Skip to content

Unexpected behavior in dns + patterns #364

Open
@secu77

Description

@secu77

Hello,

I was trying the dns mode combined with the "patterns", but I'm not getting the expected results:

  • I'm trying to fuzz subdomains of westeurope.cloudapp.azure.com.
  • I'm using a basic wordlist with words like: dev, prod, test, etc.
  • I intend to use a pattern list containing patters like: <org>-{GOBUSTER}, producing a result like: acme-dev.westeurope.cloudapp.azure.com

Under this context, I form the command to launch which is as follows: gobuster dns -d westeurope.cloudapp.azure.com -t 1 -w wordlist.txt -p patterns.txt -o results.txt -v

wordlist.txt

dev
test
prod
testing
demo
demoapp
beta
alpha

patterns.txt

acme-{GOBUSTER}
acme-{GOBUSTER}dev
acme-{GOBUSTER}build
acme-{GOBUSTER}demo
{GOBUSTER}-acme

But, when fuzzing starts, I notice in the results subdomains like: "dev.westeurope.cloudapp.azure.com" or "test.westeurope.cloudapp.azure.com".

By enabling the verbose, I can see that the patterns are being used, but how can I prevent DNS queries that do not use the pattern from being made?

image_2022-11-02_10-43-51

Best regards and thanks in advance

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions