subquest
Advanced tools
Comparing version 1.5.0 to 1.5.1
62
index.js
@@ -12,6 +12,6 @@ 'use strict' | ||
const probeDNS = (subdomain, tld, cb) => { | ||
// Build the domain name | ||
const domain = `${subdomain}.${tld}`; | ||
// Run the resolve request | ||
@@ -34,3 +34,3 @@ dns.resolve(domain, 'A', err => { | ||
// Check whether a dns server is valid. | ||
exports.isValidDnsServer = function(dnsServer, timeout, cb) { | ||
exports.isValidDnsServer = function(dnsServer, timeout, cb) { | ||
// Ensure arguments are good | ||
@@ -41,3 +41,3 @@ if( typeof timeout === 'function' ) { | ||
} | ||
// Set custom callback handler | ||
@@ -51,6 +51,6 @@ let called = false | ||
}; | ||
// Force to use this dns server | ||
dns.setServers([dnsServer]); | ||
// Set a custom timeout for DNS request | ||
@@ -60,3 +60,3 @@ let timeoutPromise = setTimeout(_ => { | ||
}, timeout); | ||
// Try to resolve google.com | ||
@@ -77,6 +77,12 @@ dns.resolve4('www.google.com', dnsCallback); | ||
// Run callback if first variable is empty or undefined | ||
if (!server) { | ||
callback(dnsServers); | ||
return; | ||
} | ||
// Handle the first arg as callback if no server is specified. | ||
if (typeof server !== 'function') { | ||
// Validate custom DNS server than add to resolvers list | ||
// Validate custom DNS server than add to resolvers list | ||
exports.isValidDnsServer(server, 4000, (err) => { | ||
@@ -88,3 +94,3 @@ if(err === null) { | ||
}); | ||
} else{ | ||
@@ -109,6 +115,8 @@ callback = server; | ||
let defaults = { | ||
dictionary: 'top_50', | ||
dnsServer: '8.8.8.8' | ||
dictionary: 'top_50' | ||
}; | ||
// Clean undefined options | ||
Object.keys(options).forEach(key => options[key] === undefined && delete options[key]); | ||
// Extend default options with user defined ones | ||
@@ -129,12 +137,26 @@ options = Object.assign({}, defaults, options); | ||
// Get the resolvers list | ||
exports.getResolvers(options.dnsServer, (servers) => { | ||
// Set new servers list | ||
// Set new servers list for the requests | ||
dns.setServers(servers); | ||
// Get dictionary lines | ||
var dictionary = fs.readFileSync( | ||
path.join(__dirname, `dictionary/${options.dictionary}.txt`) | ||
).toString().trim().split(os.EOL); | ||
// Init dictionary array | ||
var dictionary; | ||
try { | ||
// Get dictionary lines | ||
dictionary = fs.readFileSync( | ||
path.join(__dirname, `dictionary/${options.dictionary}.txt`) | ||
); | ||
} catch (e) { | ||
callback(new Error(`The dictionary ${options.dictionary} was not found, make sure it exists in the dictionary folder.`)); | ||
return; | ||
} | ||
// Get dictionary content and split lines in array rows | ||
dictionary = dictionary.toString().trim().split(os.EOL); | ||
// Probe each subdomain | ||
@@ -141,0 +163,0 @@ async.mapSeries(dictionary, (subdomain, cb) => { |
{ | ||
"name": "subquest", | ||
"version": "1.5.0", | ||
"version": "1.5.1", | ||
"description": "Fast, Elegant subdomain scanner using nodejs", | ||
@@ -17,5 +17,2 @@ "main": "index.js", | ||
}, | ||
"bin": { | ||
"subquest": "./bin/subquest" | ||
}, | ||
"scripts": { | ||
@@ -22,0 +19,0 @@ "prepublish": "nsp check", |
@@ -10,32 +10,8 @@ # subquest | ||
## Installation | ||
If you want to use it as cli tool, you must install it globally first: | ||
`sudo npm install -g subquest` | ||
## Usage | ||
To use __subquest__ in your node scripts you have to install it and add it to your project dependencies: | ||
``` | ||
Usage: subquest [options] <domain to scan> | ||
Examples: | ||
subquest google.com | ||
subquest facebook.com -s 8.8.8.8 -r 20 -d top_50 | ||
subquest twitter.com -s 8.8.8.8 -d all | ||
Options: | ||
-h, --help output usage information | ||
-V, --version output the version number | ||
-b, --bingSearch use Bing search to list all possible subdomains | ||
-s, --server [ip] specify your custom DNS resolver | ||
-r, --rateLimit [limit] set the Rate Limit [Default value is 10] | ||
-d, --dictionary [type] set the dictionary for bruteforcing [top_100] | ||
npm install --save subquest | ||
``` | ||
Than you can __require__ it in your script and use it, following examples below. | ||
## Using it in your modules | ||
If you want to use it as a node module you can install and add it to your project dependencies: | ||
``` | ||
npm install subquest | ||
``` | ||
Than you can __require__ it in your script and use it: | ||
### After v1.5.0 | ||
@@ -70,3 +46,3 @@ After the version 1.5.0 the module doesn't use event emitters, just callbacks, | ||
dictionary: 'top_200' // dictionary file to use | ||
}) | ||
}) | ||
.on('end', function(res){ | ||
@@ -80,8 +56,20 @@ console.log(res); // array of subdomains. | ||
## Methods | ||
+ __getDefaultResolvers__: Return the default DNS servers used for the scan | ||
+ __isValidDnsServer__: Test if a given address is valid DNS server | ||
+ __getResolvers__: Get the list of all the resolvers (DNS Servers) used in the scan, both default and custom | ||
+ __getDictionaryNames__: Get the list of the dictionary files used in the scan | ||
+ __getSubDomains__: Run the scan against the domain to enumerate all subdomains | ||
#### isValidDnsServer(server, [timeout], callback) | ||
Test if a given address is valid DNS server | ||
#### getResolvers([domain], callback) | ||
Get the list of all the resolvers (DNS Servers) used in the scan, both default and custom | ||
#### getDictionaryNames() | ||
Get the list of the dictionary files used in the scan | ||
#### getSubDomains(options, callback) | ||
Run the scan against the domain to enumerate all subdomains | ||
## Looking for the cli version? | ||
You can use __subquest__ as a command line tool by cloning the [official repository](https://github.com/b4dnewz/subquest-cli) or using npm: | ||
```sh | ||
$ npm install -g subquest-cli | ||
``` | ||
## Want to add a new entry to Subquest's dictionary? | ||
@@ -91,4 +79,14 @@ | ||
## Contributing | ||
1. Create an issue and describe your idea | ||
2. Fork the project (https://github.com/skepticfx/subquest/fork) | ||
3. Create your feature branch (`git checkout -b my-new-feature`) | ||
4. Commit your changes (`git commit -am 'Add some feature'`) | ||
5. Publish the branch (`git push origin my-new-feature`) | ||
6. Create a new Pull Request | ||
## Credits | ||
* Domain dictionary from Sub-Brute by Rook, https://github.com/TheRook/subbrute | ||
* Domain dictionaries took from SecLists, https://github.com/danielmiessler/SecLists | ||
@@ -95,0 +93,0 @@ |
248
85980
25
100