boy-hack / ksubdomain Goto Github PK

View Code? Open in Web Editor NEW

853.0 13.0 127.0 2.49 MB

Subdomain enumeration tool, asynchronous dns packets, use pcap to scan 1600,000 subdomains in 1 second

License: MIT License

Go 99.65% Shell 0.35%

subdomain hacker-tools bugbounty

ksubdomain's Introduction

ksubdomain是一款基于无状态的子域名爆破工具，类似无状态端口扫描，支持在Windows/Linux/Mac上进行快速的DNS爆破，拥有重发机制不用担心漏包。

hacking8信息流的src资产收集 https://i.hacking8.com/src/ 用的是ksubdomain

安装

下载二进制 https://github.com/boy-hack/ksubdomain/releases
安装libpcap环境
- Windows 下载npcap驱动，winpcap驱动有人反馈无效
- Linux 已经静态编译打包libpcap，无需其他操作
- MacOS 自带libpcap,无需其他操作
执行!

快速安装

需要go 1.17以上版本并安装libpcap环境，运行以下命令

go install -v github.com/boy-hack/ksubdomain/cmd/ksubdomain@latest

Useage

NAME:
   KSubdomain - 无状态子域名爆破工具

USAGE:
   ksubdomain [global options] command [command options] [arguments...]

VERSION:
   1.8.6

COMMANDS:
   enum, e    枚举域名
   verify, v  验证模式
   test       测试本地网卡的最大发送速度
   help, h    Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --help, -h     show help (default: false)
   --version, -v  print the version (default: false)

模式

验证模式 提供完整的域名列表，ksubdomain负责快速获取结果

./ksubdomain verify -h

NAME:
   ksubdomain verify - 验证模式

USAGE:
   ksubdomain verify [command options] [arguments...]

OPTIONS:
   --filename value, -f value   验证域名文件路径
   --band value, -b value       宽带的下行速度，可以5M,5K,5G (default: "2m")
   --resolvers value, -r value  dns服务器文件路径，一行一个dns地址
   --output value, -o value     输出文件名
   --silent                     使用后屏幕将仅输出域名 (default: false)
   --retry value                重试次数,当为-1时将一直重试 (default: 3)
   --timeout value              超时时间 (default: 6)
   --stdin                      接受stdin输入 (default: false)
   --only-domain, --od          只打印域名，不显示ip (default: false)
   --not-print, --np            不打印域名结果 (default: false)
   --dns-type value             dns类型 1为a记录 2为ns记录 5为cname记录 16为txt (default: 1)
   --help, -h                   show help (default: false)

从文件读取 
./ksubdomain v -f dict.txt

从stdin读取
echo "www.hacking8.com"|./ksubdomain v --stdin

读取ns记录
echo "hacking8.com" | ./ksubdomain v --stdin --dns-type 2

枚举模式 只提供一级域名，指定域名字典或使用ksubdomain内置字典，枚举所有二级域名

./ksubdomain enum -h

NAME:
   ksubdomain enum - 枚举域名

USAGE:
   ksubdomain enum [command options] [arguments...]

OPTIONS:
   --band value, -b value          宽带的下行速度，可以5M,5K,5G (default: "2m")
   --resolvers value, -r value     dns服务器文件路径，一行一个dns地址
   --output value, -o value        输出文件名
   --silent                        使用后屏幕将仅输出域名 (default: false)
   --retry value                   重试次数,当为-1时将一直重试 (default: 3)
   --timeout value                 超时时间 (default: 6)
   --stdin                         接受stdin输入 (default: false)
   --only-domain, --od             只打印域名，不显示ip (default: false)
   --not-print, --np               不打印域名结果 (default: false)
   --dns-type value                dns类型 1为a记录 2为ns记录 5为cname记录 16为txt (default: 1)
   --domain value, -d value        爆破的域名
   --domainList value, --dl value  从文件中指定域名
   --filename value, -f value      字典路径
   --skip-wild                     跳过泛解析域名 (default: false)
   --level value, -l value         枚举几级域名，默认为2，二级域名 (default: 2)
   --level-dict value, --ld value  枚举多级域名的字典文件，当level大于2时候使用，不填则会默认
   --help, -h                      show help (default: false)

./ksubdomain e -d baidu.com

从stdin获取
echo "baidu.com"|./ksubdomain e --stdin

特性和Tips

无状态爆破，有失败重发机制，速度极快
中文帮助，-h会看到中文帮助
两种模式，枚举模式和验证模式，枚举模式内置10w字典
将网络参数简化为了-b参数，输入你的网络下载速度如-b 5m，将会自动限制网卡发包速度。
可以使用./ksubdomain test来测试本地最大发包数
获取网卡改为了全自动并可以根据配置文件读取。
会有一个时时的进度条，依次显示成功/发送/队列/接收/失败/耗时信息。
不同规模的数据，调整 --retry --timeout参数即可获得最优效果
当--retry为-1，将会一直重试直到所有成功。
支持爆破ns记录

与massdns、dnsx对比

使用100w字典，在4H5M的网络环境下测试

	ksubdomain	massdns	dnsx
支持系统	Windows/Linux/Darwin	Windows/Linux/Darwin	Windows/Linux/Darwin
功能	支持验证和枚举	只能验证	只能验证
发包方式	pcap网卡发包	epoll,pcap,socket	socket
命令行	time ./ksubdomain v -b 5m -f d2.txt -o ksubdomain.txt -r dns.txt --retry 3 --np	time ./massdns -r dns.txt -t AAAA -w massdns.txt d2.txt --root -o L	time ./dnsx -a -o dnsx.txt -r dns.txt -l d2.txt -retry 3 -t 5000
备注	加了--np 防止打印过多
结果	耗时:1m28.273s 成功个数:1397	耗时:3m29.337s 成功个数:1396	耗时:5m26.780s 成功个数:1396

ksubdomain只需要1分半，速度远远比massdns、dnsx快~

参考

原ksubdomain https://github.com/knownsec/ksubdomain
从 Masscan, Zmap 源码分析到开发实践 https://paper.seebug.org/1052/
ksubdomain 无状态域名爆破工具介绍 https://paper.seebug.org/1325/
ksubdomain与massdns的对比

ksubdomain's People

Contributors

Stargazers

Watchers

Forkers

atlassion phuong39 orgyia j5s crackercat ming-sec jungley1 bgrstar kosakd b1gw00d shantanu561993 nanaao attacker-codeninja wooyun-evil kenuosec nospread ko-htut polling-repo-continua nucleareris ddostest123 likelym morns0 secfb fanyibo2009 fbion zt2 geekmc geraldo1993 aqimmm darkkid0 tw1ps th3blackp3arl qianniaoge yeyingsec shadow1ng repos-backup sec-fork patrickstarwow bigjar 482949203 leasonj mmonkeys 3yujw7njai sholway sunsetmkt m4d3bug startagain2016 greatspider135 richard6666 wangyi0127 kzaopa ajatars ofalwl sylviagaytaneh2021 navin-hacsociety fzpixzj90h7baqieoop5hg secloop jeromeyoung imemaker freetest trevor3000 civil-rakesh crazyn1nja doytsujin who-ami 0xsojalsec y0d4a elamaran619 madusec funnydog896 d4op tz0385 bosyment senu11 evil7en9 ghosttroops sobinge explangcn joey1097 jakieborn gg-big-org whoiszzr m09ic jatteny bingpo hellodsb niudaii rainclv wen0750 qinyuze wg1314 idtek purewatersun wkend mwb0350 nut-free dev0tool acodervic no-github nonu11

ksubdomain's Issues

Ksubdomain无结果

环境：Docker部署的Alpine系统，该容器同时还部署了其他工具，但是只有ksubdomain无结果，情况如下：

这个版本有问题还是对ARM for Linux的支持不好，问题无法解决，请求作者帮助。

hi linux下面的一些小问题ovo

请问linux下面可以在non-root的情况下使用ksubdomain么
好像在linux下面调用pcap是没权限的(可能因为我没找到给libpcap赋non-root的权限的办法)
目前临时的解决办法就是通过alias写到 .zshrc [alias ksubdomain='sudo ksubdomain']（先前我用ln -s创建了软链接）
请问会有更好的解决办法嘛 ~
辛苦！

执行语句：./ksubdomain e -d xxx.com
报错内容：
循环：
[Warning] WritePacketDate error:send: Bad file descriptor
[Warning] WritePacketDate error:send: Bad file descriptor
[Warning] WritePacketDate error:send: Bad file descriptor
[Warning] WritePacketDate error:send: Bad file descriptor
[Warning] WritePacketDate error:send: Bad file descriptor
[Warning] WritePacketDate error:send: Bad file descriptor
[Warning] WritePacketDate error:send: Bad file descriptor
[Warning] WritePacketDate error:send: Bad file descriptor
[Warning] WritePacketDate error:send: Bad file descriptor

无法编译32位程序

当然，可以声明不支持32位
32位程序可以编译通过，但是在运行的时候会panic，atomic库导致的，内存对齐问题，具体原因可以参考https://pengrl.com/p/21030/
建议加上不支持32位的声明或相关提示，我也是不小心弄错了环境变量才发现的。

docker ubuntu root user ./ksubdomain test

[Error] pcap打开失败:eth0: You don't have permission to capture on that device (socket: Operation not permitted)

请教作者命令使用是否正确

场景:拥有一批二级域名，想跑三级域名
命令:./ksubdomain e --domainList domain.txt --silent -f dic/subdomains_long.txt -l 3 -o result.txt
你好，请问这样会用字典去跑字典里的二级域名的三级域名吗，想直接请教一下作者。

docker运行报错

bash-5.1# ./ksubdomain
Error relocating ./ksubdomain: __snprintf_chk: symbol not found
Error relocating ./ksubdomain: __vfprintf_chk: symbol not found
Error relocating ./ksubdomain: getnetbyname_r: symbol not found
Error relocating ./ksubdomain: __asprintf_chk: symbol not found
Error relocating ./ksubdomain: __memcpy_chk: symbol not found
Error relocating ./ksubdomain: __vsnprintf_chk: symbol not found
Error relocating ./ksubdomain: __fread_chk: symbol not found
Error relocating ./ksubdomain: __longjmp_chk: symbol not found
Error relocating ./ksubdomain: __memset_chk: symbol not found
Error relocating ./ksubdomain: __fprintf_chk: symbol not found
Error relocating ./ksubdomain: getprotobyname_r: symbol not found

docker运行报错

image python:3.8-alpine
Linux aa9ec1622559 5.4.0-90-generic #101-Ubuntu SMP Fri Oct 15 20:00:55 UTC 2021 x86_64 Linux

是缺什么依赖么

[feature request] 希望能够添加通配符域名过滤的功能

在爆破子域名的时候, 可以生成10(可通过参数指定)个随机子域名进行请求, 如果这10个随机子域名都能被解析到某个或某几个ip地址, 那就认定这个能够解析到这些ip地址的子域名为通配符域名, 过滤或者标记同样解析到这个ip地址的子域名. 这种情况最好不要停止爆破, 因为通配符域名下也可能存活着一些真正被使用的域名, 如果解析到新的ip地址再将其正常输出.

请问怎么样可以让他保存的内容只有子域名

./ksubdomain enum -d baidu.com --skip-wild --silent --only-domain --output ksubdomain-baidu.txt

这个屏幕只打印子域名，但是保存的内容还是一堆，有什么参数可以实现吗？

【建议】ksubdomain.yaml这个文件可以在固定目录位置生成嘛，命令添加到环境变量了，每次都在运行目录下生成

[feature request] 增加失败域名导出选项

对于大规模的扫描，不太容易预估设置多少超时，如果第一次设置的超时不够可能会导致很多状态为fail的域名，而这些域名中有些可能是实际存在的，重新增大延迟跑一遍又非常浪费时间，所以希望有一个失败域名导出选项，导出这些失败的域名以便二次扫描。

内存消耗大，是否可以优化一下

域名很多的情况下，最后会卡住

当我跑了几百个域名以后，跑出的结果，内容其实是已经写入文件了，但是会一直卡住

师傅能不能弄个Go的api接口？

类似Subfinder Go library

buf := bytes.Buffer{}
	err = runnerInstance.EnumerateSingleDomain(context.Background(), "projectdiscovery.io", []io.Writer{&buf})
	if err != nil {
		log.Fatal(err)
	}

	data, err := io.ReadAll(&buf)

我看了师傅的代码，目前只支持写入文件。

if isWrite {
      .........
}

简单点的，可以弄成

buf := bytes.Buffer{}
if api{
			_, err = buf.WriteString(msg + "\n")
		}

Mac 运行报错

ProductName:	macOS
ProductVersion:	11.3.1
BuildVersion:	20E241

╰─➤  ./ksubdomain e -d baidu.com

 _              _         _                       _
| | _____ _   _| |__   __| | ___  _ __ ___   __ _(_)_ __
| |/ / __| | | | '_ \ / _' |/ _ \| '_ ' _ \ / _| | | '_ \
|   <\__ \ |_| | |_) | (_| | (_) | | | | | | (_| | | | | |
|_|\_\___/\__,_|_.__/ \__,_|\___/|_| |_| |_|\__,_|_|_| |_|

[INFO] Current Version: 1.8.3
[INFO] libpcap version 1.9.1
[INFO] 读取配置ksubdomain.yaml成功!
[INFO] Use Device: en0
[INFO] Use IP:192.168.1.2
[INFO] Local Mac: f8:ff:c2:50:42:86
[INFO] GateWay Mac: c8:5a:9f:1d:88:0a
[INFO] DNS:[223.5.5.5 223.6.6.6 180.76.76.76 119.29.29.29 182.254.116.116 114.114.114.115]
[INFO] 检测域名:[baidu.com]
[INFO] Rate:14696pps
[INFO] FreePort:49763
fatal error: unexpected signal during runtime execution
[signal SIGSEGV: segmentation violation code=0x1 addr=0xb01dfacedebac1e pc=0x7fff2052dc9e]

runtime stack:
runtime: unexpected return pc for runtime.sigpanic called from 0x7fff2052dc9e
stack: frame={sp:0x70000c629e58, fp:0x70000c629ea8} stack=[0x70000c5aa338,0x70000c629f38)
0x000070000c629d58:  0x010070000c629d78  0x0000000000000004
0x000070000c629d68:  0x000000000000001f  0x00007fff2052dc9e
0x000070000c629d78:  0x0b01dfacedebac1e  0x0000000000000001
0x000070000c629d88:  0x00000000040362d1 <runtime.throw+0x0000000000000071>  0x000070000c629e28
0x000070000c629d98:  0x000000000431e23a  0x000070000c629de0
0x000070000c629da8:  0x0000000004036588 <runtime.fatalthrow.func1+0x0000000000000048>  0x000000c0001021a0
0x000070000c629db8:  0x0000000000000001  0x0000000000000001
0x000070000c629dc8:  0x000070000c629e28  0x00000000040362d1 <runtime.throw+0x0000000000000071>
0x000070000c629dd8:  0x000000c0001021a0  0x000070000c629e18
0x000070000c629de8:  0x0000000004036510 <runtime.fatalthrow+0x0000000000000050>  0x000070000c629df8
0x000070000c629df8:  0x0000000004036540 <runtime.fatalthrow.func1+0x0000000000000000>  0x000000c0001021a0
0x000070000c629e08:  0x00000000040362d1 <runtime.throw+0x0000000000000071>  0x000070000c629e28
0x000070000c629e18:  0x000070000c629e48  0x00000000040362d1 <runtime.throw+0x0000000000000071>
0x000070000c629e28:  0x000070000c629e30  0x0000000004036300 <runtime.throw.func1+0x0000000000000000>
0x000070000c629e38:  0x000000000432303a  0x000000000000002a
0x000070000c629e48:  0x000070000c629e98  0x000000000404b8d6 <runtime.sigpanic+0x0000000000000396>
0x000070000c629e58: <0x000000000432303a  0x000000000403f19e <runtime.checkTimers+0x000000000000005e>
0x000070000c629e68:  0x00000ac0c6167f6b  0x000070000c629e98
0x000070000c629e78:  0x000070000c629ea0  0x000000000403d78f <runtime.execute+0x000000000000012f>
0x000070000c629e88:  0x000000c0000b16f8  0x0000000200000001
0x000070000c629e98:  0x000070000c629ee0 !0x00007fff2052dc9e
0x000070000c629ea8: >0x000070000c629ee0  0x000000000464c000
0x000070000c629eb8:  0x0000000000000241  0x00000000040e4605 <golang.org/x/sys/unix.libc_ioctl_trampoline+0x0000000000000005>
0x000070000c629ec8:  0x000000000406777f <runtime.syscall+0x000000000000001f>  0x000000c000063368
0x000070000c629ed8:  0x000000c0000b16c0  0x000000c000063338
0x000070000c629ee8:  0x0000000004065610 <runtime.asmcgocall+0x0000000000000070>  0x000000000403f4cd <runtime.park_m+0x000000000000014d>
0x000070000c629ef8:  0x000000c0000001a0  0x0000000400000002
0x000070000c629f08:  0x000000c0001021a0  0x000000c0000001a0
0x000070000c629f18:  0x00000000000004f0  0x000000c0000b16c0
0x000070000c629f28:  0x000000c0000001a0  0x000070000c629f50
runtime.throw({0x432303a, 0x403f19e})
	/Users/runner/hostedtoolcache/go/1.17.7/x64/src/runtime/panic.go:1198 +0x71
runtime: unexpected return pc for runtime.sigpanic called from 0x7fff2052dc9e
stack: frame={sp:0x70000c629e58, fp:0x70000c629ea8} stack=[0x70000c5aa338,0x70000c629f38)
0x000070000c629d58:  0x010070000c629d78  0x0000000000000004
0x000070000c629d68:  0x000000000000001f  0x00007fff2052dc9e
0x000070000c629d78:  0x0b01dfacedebac1e  0x0000000000000001
0x000070000c629d88:  0x00000000040362d1 <runtime.throw+0x0000000000000071>  0x000070000c629e28
0x000070000c629d98:  0x000000000431e23a  0x000070000c629de0
0x000070000c629da8:  0x0000000004036588 <runtime.fatalthrow.func1+0x0000000000000048>  0x000000c0001021a0
0x000070000c629db8:  0x0000000000000001  0x0000000000000001
0x000070000c629dc8:  0x000070000c629e28  0x00000000040362d1 <runtime.throw+0x0000000000000071>
0x000070000c629dd8:  0x000000c0001021a0  0x000070000c629e18
0x000070000c629de8:  0x0000000004036510 <runtime.fatalthrow+0x0000000000000050>  0x000070000c629df8
0x000070000c629df8:  0x0000000004036540 <runtime.fatalthrow.func1+0x0000000000000000>  0x000000c0001021a0
0x000070000c629e08:  0x00000000040362d1 <runtime.throw+0x0000000000000071>  0x000070000c629e28
0x000070000c629e18:  0x000070000c629e48  0x00000000040362d1 <runtime.throw+0x0000000000000071>
0x000070000c629e28:  0x000070000c629e30  0x0000000004036300 <runtime.throw.func1+0x0000000000000000>
0x000070000c629e38:  0x000000000432303a  0x000000000000002a
0x000070000c629e48:  0x000070000c629e98  0x000000000404b8d6 <runtime.sigpanic+0x0000000000000396>
0x000070000c629e58: <0x000000000432303a  0x000000000403f19e <runtime.checkTimers+0x000000000000005e>
0x000070000c629e68:  0x00000ac0c6167f6b  0x000070000c629e98
0x000070000c629e78:  0x000070000c629ea0  0x000000000403d78f <runtime.execute+0x000000000000012f>
0x000070000c629e88:  0x000000c0000b16f8  0x0000000200000001
0x000070000c629e98:  0x000070000c629ee0 !0x00007fff2052dc9e
0x000070000c629ea8: >0x000070000c629ee0  0x000000000464c000
0x000070000c629eb8:  0x0000000000000241  0x00000000040e4605 <golang.org/x/sys/unix.libc_ioctl_trampoline+0x0000000000000005>
0x000070000c629ec8:  0x000000000406777f <runtime.syscall+0x000000000000001f>  0x000000c000063368
0x000070000c629ed8:  0x000000c0000b16c0  0x000000c000063338
0x000070000c629ee8:  0x0000000004065610 <runtime.asmcgocall+0x0000000000000070>  0x000000000403f4cd <runtime.park_m+0x000000000000014d>
0x000070000c629ef8:  0x000000c0000001a0  0x0000000400000002
0x000070000c629f08:  0x000000c0001021a0  0x000000c0000001a0
0x000070000c629f18:  0x00000000000004f0  0x000000c0000b16c0
0x000070000c629f28:  0x000000c0000001a0  0x000070000c629f50
runtime.sigpanic()
	/Users/runner/hostedtoolcache/go/1.17.7/x64/src/runtime/signal_unix.go:719 +0x396

goroutine 15 [syscall]:
syscall.syscall(0x40e4600, 0x1, 0x40087468, 0xc0000633f8)
	/Users/runner/hostedtoolcache/go/1.17.7/x64/src/runtime/sys_darwin.go:22 +0x3b fp=0xc000063368 sp=0xc000063348 pc=0x406225b
syscall.syscall(0x0, 0x0, 0x0, 0x0)
	<autogenerated>:1 +0x26 fp=0xc0000633b0 sp=0xc000063368 pc=0x4067f06
golang.org/x/sys/unix.ioctl(0x0, 0x0, 0x0)
	/Users/runner/go/pkg/mod/golang.org/x/[email protected]/unix/zsyscall_darwin_amd64.go:731 +0x39 fp=0xc0000633e0 sp=0xc0000633b0 pc=0x40e4299
golang.org/x/sys/unix.IoctlGetWinsize(...)
	/Users/runner/go/pkg/mod/golang.org/x/[email protected]/unix/ioctl.go:66
golang.org/x/crypto/ssh/terminal.GetSize(0x0)
	/Users/runner/go/pkg/mod/golang.org/x/[email protected]/ssh/terminal/util.go:80 +0x2c fp=0xc000063410 sp=0xc0000633e0 pc=0x422f2cc
github.com/boy-hack/ksubdomain/core.GetWindowWith()
	/Users/runner/work/ksubdomain/ksubdomain/core/util.go:57 +0x55 fp=0xc000063430 sp=0xc000063410 pc=0x4230675
github.com/boy-hack/ksubdomain/runner.(*runner).handleResult(0xc0000a56c0, {0x0, 0x0})
	/Users/runner/work/ksubdomain/ksubdomain/runner/result.go:20 +0x45 fp=0xc0000637b8 sp=0xc000063430 pc=0x426f045
github.com/boy-hack/ksubdomain/runner.(*runner).RunEnumeration·dwrap·6()
	/Users/runner/work/ksubdomain/ksubdomain/runner/runner.go:224 +0x2e fp=0xc0000637e0 sp=0xc0000637b8 pc=0x4271c8e
runtime.goexit()
	/Users/runner/hostedtoolcache/go/1.17.7/x64/src/runtime/asm_amd64.s:1581 +0x1 fp=0xc0000637e8 sp=0xc0000637e0 pc=0x4065901
created by github.com/boy-hack/ksubdomain/runner.(*runner).RunEnumeration
	/Users/runner/work/ksubdomain/ksubdomain/runner/runner.go:224 +0x1c5

goroutine 1 [select]:
github.com/boy-hack/ksubdomain/runner.(*runner).RunEnumeration(0xc0000a56c0)
	/Users/runner/work/ksubdomain/ksubdomain/runner/runner.go:230 +0x266
main.glob..func1(0xc000020cc0)
	/Users/runner/work/ksubdomain/ksubdomain/cmd/ksubdomain/enum.go:107 +0x76e
github.com/urfave/cli/v2.(*Command).Run(0x46689c0, 0xc0000205c0)
	/Users/runner/go/pkg/mod/github.com/urfave/cli/[email protected]/command.go:163 +0x64a
github.com/urfave/cli/v2.(*App).RunContext(0xc0000b0b60, {0x444f250, 0xc00002a0d0}, {0xc000020080, 0x4, 0x4})
	/Users/runner/go/pkg/mod/github.com/urfave/cli/[email protected]/app.go:313 +0x81e
github.com/urfave/cli/v2.(*App).Run(...)
	/Users/runner/go/pkg/mod/github.com/urfave/cli/[email protected]/app.go:224
main.main()
	/Users/runner/work/ksubdomain/ksubdomain/cmd/ksubdomain/cmd.go:22 +0x126

goroutine 10 [runnable]:
github.com/boy-hack/ksubdomain/runner.New.func1()
	/Users/runner/work/ksubdomain/ksubdomain/runner/runner.go:113
created by github.com/boy-hack/ksubdomain/runner.New
	/Users/runner/work/ksubdomain/ksubdomain/runner/runner.go:113 +0x565

goroutine 11 [runnable]:
github.com/boy-hack/ksubdomain/runner.(*runner).RunEnumeration·dwrap·4()
	/Users/runner/work/ksubdomain/ksubdomain/runner/runner.go:220
runtime.goexit()
	/Users/runner/hostedtoolcache/go/1.17.7/x64/src/runtime/asm_amd64.s:1581 +0x1
created by github.com/boy-hack/ksubdomain/runner.(*runner).RunEnumeration
	/Users/runner/work/ksubdomain/ksubdomain/runner/runner.go:220 +0xd1

goroutine 12 [chan receive]:
github.com/boy-hack/ksubdomain/runner.(*runner).sendCycle(0xc0000a56c0, {0x0, 0x0})
	/Users/runner/work/ksubdomain/ksubdomain/runner/send.go:17 +0xaa
created by github.com/boy-hack/ksubdomain/runner.(*runner).RunEnumeration
	/Users/runner/work/ksubdomain/ksubdomain/runner/runner.go:222 +0xdf

goroutine 13 [runnable]:
github.com/boy-hack/ksubdomain/runner.(*runner).RunEnumeration·dwrap·5()
	/Users/runner/work/ksubdomain/ksubdomain/runner/runner.go:222
runtime.goexit()
	/Users/runner/hostedtoolcache/go/1.17.7/x64/src/runtime/asm_amd64.s:1581 +0x1
created by github.com/boy-hack/ksubdomain/runner.(*runner).RunEnumeration
	/Users/runner/work/ksubdomain/ksubdomain/runner/runner.go:222 +0xdf

goroutine 14 [runnable]:
github.com/boy-hack/ksubdomain/runner.(*runner).RunEnumeration·dwrap·5()
	/Users/runner/work/ksubdomain/ksubdomain/runner/runner.go:222
runtime.goexit()
	/Users/runner/hostedtoolcache/go/1.17.7/x64/src/runtime/asm_amd64.s:1581 +0x1
created by github.com/boy-hack/ksubdomain/runner.(*runner).RunEnumeration
	/Users/runner/work/ksubdomain/ksubdomain/runner/runner.go:222 +0xdf

运行报错

能否设置成像dnsx一样直接 go install 安装

dnsx requires go1.17 to install successfully. Run the following command to get the repo -

go install -v github.com/projectdiscovery/dnsx/cmd/dnsx@latest

像这种方式

枚举多级域名的参数配置

请问一下师傅
如果需要枚举多级域名

ksubdomain e -l 3 -d i.baidu.com

是这样配置的吗

socket issue.

what is the issue?

One more thing. please please use English language. We can't read China language. It is difficult to read. Please make easier.

API接口

api网络接口模式在新版本被移除了吗

枚举模式好像有些问题

枚举模式好像有些问题，试了好几个域名都没结果

ksubdomain e -d google.com

[INFO] Current Version: 1.9.5
[INFO] 读取配置ksubdomain.yaml成功!
[INFO] Use Device: eth0
[INFO] Use IP:10.17.0.5
[INFO] Local Mac: a6:1xxxxxx:17:bf
[INFO] GateWay Mac: fe:0xxxxxx01:01
[INFO] libpcap version 1.9.1 (with TPACKET_V3)
[INFO] Default DNS:[223.5.5.5,223.6.6.6,119.29.29.29,182.254.116.116,114.114.114.115]
[INFO] Domain Count:103744
[INFO] Rate:14696pps
[INFO] FreePort:37357
Success:0 Send:518720 Queue:0 Accept:0 Fail:103744 Elapsed:59s
[INFO] 扫描完毕

自动生成的配置文件
src_ip: 10.17.0.5
device: eth0
src_mac: a6:1xxxxxx:17:bf
dst_mac: fe:0xxxxxx01:01

网卡配置

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 16x.xx.xx.71 netmask 255.255.240.0 broadcast 16x.xx.xx.255
inet6 fe8xxxxxxxxxxxxxed:17bf prefixlen 64 scopeid 0x20
ether a6:12xxxxxxxxx7:bf txqueuelen 1000 (Ethernet)
RX packets 57098586 bytes 21600152403 (21.6 GB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 53186680 bytes 8359693999 (8.3 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.108.0.2 netmask 255.255.240.0 broadcast 10.108.15.255
inet6 fe80xxxxxxxxx823 prefixlen 64 scopeid 0x20
ether fa:2xxxxxxxxx8:23 txqueuelen 1000 (Ethernet)
RX packets 2239 bytes 156806 (156.8 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2286 bytes 160156 (160.1 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

[feature request] 优化输出, 支持输出json,csv格式

默认的输出格式不太好解析, 能否格式化输出, 例如类似dnsx的输出格式.

[Error] pcap打开失败:en0: You don't have permission to capture on that device ((cannot open BPF device) /dev/bpf0: Permission denied)

运行报错了

运行命令：
./ksubdomain e --dl domain.txt --skip-wild -o domain.res.txt

运行环境：
Linux iZ0jl6sj2hcptdpgfcns0uZ 3.10.0-1160.83.1.el7.x86_64 #1 SMP Wed Jan 25 16:41:43 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

运行版本: 1.9.5

报错信息：

fatal error: runtime: out of memory

runtime stack:
runtime.throw({0x89301c, 0x7000000})
/opt/hostedtoolcache/go/1.17.8/x64/src/runtime/panic.go:1198 +0x71
runtime.sysMap(0xc023c00000, 0x42efc0, 0x7ffd326fca48)
/opt/hostedtoolcache/go/1.17.8/x64/src/runtime/mem_linux.go:169 +0x96
runtime.(*mheap).grow(0xd35160, 0x3740)
/opt/hostedtoolcache/go/1.17.8/x64/src/runtime/mheap.go:1393 +0x225
runtime.(*mheap).allocSpan(0xd35160, 0x3740, 0x0, 0x0)
/opt/hostedtoolcache/go/1.17.8/x64/src/runtime/mheap.go:1179 +0x165
runtime.(*mheap).alloc.func1()
/opt/hostedtoolcache/go/1.17.8/x64/src/runtime/mheap.go:913 +0x69
runtime.systemstack()
/opt/hostedtoolcache/go/1.17.8/x64/src/runtime/asm_amd64.s:383 +0x49

goroutine 4171 [running]:
runtime.systemstack_switch()
/opt/hostedtoolcache/go/1.17.8/x64/src/runtime/asm_amd64.s:350 fp=0xc000053b60 sp=0xc000053b58 pc=0x465e20
runtime.(*mheap).alloc(0x6e80000, 0x3740, 0xb1, 0x1)
/opt/hostedtoolcache/go/1.17.8/x64/src/runtime/mheap.go:907 +0x73 fp=0xc000053bb0 sp=0xc000053b60 pc=0x42b2f3
runtime.(*mcache).allocLarge(0xc00008c340, 0x6e80000, 0xd1, 0x0)
/opt/hostedtoolcache/go/1.17.8/x64/src/runtime/mcache.go:227 +0x89 fp=0xc000053c10 sp=0xc000053bb0 pc=0x41bf69
runtime.mallocgc(0x6e80000, 0x83a7c0, 0x1)
/opt/hostedtoolcache/go/1.17.8/x64/src/runtime/malloc.go:1088 +0x5c5 fp=0xc000053c90 sp=0xc000053c10 pc=0x4127c5
runtime.newarray(0x0, 0x4082d1)
/opt/hostedtoolcache/go/1.17.8/x64/src/runtime/malloc.go:1256 +0x52 fp=0xc000053cb8 sp=0xc000053c90 pc=0x412c92
runtime.makeBucketArray(0x408166, 0x28, 0x408774)
/opt/hostedtoolcache/go/1.17.8/x64/src/runtime/map.go:362 +0x18e fp=0xc000053cf8 sp=0xc000053cb8 pc=0x413ace
runtime.hashGrow(0x7f7180799b60, 0xc00007c360)
/opt/hostedtoolcache/go/1.17.8/x64/src/runtime/map.go:1036 +0x79 fp=0xc000053d38 sp=0xc000053cf8 pc=0x415359
runtime.mapassign(0x80aec0, 0xc00007c360, 0x38)
/opt/hostedtoolcache/go/1.17.8/x64/src/runtime/map.go:648 +0xd4 fp=0xc000053db8 sp=0xc000053d38 pc=0x4142f4
sync.(*Map).Store(0xc00007d410, {0x7f3900, 0xc01de5d6b0}, {0x84e5a0, 0xc0131ed680})
/opt/hostedtoolcache/go/1.17.8/x64/src/sync/map.go:161 +0x413 fp=0xc000053e50 sp=0xc000053db8 pc=0x47b393
github.com/boy-hack/ksubdomain/runner/statusdb.(*StatusDb).Add(...)
/home/runner/work/ksubdomain/ksubdomain/runner/statusdb/db.go:31
github.com/boy-hack/ksubdomain/runner.(*runner).sendCycle(0xc00015adc0)
/home/runner/work/ksubdomain/ksubdomain/runner/send.go:27 +0x494 fp=0xc000053fc8 sp=0xc000053e50 pc=0x79a414
github.com/boy-hack/ksubdomain/runner.(*runner).RunEnumeration·dwrap·5()
/home/runner/work/ksubdomain/ksubdomain/runner/runner.go:138 +0x26 fp=0xc000053fe0 sp=0xc000053fc8 pc=0x799e46
runtime.goexit()
/opt/hostedtoolcache/go/1.17.8/x64/src/runtime/asm_amd64.s:1581 +0x1 fp=0xc000053fe8 sp=0xc000053fe0 pc=0x468041
created by github.com/boy-hack/ksubdomain/runner.(*runner).RunEnumeration
/home/runner/work/ksubdomain/ksubdomain/runner/runner.go:138 +0x125

goroutine 1 [select]:
github.com/boy-hack/ksubdomain/runner.(*runner).RunEnumeration(0xc00015adc0, {0x9f01f0, 0xc000028090})
/home/runner/work/ksubdomain/ksubdomain/runner/runner.go:150 +0x294
main.glob..func1(0xc000064cc0)
/home/runner/work/ksubdomain/ksubdomain/cmd/ksubdomain/enum.go:200 +0xd4d
github.com/urfave/cli/v2.(*Command).Run(0xcbb080, 0xc000064540)
/home/runner/go/pkg/mod/github.com/urfave/cli/[email protected]/command.go:163 +0x64a
github.com/urfave/cli/v2.(*App).RunContext(0xc00008cb60, {0x9f01f0, 0xc000028090}, {0xc000020070, 0x7, 0x7})
/home/runner/go/pkg/mod/github.com/urfave/cli/[email protected]/app.go:313 +0x81e
github.com/urfave/cli/v2.(*App).Run(...)
/home/runner/go/pkg/mod/github.com/urfave/cli/[email protected]/app.go:224
main.main()
/home/runner/work/ksubdomain/ksubdomain/cmd/ksubdomain/cmd.go:22 +0x126

goroutine 4167 [chan send]:
main.glob..func1.1()
/home/runner/work/ksubdomain/ksubdomain/cmd/ksubdomain/enum.go:130 +0x1dc
created by main.glob..func1
/home/runner/work/ksubdomain/ksubdomain/cmd/ksubdomain/enum.go:125 +0x7af

goroutine 4170 [runnable]:
github.com/google/gopacket/pcap._Cfunc_pcap_next_ex_escaping(0x33152a0, 0xc000066a08, 0xc000066a10)
_cgo_gotypes.go:558 +0x4c
github.com/google/gopacket/pcap.(*Handle).pcapNextPacketEx.func1(0xc0138b2780)
/home/runner/go/pkg/mod/github.com/google/[email protected]/pcap/pcap_unix.go:398 +0x70
github.com/google/gopacket/pcap.(*Handle).pcapNextPacketEx(0x47be45)
/home/runner/go/pkg/mod/github.com/google/[email protected]/pcap/pcap_unix.go:398 +0x19
github.com/google/gopacket/pcap.(*Handle).getNextBufPtrLocked(0xc0000669c0, 0xc000051b00)
/home/runner/go/pkg/mod/github.com/google/[email protected]/pcap/pcap.go:312 +0x72
github.com/google/gopacket/pcap.(*Handle).ReadPacketData(0xc0000669c0)
/home/runner/go/pkg/mod/github.com/google/[email protected]/pcap/pcap.go:252 +0x8c
github.com/boy-hack/ksubdomain/runner.(*runner).recvChanel(0xc00015adc0, {0x9f01b8, 0xc000064300})
/home/runner/work/ksubdomain/ksubdomain/runner/recv.go:94 +0x5c5
created by github.com/boy-hack/ksubdomain/runner.(*runner).RunEnumeration
/home/runner/work/ksubdomain/ksubdomain/runner/runner.go:137 +0xd6

goroutine 4172 [chan receive]:
github.com/boy-hack/ksubdomain/runner.(*runner).handleResult(0xc00015adc0)
/home/runner/work/ksubdomain/ksubdomain/runner/result.go:4 +0x71
created by github.com/boy-hack/ksubdomain/runner.(*runner).RunEnumeration
/home/runner/work/ksubdomain/ksubdomain/runner/runner.go:139 +0x16f

goroutine 4173 [runnable]:
github.com/boy-hack/ksubdomain/runner.(*runner).RunEnumeration.func1()
/home/runner/work/ksubdomain/ksubdomain/runner/runner.go:142 +0x65
created by github.com/boy-hack/ksubdomain/runner.(*runner).RunEnumeration
/home/runner/work/ksubdomain/ksubdomain/runner/runner.go:140 +0x1b7

卡死

Rate: 5000, Domain: []string{"baidu.com"}, FileName: "", Resolvers: defaultDns, Output: "", OutputCSV: false, Test: false, NetworkId: -1, ListNetwork: false, Silent: false, TTL: false, Stdin: false, DomainLevel: 1, // 爆破域名层级,默认爆破一级域名 SkipWildCard: true, // 泛解析跳过 SubNameFileName: "", FilterWildCard: false, TimeOut: 10, Retry: 3,

this is beautiful and a long time coming.

thank you.

m1芯片无法运行？

./ksubdomain e -d baidu.com

[Warning] WritePacketDate error:send: Bad file descriptor
[Warning] WritePacketDate error:send: Bad file descriptor
[Warning] WritePacketDate error:send: Bad file descriptor
[Warning] WritePacketDate error:send: Bad file descriptor
[Warning] WritePacketDate error:send: Bad file descriptor
[Warning] WritePacketDate error:send: Bad file descriptor
[Warning] WritePacketDate error:send: Bad file descriptor

一直报这个东西

You don't have permission to capture on that device (socket: Operation not permitted)

报错信息：
[Error] pcap打开失败:eth0: You don't have permission to capture on that device (socket: Operation not permitted)
[Error] pcap打开失败:docker0: You don't have permission to capture on that device (socket: Operation not permitted)

ksubdomain版本：1.9.5

使用系统：kali 2022.1

使用命令：./ksubdomain_linux e -d baidu.com

解决尝试：eth0是本地的真实网卡，docker0是docker网卡，刚开始以为是权限问题，加了sudo权限还是一样的问题。麻烦大佬看到以后回复一下吧。

SIGSEGV: segmentation violation

师傅有遇到过这个错误嘛？
SIGSEGV: segmentation violation
PC=0x24106a7 m=68 sigcode=1
signal arrived during cgo execution

goroutine 1530934 [syscall]:
runtime.cgocall(0x240dd20, 0xc029b06b78)
/go/pkg/mod/golang.org/[email protected]/src/runtime/cgocall.go:157 +0x4b fp=0xc029b06b50 sp=0xc029b06b18 pc=0x40836b
github.com/google/gopacket/pcap._Cfunc_pcap_sendpacket(0x0, 0xc077327e66, 0x5a)
_cgo_gotypes.go:640 +0x4b fp=0xc029b06b78 sp=0xc029b06b50 pc=0xf167eb
github.com/google/gopacket/pcap.(*Handle).pcapSendpacket.func1(0xc029b06bd8?, {0xc077327e66, 0x5a, 0x0?})
/go/pkg/mod/github.com/google/[email protected]/pcap/pcap_unix.go:521 +0x68 fp=0xc029b06bb0 sp=0xc029b06b78 pc=0xf196c8
github.com/google/gopacket/pcap.(*Handle).pcapSendpacket(0x3845be8?, {0xc077327e66?, 0xc077271c20?, 0xc029b06d28?})
/go/pkg/mod/github.com/google/[email protected]/pcap/pcap_unix.go:521 +0x1d fp=0xc029b06be8 sp=0xc029b06bb0 pc=0xf195fd
github.com/google/gopacket/pcap.(*Handle).WritePacketData(...)
/go/pkg/mod/github.com/google/[email protected]/pcap/pcap.go:696
github.com/boy-hack/ksubdomain/runner.send({0xc075ead8a0, 0x1e}, {0x2ce2c85, 0xf}, 0xc0003b4360, 0x2021, 0xb367, 0xc076331200, 0x1, {0xc004191a50, ...})