diff --git a/bbot/modules/base.py b/bbot/modules/base.py index 65731d7fa..9101c800a 100644 --- a/bbot/modules/base.py +++ b/bbot/modules/base.py @@ -5,8 +5,8 @@ from contextlib import suppress from ..core.helpers.misc import get_size # noqa +from ..core.errors import ValidationError from ..core.helpers.async_helpers import TaskCounter -from ..core.errors import ValidationError, WordlistError class BaseModule: @@ -527,9 +527,6 @@ async def _setup(self): self.debug(f"Finished setting up module {self.name}") except Exception as e: self.set_error_state() - # soft-fail if it's only a wordlist error - if isinstance(e, WordlistError): - status = None msg = f"{e}" self.trace() return self.name, status, str(msg) diff --git a/bbot/modules/massdns.py b/bbot/modules/massdns.py index 7e4331f5b..5dcd10ded 100644 --- a/bbot/modules/massdns.py +++ b/bbot/modules/massdns.py @@ -74,6 +74,12 @@ async def setup(self): self.mutations_tried = set() self.source_events = self.helpers.make_target() self.subdomain_file = await self.helpers.wordlist(self.config.get("wordlist")) + self.subdomain_list = set(self.helpers.read_file(self.subdomain_file)) + + ms_on_prem_string_file = self.helpers.wordlist_dir / "ms_on_prem_subdomains.txt" + ms_on_prem_strings = set(self.helpers.read_file(ms_on_prem_string_file)) + self.subdomain_list.update(ms_on_prem_strings) + self.max_resolvers = self.config.get("max_resolvers", 1000) self.max_mutations = self.config.get("max_mutations", 500) nameservers_url = ( @@ -104,7 +110,7 @@ async def handle_event(self, event): self.source_events.add_target(event) self.info(f"Brute-forcing subdomains for {query} (source: {event.data})") - for hostname in await self.massdns(query, self.helpers.read_file(self.subdomain_file)): + for hostname in await self.massdns(query, self.subdomain_list): self.emit_result(hostname, event, query) def abort_if(self, event): diff --git a/bbot/test/test_step_1/test_modules_basic.py b/bbot/test/test_step_1/test_modules_basic.py index 77c25a7a1..b4d61f516 100644 --- a/bbot/test/test_step_1/test_modules_basic.py +++ b/bbot/test/test_step_1/test_modules_basic.py @@ -82,6 +82,7 @@ async def test_modules_basic(scan, helpers, events, bbot_config, bbot_scanner, h modules=list(set(available_modules + available_internal_modules)), output_modules=list(available_output_modules), config=bbot_config, + force_start=True, ) scan2.helpers.dns.fallback_nameservers_file = fallback_nameservers await scan2.load_modules() @@ -174,9 +175,9 @@ async def test_modules_basic_perhostonly(scan, helpers, events, bbot_config, bbo "evilcorp.com", modules=list(set(available_modules + available_internal_modules)), config=bbot_config, + force_start=True, ) - await per_host_scan.load_modules() await per_host_scan.setup_modules() per_host_scan.status = "RUNNING" @@ -214,6 +215,7 @@ async def test_modules_basic_perdomainonly(scan, helpers, events, bbot_config, b "evilcorp.com", modules=list(set(available_modules + available_internal_modules)), config=bbot_config, + force_start=True, ) await per_domain_scan.load_modules() diff --git a/bbot/wordlists/ms_on_prem_subdomains.txt b/bbot/wordlists/ms_on_prem_subdomains.txt new file mode 100644 index 000000000..b323e4605 --- /dev/null +++ b/bbot/wordlists/ms_on_prem_subdomains.txt @@ -0,0 +1,101 @@ +adfs +adfs01 +adfs02 +adfs1 +adfs2 +adfs3 +adfsproxy +adfstest +auth +fed +federate +federated +federation +federationfs +fs +fs1 +fs2 +fs3 +fs4 +gateway +login +portal +saml +sso +sts +wap +webmail +owa +hybrid +hybrid-cloud +email +outlook +exchange +mail2 +webmail2 +mail1 +mailbox +mail01 +mailman +mailgate +mailbackup +mail3 +webmail1 +webmail3 +mailing +mailserver +mailhost +mailer +mailadmin +imap +pop3 +post +post1 +post2 +mail +remote +desktop +desktop1 +desktop2 +desktops +extranet +mydesktop +ra +rdesktop +rdgate +rdp +rdpweb +rds +rdsh +rdweb +remote01 +remote02 +remote1 +remote2 +remote3 +remote4 +remoteapp +remoteapps +remotedesktop +remotegateway +tsweb +vdesktop +vdi +dialin +meet +lync +lyncweb +sip +skype +sfbweb +scheduler +lyncext +lyncdiscoverinternal +access +lyncaccess01 +lyncaccess +lync10 +wac +_sipinternaltls +uc +lyncdiscover