hi,
In line 513 the list of src urls is turned into a set, which mean the order for iterating over the elements afterwards is random/implementation specific. This seems have been done intentional, I however can't see why.

Right now this means calling snallygaster twice against the same server, serving static html files may lead to different results.

Example:

snallygaster $(seq -s '' 500)

This produces an unhandled UnicodeError exception:

UnicodeError: encoding with 'idna' codec failed (UnicodeError: label too long)

We should handle this with a proper error message.

Hi, I'm a graphic designer wanting to build up my portfolio.

Would you like a logo and a nice banner to go along with it for your project?

Maybe a dragon mixed up with http (or something along those lines? I don't know, I'll wait for your green light before figuring out the details)

Cheers.

Thanks for taking the time and effort of creating this tool!

I wanted to use snallygaster from another python script to scan multiple hosts, and process the results -- so I created a fork and moved snallygaster to its own class, and made sure that it is still usable via CLI.

It works for my use case, and if you also consider this change useful I can send you a pull request.
My fork is at: https://github.com/pspace/snallygaster

Hallo,

the Python package

dnspython

should be listed as a requirement.

Mebus

Maybe it would be better to print an error and exit early if one of the hostnames can't be resolved?

When snallygaster is scanning a website the client can be attacked by the server and forced to consume all the available CPU resources. This attack works by exploiting a redos vulnerability in the heartbleed regex.

Vulnerable code:
https://github.com/hannob/snallygaster/blob/master/snallygaster#L431

Here you can see the performance impact per 3Kb sent by the server.

poc.py:

import time
import re
import sys

data = 'a' + ( ' ' * (int(sys.argv[1]) - 1) )
print('Checking {}Kb of data'.format(len(data)/1000))

start = time.time()
regex = re.compile("^[a-zA-Z]+(-[a-zA-Z]+)? *( +[a-zA-Z]+(-[a-zA-Z]+)? *)+$")
regex.match(data)
print("Checked regex in: %dms" % ((time.time() - start) * 1000))

I like the sound of increasing the wordlist and adding flags to pick between a fast scan and a more extensive scan that includes the entire wordlist. This would allow you to increase your current tests to include megplus' list (Please note, some of these tests are already performed by snallygaster):

/.AppleDB
/.aws.yml
/.aws/.credentials.swp
/.aws/credentials
/.babelrc
/.bash_history
/.bash_profile
/.bashrc
/.bowerrc
/.bzr/repository/format
/.cvsignore
/.dockerignore
/.DS_Store
/.editorconfig
/.env
/.git/config
/.git/HEAD
/.gitconfig
/.gitignore
/.gitlab-ci.yml
/.hg
/.hg/branch
/.hgignore
/.htaccess
/.htpasswd
/.idea
/.idea/.rakeTasks
/.idea/dataSources
/.idea/dataSources.local.xml
/.idea/dataSources.xml
/.idea/modules.xml
/.idea/vcs.xml
/.idea/workspace.xml
/.jestrc
/.jshintrc
/.keys.yml
/.keys.yml.swp
/.muttrc
/.mysql_history
/.nbproject
/.netrc
/.npmignore
/.npmrc
/.pgpass
/.profile
/.psql_history
/.s3.yml
/.sh_history
/.ssh
/.ssh/authorized_keys
/.ssh/id_dsa
/.ssh/id_dsa.pub
/.ssh/id_rsa
/.ssh/id_rsa.pub
/.ssh/known_hosts
/.svn/all-wcprops
/.svn/entries
/.svn/format
/.svn/wc.db
/.svnignore
/.swp
/.terraform.tfstate.swp
/.terraform.tfvars.swp
/.travis.composer.config.json
/.travis.yml
/.travis.yml.swp
/.wp-config.php
/.wp-config.php.swp
/.zsh_history
/.zsh_profile
/.zshrc
/_admin/operations.aspx
/_vti_bin/admin.asmx
/admin
/autoconfig
/aws.yml
/backup
/backup.asp
/backup.aspx
/backup.do
/backup.html
/backup.jsp
/backup.php
/backup.txt
/backup/
/beans
/bower.json
/build.xml
/cgi-bin/printenv.pl
/cgi-bin/status.pl
/cgi-bin/test-cgi.pl
/circle.yml
/composer.json
/composer.lock
/config
/config.gypi
/config.json
/configprops
/CVS/Entries
/CVS/Root
/cvsroot/CVSROOT
/cvsroot/CVSROOT/val-tags
/debug
/debug.asp
/debug.aspx
/debug.do
/debug.html
/debug.jsp
/debug.php
/debug.txt
/debug/
/Dockerfile
/dump
/e2e-tests
/env
/examples/jsp/error/error.html
/examples/jsp/num/numguess.jsp
/examples/servlet/HelloWorldExample
/features
/flex
/Gemfile
/Gemfile.lock
/gruntfile.coffee
/Gruntfile.coffee
/gruntfile.js
/Gruntfile.js
/Gulpfile
/Gulpfile.js
/gulpfile.js
/index.asp
/index.aspx
/index.jsp
/index.php
/index.txt
/info
/info.asp
/info.aspx
/info.do
/info.html
/info.jsp
/info.php
/info.txt
/info/
/invoker/EJBInvokerServlet
/invoker/JMXInvokerServlet
/Jenkinsfile
/jmx-console/HtmlAdaptor
/karma.conf.js
/keys.yml
/license
/LICENSE
/license.md
/LICENSE.md
/LICENSE.txt
/license.txt
/Makefile
/metrics
/mkdocs.yml
/nginx_status
/npm-debug.log
/npm-shrinkwrap.json
/package.json
/pagespeed_admin
/php.php
/phpinfo.php
/phptest.php
/phpunit.xml
/readme
/README
/readme.html
/README.html
/readme.md
/README.md
/readme.mkd
/README.mkd
/README.txt
/readme.txt
/robots.txt
/routes
/s3.yml
/s3.yml.swp
/server-info
/server-status
/serverinfo
/tags
/terraform.tfstate
/terraform.tfstate.backup
/terraform.tfvars
/terraform.tfvars.json
/test
/test.asp
/test.aspx
/test.do
/test.html
/test.jsp
/test.php
/test.txt
/test/
/tests
/Thumbs.db
/tmp
/tmp.asp
/tmp.aspx
/tmp.do
/tmp.html
/tmp.jsp
/tmp.php
/tmp.txt
/tmp/
/tomcat-docs/appdev/sample/web/hello.jsp
/trace
/travis.yml
/tsconfig.json
/unit-tests
/Vagrantfile
/web-console/AOPBinding.jsp
/web-console/applet.jsp
/web-console/Invoker
/web-console/listMonitors.jsp
/web-console/ServerInfo.jsp
/web-console/status
/web-console/SysProperties.jsp
/web-console/WebModule.jsp
/WEB-INF/struts-config.xml
/WEB-INF/web.xml
/web.config
/web.xml
/webpack.config.js
/wp-config.php
/yarn-debug.log
/yarn-error.log
/yarn.lock
/zephyr

I was testing the backup-archives test with a local nginx server. The Server had an (empty) backup.zip file accessible (localhost/backup.zip).
But the backup-archive test didn't print anything.
In the source code, I've found, that you're checking the return code against "b'PK'" for .zip or b'\x1f\x8b\x08' for tar.gz.
I didn't dig too much into the source code, so could you explain these magic numbers?
And wouldn't it be simpler to test with "returnsize=True" and just check if the size isn't 0? By that the test passes for my local nginx test server.

Nice tool BTW ;-)

Best regards

Hi,
I've got another suggestion.

What about adding a check for the webserver version in the http response header?

Apache returns for eg. the following:

The script could print that info out (as info as in my opinion it's a information disclousure)

Furthermore a check could be added if the version is outdated or even if a CVE entry exists for it (although this might be a bit more complicated to automate this).
The question then still is from where to get the info which is the most recent apache version (one option is to read the apache download page and parse it altough this is probably not the best way to do so, I suppose there must be a better way).
An option also would be to cache the release info in a local file and only update it from time to time. (once a day or when older than some hours).

Respectivley the above could also be done for nginx and IIS.

What do you think about my suggestion?

Hi,
on my webspace I found backup files with ending .sql.gz files.
Perhaps it would be worth also checking for this.

I have done some test and the Apache Server-Status page need to end with a " / " at the end. If it is not present, the page doesn't show up.

snallygaster could detect JBoss admin panels through the directories below so the user could check if they are vulnerable using tools like this one https://github.com/joaomatosf/jexboss.

/jmx-console/HtmlAdaptor?action=inspectMBean&name=jboss.system:type=ServerInfo
/web-console/Invoker
/invoker/JMXInvokerServlet
/admin-console/

hi,
I have one server where snallygaster fails to run due to encountering a response of content-type multipart/x-mixed-replace.

Maybe snallygaster should just do a HEAD request or at least have a timeout for invalidsrc requests?

I ran snallygaster against some domains hosted in china that really take long to resolve, and it crashed:

...
[[debug]] Scanning birdytone.com
...
[[debug]] Running test_vb_test test
[[debug]] Running test_headerinject test
[[debug]] Running test_wpdebug test
[[debug]] Running test_axfr test
Traceback (most recent call last):
  File "/usr/local/bin/snallygaster", line 979, in <module>
    test(host)
  File "/usr/local/bin/snallygaster", line 758, in test_axfr
    ipv6 = dns.resolver.resolve(r, 'aaaa').rrset
  File "/usr/lib/python3/dist-packages/dns/resolver.py", line 1205, in resolve
    return get_default_resolver().resolve(qname, rdtype, rdclass, tcp, source,
  File "/usr/lib/python3/dist-packages/dns/resolver.py", line 1043, in resolve
    timeout = self._compute_timeout(start, lifetime)
  File "/usr/lib/python3/dist-packages/dns/resolver.py", line 950, in _compute_timeout
    raise Timeout(timeout=duration)
dns.exception.Timeout: The DNS operation timed out after 5.002015590667725 seconds
Oh oh... an unhandled exception has happened. This shouldn't be.
Please report a bug and include all output.

called with
/usr/local/bin/snallygaster -d api.libratone.com birdytone.com birdytone.com.cn ask.birdytone.com ask.birdytone.com.cn

Reporting a bug, as asked by the script :)

Installed using pip3

This was run for a test between two Raspberry Pi's - apache2 running on the source destination. Not sure what else you needed, data dump from the SSH session.

``pi@weather:~ $ snallygaster -i -d http://192.168.1.101/check
[[debug]] All hosts: http://192.168.1.101/check,www.http://192.168.1.101/check
[[debug]] Scanning http://192.168.1.101/check
[[debug]] running test_ilias_defaultpw test
[[debug]] running test_symphony_databases_yml test
[[debug]] running test_svn_dir test
[[debug]] running test_sql_dump test
[[debug]] checking 404 page state of http://http://192.168.1.101/check/cctcbcvr.htm
[[debug]] checking 404 page state of https://http://192.168.1.101/check/kxyoqvxm.htm
[[debug]] running test_filezilla_xml test
[[debug]] running test_invalidsrc test
[[debug]] running test_ds_store test
[[debug]] running test_rails_database_yml test
[[debug]] running test_cvs_dir test
[[debug]] running test_axfr test
[[debug]] running test_privatekey test
[[debug]] running test_git_dir test
[[debug]] running test_sftp_config test
[[debug]] running test_xaa test
[[debug]] running test_idea test
[[debug]] running test_cgiecho test
[[debug]] running test_drupal_backup_migrate test
[[debug]] running test_phpunit_eval test
Oh oh... an unhandled exception has happened. This shouldn't be.
Please report a bug and include all output.

called with
/usr/local/bin/snallygaster -i -d http://192.168.1.101/check

Traceback (most recent call last):
File "/usr/local/bin/snallygaster", line 686, in
test("http://" + host)
File "/usr/local/bin/snallygaster", line 562, in test_phpunit_eval
body='<?php echo(substr_replace("hello", "12", 2, 2));')
File "/usr/lib/python3/dist-packages/urllib3/request.py", line 72, in request
**urlopen_kw)
File "/usr/lib/python3/dist-packages/urllib3/request.py", line 135, in request_encode_body
**urlopen_kw)
TypeError: urlopen() got multiple values for keyword argument 'body'

``
pi@weather:~ $ pip3 --version
pip 1.5.6 from /usr/lib/python3/dist-packages (python 3.4)

Let me know if you need anything else. I assume I have the command line parameters correct :)

Can you provide an example of scanning multiple hosts? It seems the host argument only accepts one host.

Hi,
have you been thinking about adding an option to enable a wait time between each request, eg. in order to reduce server load or avoid WAF triggering.
If you agree with such a feature I could work on a pull request.
Greetings

Hi Hanno,

Often web servers have a mapping where to route requests to, depended on the URL. In those cases they work as a proxy.

E.g. by supplying /app you may hit a Tomcat, by /main a Node/Express server, under /whatever yet another server. Bottom line is that the user should be able to supply a base URL where all test URLs are appended to.

Q: If it's just one server and / is redirected to /someotherpath. Does snallygaster follow the URL?

Cheers, Dirk

With PYTHONWARNINGS=d snallygaster outputs some resource warnings due to unclosed sockets.
I silenced some of them by closing the poolmanager, but there are some left.

The source seems to be the DNS operations in the axfr test.

The tests look really useful (only skimmed the code) but if I'm not mistaken they're only looking in the root directory, so they might miss problems in subdirectories.

If one has access to the file system it could still make sense to run some of these tests locally, so how about a CLI switch to scan a directory (saves extracting part of the checks and running them via find/grep).

Thank you for the tool, it has a lot of helpful tests.

As a pentester I really appreciate this being a simple tool I can just run. But as I am lazy and a lot of pentesters use Burp Suite Proxy, I think an Active Scan extension for this (that can be written in python as well) would be really helpful, because then it turns into a one-click job which is done anyway. I know, it's proprietary software which will not fit everyone. However, the tool is part of many pentester's daily life. The question is just how the knowledge (mainly URL + detection string in response) could be shared between this project and a Burp extension and maybe other projects (if you would agree to that). So having a central "configuration" file that would list such checks would probably generate synergies. On the other hand we probably all agree that we don't want to be too generic, such as (maybe you get some more ideas for tests here):
https://github.com/fuzzdb-project/fuzzdb/tree/master/discovery/predictable-filepaths
There is also something similar as a Burp extension here (again maybe you get some more ideas for tests here):
https://github.com/unamer/CTFHelper/blob/master/CTFhelper.py

So would you be interested in such a thing? Would it be an option to put the "knowledge" of this tool into a clever json configuration file that might define response content checks, regex checks, etc.? I think if I understood the license correctly that should be fine.

Honestly I haven't decided yet if I'm going to write a Burp plugin for this, but I'm definitely putting it somewhere in the middle of my TODO list...

There is some controversy about the CC0 license and its patent clause, which means it's not OSI approved, not recommended by the FSF and recently Fedora decided to disallow CC0 code: https://lwn.net/Articles/902410/

In summary: While the choice of CC0 was intended to make the use of the code as easy as possible, in practice it does the opposite. I would therefore like to change the license to 0BSD, which I believe is a license in the same spirit, but widely accepted as a good FOSS license (It's just a standard disclaimer, no restrictions for reuse):
https://opensource.org/licenses/0BSD

I would therefore like to ask all contributors if they agree to this change. While some contributions may be too small to justify a copyright, I would prefer to get approval from everyone, as this is certainly the legally safest option.

Tagging everyone who made a pull request in the past that got merged. Please just post "I agree" on this issue if you agree to the license change.

@security-companion ✅ @timonegk ✅ @jopi2016 ✅ @sebix ✅ @lynt-smitka @mohdshakir @cfi-gb ✅ @gvarisco ✅ @roman-mueller ✅ @gabeguz ✅ @pieterlange @ppepos ✅ @undergroundwires ✅ @wireghoul ✅

We should test whether all test_ functions are documented tests in TESTS.md.

Quick bash oneliner, have to see how to make this a python test:

diff <(grep "def test_" snallygaster |sed -e 's:.*test_::g' -e 's:(.*::g'|sort -u) <(cat TESTS.md |grep '\---' -B1|grep [a-z]|sort -u) -u

In dnspython 2.0.0, dns.resolver.query() has been deprecated, dns.resolver.resolve() should be used instead. Therefore, with dnspython >=2.0.0, snallygaster causes deprecation warnings. However, using dns.resolver.resolve() would make the tool incompatible with dnspython <2.0.0. If that is not an issue, the following path would remove the warnings:

diff --git a/snallygaster b/snallygaster
index 8f32ff6..2dcdb3c 100755
--- a/snallygaster
+++ b/snallygaster
@@ -215,7 +215,7 @@ def dnscache(qhost):
     except OSError:
         pass
     try:
-        dnsanswer = dns.resolver.query(qhost, 'A')
+        dnsanswer = dns.resolver.resolve(qhost, 'A')
     except (dns.exception.DNSException, ConnectionResetError):
         dns_cache[qhost] = None
         return None
@@ -738,7 +738,7 @@ def test_wpdebug(url):
 @HOSTNAME
 def test_axfr(qhost):
     try:
-        ns = dns.resolver.query(qhost, 'NS')
+        ns = dns.resolver.resolve(qhost, 'NS')
     except (dns.exception.DNSException, ConnectionResetError):
         return
     for r in ns.rrset:

If you want to apply this, I can create a PR.

./snallygaster -i "wordpress-url" outputs nothing, even the meta tag is there

Would you consider to add CGI scripts as a new test?

Hi Hanno,

was just trying to make it more "friendly" wrt WAFs/IDs.

I realized that independent how I call snallygaster I spot no user-agent in the server side logs. Only the OPTIONS call includes either the preconfigured or the supplied user-agent.

Dirk

The last release on pypi is 0.0.2 from 2018-07-13. It's far behind the current git repository.

I ran snallygaster against https://app.metashare.com using OWASP ZAP and got a warning "Hidden file found https://app.metashare.com/BitKeeper". Indeed, there is no BitKeeper file in wwwroot, but a GET request to this URL will return our index.html. All server side routes resolve to index.html sincewe rely on client side routing for the app. I belive this is a common pattern in modern web apps.

Perhaps https://host/BitKeeper should not be considered as a hidden file, if the response body is equal to that of https://host/.

hello, men thanks for these amazing tools,
I got this error when I try to run it on my VPS

Oh oh... an unhandled exception has happened. This shouldn't be.
Please report a bug and include all output.

called with
/usr/local/bin/snallygaster example.com -d

Traceback (most recent call last):
File "/usr/local/lib/python3.8/dist-packages/dns/inet.py", line 87, in af_for_address
dns.ipv4.inet_aton(text)
File "/usr/local/lib/python3.8/dist-packages/dns/ipv4.py", line 52, in inet_aton
raise dns.exception.SyntaxError
dns.exception.SyntaxError: Text input is malformed.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/local/lib/python3.8/dist-packages/dns/inet.py", line 91, in af_for_address
dns.ipv6.inet_aton(text, True)
File "/usr/local/lib/python3.8/dist-packages/dns/ipv6.py", line 165, in inet_aton
raise dns.exception.SyntaxError
dns.exception.SyntaxError: Text input is malformed.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/local/bin/snallygaster", line 936, in
test(host)
File "/usr/local/bin/snallygaster", line 728, in test_axfr
axfr = dns.zone.from_xfr(dns.query.xfr(r, qhost))
File "/usr/local/lib/python3.8/dist-packages/dns/zone.py", line 1184, in from_xfr
for r in xfr:
File "/usr/local/lib/python3.8/dist-packages/dns/query.py", line 919, in xfr
(af, destination, source) = _destination_and_source(where, port,
File "/usr/local/lib/python3.8/dist-packages/dns/query.py", line 226, in _destination_and_source
af = dns.inet.af_for_address(where)
File "/usr/local/lib/python3.8/dist-packages/dns/inet.py", line 94, in af_for_address
raise ValueError
ValueError

Note to myself: in some functions we can reduce complexity and depth of if clauses by using earlier exits.

Example:

before

        if r.status == 200:
            if binary:
                return r.data
            return r.data.decode('ascii', errors='ignore')
        return ""

after

        if r.status != 200:
            return ""
        if binary:
            return r.data
        return r.data.decode('ascii', errors='ignore')

Test for backup_archive was added recently, but only backup.* so far, test and if it's worth add more filenames like htdocs, www, wwwdata, hostname etc.

Context:
#27

We currently use README.md as the description for the pypi package. However pypi uses rst, which is not the same as markdown, although it partly works.

Possible alternatives:

• Convert markdown to rst (with pandoc?)
• Do minimal conversion of the links, as the headlines are compatible between rst/md
• Use separate description for pypi

Could you explain the logic behind these regexes? What are you trying to parse?

^[a-zA-Z]+(-[a-zA-Z]+)? *(, *[a-zA-Z]+(-[a-zA-Z]+)? *)*$ ( snallygaster:427 )
^[a-zA-Z]+(-[a-zA-Z]+)? *( +[a-zA-Z]+(-[a-zA-Z]+)? *)+$ ( snallygaster:431 )

When running ./snallygaster -d hkk.de snallygaster crashes with the following output:

[[debug]] All hosts: hkk.de,www.hkk.de
[[debug]] Scanning hkk.de
[[debug]] Running test_lfm_php test
[[debug]] Running test_idea test
[[debug]] Running test_symfony_databases_yml test
[[debug]] Running test_rails_database_yml test
[[debug]] Running test_git_dir test
[[debug]] Running test_svn_dir test
[[debug]] Running test_apache_server_status test
[[debug]] Running test_coredump test
[[debug]] Running test_sftp_config test
[[debug]] Running test_wsftp_ini test
[[debug]] Running test_filezilla_xml test
[[debug]] Running test_winscp_ini test
[[debug]] Running test_ds_store test
[[debug]] Running test_php_cs_cache test
[[debug]] Running test_backupfiles test
[[debug]] Checking 404 page state of http://hkk.de/stutpqto.htm
[[debug]] Checking 404 page state of https://hkk.de/eyahirwt.htm
[[debug]] Running test_backup_archive test
[[debug]] Running test_deadjoe test
[[debug]] Running test_sql_dump test
[[debug]] Running test_bitcoin_wallet test
[[debug]] Running test_drupal_backup_migrate test
[[debug]] Running test_magento_config test
[[debug]] Running test_xaa test
[[debug]] Running test_optionsbleed test
[[debug]] Running test_privatekey test
[[debug]] Running test_sshkey test
[[debug]] Running test_dotenv test
[[debug]] Running test_invalidsrc test
[[debug]] Running test_ilias_defaultpw test
[[debug]] Running test_cgiecho test
[[debug]] Running test_phpunit_eval test
[[debug]] Running test_acmereflect test
[[debug]] Running test_drupaldb test
[[debug]] Running test_phpwarnings test
[[debug]] Running test_adminer test
[[debug]] Running test_elmah test
[[debug]] Running test_citrix_rce test
[[debug]] Running test_installer test
[[debug]] Running test_wpsubdir test
[[debug]] Running test_axfr test
/home/osboxes/snallygaster/./snallygaster:706: DeprecationWarning: please use dns.resolver.resolve() instead
  ns = dns.resolver.query(qhost, 'NS')
Oh oh... an unhandled exception has happened. This shouldn't be.
Please report a bug and include all output.

called with
./snallygaster -d hkk.de

Traceback (most recent call last):
  File "/usr/lib/python3.9/site-packages/dns/inet.py", line 87, in af_for_address
    dns.ipv4.inet_aton(text)
  File "/usr/lib/python3.9/site-packages/dns/ipv4.py", line 52, in inet_aton
    raise dns.exception.SyntaxError
dns.exception.SyntaxError: Text input is malformed.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.9/site-packages/dns/inet.py", line 91, in af_for_address
    dns.ipv6.inet_aton(text, True)
  File "/usr/lib/python3.9/site-packages/dns/ipv6.py", line 165, in inet_aton
    raise dns.exception.SyntaxError
dns.exception.SyntaxError: Text input is malformed.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/osboxes/snallygaster/./snallygaster", line 916, in <module>
    test(host)
  File "/home/osboxes/snallygaster/./snallygaster", line 712, in test_axfr
    axfr = dns.zone.from_xfr(dns.query.xfr(r, qhost))
  File "/usr/lib/python3.9/site-packages/dns/zone.py", line 1184, in from_xfr
    for r in xfr:
  File "/usr/lib/python3.9/site-packages/dns/query.py", line 919, in xfr
    (af, destination, source) = _destination_and_source(where, port,
  File "/usr/lib/python3.9/site-packages/dns/query.py", line 226, in _destination_and_source
    af = dns.inet.af_for_address(where)
  File "/usr/lib/python3.9/site-packages/dns/inet.py", line 94, in af_for_address
    raise ValueError
ValueError

OS: Fedora 33
kernel: 5.8.18-300.fc33.x86_64

Hi,
I've got a question about your verification for .tar.xz files.
I can see your check in the code as follows

However if I look with notepad++ HEX Editor plugin eg. into https://github-releases.githubusercontent.com/80314213/94a2a200-bbf5-11eb-9955-54e74d16d48a?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20210618%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210618T120127Z&X-Amz-Expires=300&X-Amz-Signature=c3698f1382643372fa427cc802aa97b692a65a5001e4209d4416dea7bdce86bb&X-Amz-SignedHeaders=host&actor_id=11234621&key_id=0&repo_id=80314213&response-content-disposition=attachment%3B%20filename%3Dexpat-2.4.1.tar.xz&response-content-type=application%2Foctet-stream I can see another byte order:

Am I doing something wrong here?

e\AppData\Local\Programs\Python\Python36-32\lib\site-packages\dns\Lib.py", line 35, in
import DNS
ModuleNotFoundError: No module named 'DNS'

snallygaster
Traceback (most recent call last):
File "snallygaster", line 22, in
import dns.resolver
File "C:\Users\Noname\AppData\Local\Programs\Python\Python36-32\lib\site-packages\dns_init_.py", line 27, in

python 3.6 in use

Can you make a tutorial? Please

With pylint 2.7.2 and 2.7.4 (current) the pylint test case returns the following error:

************* Module tests.test_scan_testdata
tests/test_scan_testdata.py:38:23: W1505: Using deprecated method wrap_socket() (deprecated-method)

------------------------------------------------------------------
Your code has been rated at 9.99/10 (previous run: 9.99/10, +0.00)

Causing the test suite to fail.

The docs say

Deprecated since version 3.7: Since Python 3.2 and 2.7.9, it is recommended to use the SSLContext.wrap_socket() instead of wrap_socket(). The top-level function is limited and creates an insecure client socket without server name indication or hostname matching.

I'll provide a PR with a fix.