Skip to content

Commit

Permalink
add microsoft on-prem subdomains
Browse files Browse the repository at this point in the history
  • Loading branch information
TheTechromancer committed Oct 17, 2023
1 parent 0bad648 commit 1655bc7
Show file tree
Hide file tree
Showing 3 changed files with 110 additions and 6 deletions.
5 changes: 1 addition & 4 deletions bbot/modules/base.py
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,8 @@
from contextlib import suppress

from ..core.helpers.misc import get_size # noqa
from ..core.errors import ValidationError
from ..core.helpers.async_helpers import TaskCounter
from ..core.errors import ValidationError, WordlistError


class BaseModule:
Expand Down Expand Up @@ -527,9 +527,6 @@ async def _setup(self):
self.debug(f"Finished setting up module {self.name}")
except Exception as e:
self.set_error_state()
# soft-fail if it's only a wordlist error
if isinstance(e, WordlistError):
status = None
msg = f"{e}"
self.trace()
return self.name, status, str(msg)
Expand Down
10 changes: 8 additions & 2 deletions bbot/modules/massdns.py
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,12 @@ async def setup(self):
self.mutations_tried = set()
self.source_events = self.helpers.make_target()
self.subdomain_file = await self.helpers.wordlist(self.config.get("wordlist"))
self.subdomain_list = set(self.helpers.read_file(self.subdomain_file))

ms_on_prem_string_file = self.helpers.wordlist_dir / "ms_on_prem_subdomains.txt"
ms_on_prem_strings = set(self.helpers.read_file(ms_on_prem_string_file))
self.subdomain_list.update(ms_on_prem_strings)

self.max_resolvers = self.config.get("max_resolvers", 1000)
self.max_mutations = self.config.get("max_mutations", 500)
nameservers_url = (
Expand Down Expand Up @@ -104,7 +110,7 @@ async def handle_event(self, event):
self.source_events.add_target(event)

self.info(f"Brute-forcing subdomains for {query} (source: {event.data})")
for hostname in await self.massdns(query, self.helpers.read_file(self.subdomain_file)):
for hostname in await self.massdns(query, self.subdomain_list):
self.emit_result(hostname, event, query)

def abort_if(self, event):
Expand Down Expand Up @@ -278,7 +284,7 @@ async def _massdns(self, domain, subdomains):
hosts_yielded.add(hostname_hash)
yield hostname, data, rdtype

async def finish(self):
async def sfinish(self):
found = sorted(self.found.items(), key=lambda x: len(x[-1]), reverse=True)
# if we have a lot of rounds to make, don't try mutations on less-populated domains
trimmed_found = []
Expand Down
101 changes: 101 additions & 0 deletions bbot/wordlists/ms_on_prem_subdomains.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,101 @@
adfs
adfs01
adfs02
adfs1
adfs2
adfs3
adfsproxy
adfstest
auth
fed
federate
federated
federation
federationfs
fs
fs1
fs2
fs3
fs4
gateway
login
portal
saml
sso
sts
wap
webmail
owa
hybrid
hybrid-cloud
email
outlook
exchange
mail2
webmail2
mail1
mailbox
mail01
mailman
mailgate
mailbackup
mail3
webmail1
webmail3
mailing
mailserver
mailhost
mailer
mailadmin
imap
pop3
post
post1
post2
mail
remote
desktop
desktop1
desktop2
desktops
extranet
mydesktop
ra
rdesktop
rdgate
rdp
rdpweb
rds
rdsh
rdweb
remote01
remote02
remote1
remote2
remote3
remote4
remoteapp
remoteapps
remotedesktop
remotegateway
tsweb
vdesktop
vdi
dialin
meet
lync
lyncweb
sip
skype
sfbweb
scheduler
lyncext
lyncdiscoverinternal
access
lyncaccess01
lyncaccess
lync10
wac
_sipinternaltls
uc
lyncdiscover

0 comments on commit 1655bc7

Please sign in to comment.