' doesn\'t seems to respond.');
		return;
		}
		});
		}else{
		getResolvers(0, doFind);
		}

		function doFind(dnsServer){
		async.eachLimit(dictionary_arr, rateLimit, bruteSubDomain, function(err){
		console.log('Finished bruteforcing, '+ domain);
		return;
		});

		function bruteSubDomain(item, callback){
		var Sdomain = item + '.' + domain;
		var question = dns.Question({
		name: Sdomain,
		type: 'A',
		});

		var start = Date.now();

		var req = dns.Request({
		question: question,
		server: { address: dnsServer, port: 53, type: 'udp' },
		timeout: 4000
		});

		req.on('timeout', function () {
		//console.log('Timeout in making request');
		});

		// rcode = 0 , NoError
		// rcode = 3 , NXDomain
		req.on('message', function (err, answer) {
		if(answer.header.rcode == 0)
		console.log(Sdomain);
		});

		req.on('end', function () {
		var delta = (Date.now()) - start;
		//console.log('Finished processing request: ' + delta.toString() + 'ms');
		callback();
		});

		req.send();

		}
		}
		}

		exports.find = find;
		//find({domain: 'facebook.com', rateLimit: '10', dictionary: 'all'});


		/*
		find()
		domain
		rateLimit
		dictionary
		resolver



		*/

package.json

		{
		"name": "subquest",
		"version": "0.0.2",
		"version": "0.0.3",
		"description": "Fast, Elegant subdomain scanner using nodejs",
		@@ -11,4 +11,5 @@ "main": "index.js",
		"dependencies": {
		"native-dns": "*",
		"async": "*"
		"native-dns" : "*",
		"async" : "*",
		"commander" : "*"
		},
		@@ -18,2 +19,3 @@ "bin": {
		},
		"preferGlobal": true,
		"keywords": [
		@@ -40,3 +42,3 @@ "subdomain",
		"readmeFilename": "README.md",
		"_id": "subquest@0.0.1",
		"_id": "subquest@0.0.2",
		"dist": {
		@@ -43,0 +45,0 @@ "shasum": "e25610a76cb23e414e08679157cca6828c5c3273"

README.md

		# subquest
		### Fast, Elegant subdomain scanner using nodejs

		![logo](https://raw.github.com/skepticfx/subquest/master/etc/logo.png)

		## Installation
		@@ -8,2 +10,18 @@

		## Usage

		Usage: subquest [options] <domain to scan>
		Examples:
		subquest google.com
		subquest facebook.com -s 8.8.8.8 -r 20 -d top_50
		subquest twitter.com -s 8.8.8.8 -d all

		Options:

		-h, --help output usage information
		-V, --version output the version number
		-s, --server [ip] Specify your custom DNS resolver
		-r, --ratelimit [limit] Set the Rate Limit [Default value is 10]
		-d, --dictionary [type] Set the dictionary for bruteforcing [top_100]

		## Using it in your modules
		@@ -17,3 +35,3 @@
		console.log('Scanning the sub domains of ea.com with 4 requests at a time.');
		subquest.find({domain: 'ea.com', rateLimit:'4'});
		subquest.find({domain: 'ea.com', rateLimit:'4', resolver:'4.2.2.2', dictionary: 'top_200'});
		```
		@@ -27,2 +45,3 @@
		* async, https://github.com/caolan/async
		* commander, https://github.com/visionmedia/commander.js

dictionary/top-100.txt

dictionary/top-150.txt

dictionary/top-200.txt

dictionary/top-50.txt

bin/subquest

Sorry, the diff of this file is not supported yet

dictionary/all.txt

Sorry, the diff of this file is too big to display

subquest - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics

Dependency changes