Added --checks arg#34
Conversation
…rs; collect all headers from previous responses, before redirections
Pascal-0x90
left a comment
Pascal-0x90
left a comment
There was a problem hiding this comment.
Along with my comments, this branch also needs to be updated to merge in the current state of cisagov:develop branch.
|
|
||
| def ip(self, dom: Domain) -> List[int]: | ||
| """Determine IP addresses the domain resolves to.""" | ||
| dom_list: List[str] = [dom.url, "www." + dom.url] |
There was a problem hiding this comment.
My main motivation was to add www. for domains which don't directly answer to their domain name but instead they will listen to www.domain.com. Is there a reason why you wanted to remove "www." ?
I have also thought about pairing in a light subdomain enumerator using like google but I think that's too big of a scope.
There was a problem hiding this comment.
Adding www might add another host; I expect the user to provide all the hosts they want to test as an input, and avoid adding hostnames implicitly (without the user actually knowing about it).
I agree, subdomain enumeration is out of scope for this tool.
|
I'm not sure what the type-of-change labels mean in the checklist, could you point me to an explanation? Should I wait for this instead of messing with this pull request? |
2 participants
Added --checks arg
Description
--checks can be used to select check methods to use for cdn detection
💭 Motivation and context
Certain checks can slow the detection process down unnecessarily (depending on the pipeline of course). This way, those can be disabled.
🧪 Testing
Just use the --checks argument to select the check methods needed:
--checks= Select detection types; possible values:
cname (c), HTTP headers (h), nameservers (n),
whois data (w). Default: "chnw"
✅ Checklist
to reflect the changes in this PR.