Search | Research | Contact Us Monday January 9, 2022
Languages
Most Viewed Items
  1 PHPXMLRPC Library Remote Code Execution
  2 Multiple Invision Power Board Vulnerabilities
  3 eBay And Amazon Still Vulnerable
  4 XOOPS 2.0.11 && Earlier Multiple Vulnerabilities
  5 Woltlab Burning Board SQL Injection Vulnerability
  6 When Small Mistakes Can Cause Big Problems
  7 Multiple Vulnerabilities In phpWebsite
  8 Critical Vulnerability In Help Center Live
  9 dbPowerAmp Buffer Overflow And DoS Vulnerabilities
10 Document Object Model Hijacking Explained
Need Secure Code?
Quick Search
You can use the form below to search our site. Just enter the keywords to search.
Home Services Archives Research Downloads Contact
SubScan 1.3 DNS Enumeration Utility Released
August 18, 2021


After a way too long awaited release SubScan 1.3 is here. It is a beta copy, but works. I call it a beta because right now it is only for the Windows OS. I plan on changing this in the very near future, but until then the source is available if you want to make it better. Below are a few of the new features in SubScan 1.3.
  • Larger subs list, also I have added a feature to ignore virtual hosts and wildcard DNS. This should only be used when searching for physical targets. For example, if you scan gulftech.org with subscan you will get a false positive for every try because of the wildcard DNS, but with subscan 1.3 you will be able to get nearly the same results as if wildcard DNS was off by only paying attention to unique physical hosts.

  • Netblock scanning : Now when domain is found via the "dictionary" scan the ip is placed in an array. If the -s 1 switch (deepscan) is on then that array is then filtered for duplicates, and private class a,b,c addresses. Then the good ip's are fed into the netblock scan routine which will for example query DNS records for the entire netblock. For example 241.26.32.1 - 254 This greatly increases the number of DNS records enumerated. With SubScan 1.2 you would find about 110 DNS records for the yahoo.com domain, but with 1.3 I was able to locate over 10,000 DNS records for yahoo.com domain Because this list can be so huge i have also implemented a feature that will let you search for certain strings to filter out unwanted domains, or search for particular DNS records of mail and ftp servers etc.

  • Cleaner output. I opted to go with HTML output because people using grep to search the log can always find what they are looking for, but you cannot click a hyperlink in a txt file

If you have any questions about this release you can get them answered on our forums. Please read the README file before asking any questions though

Program Usage
##############################################
# Usage: ss13 -h host [OPTIONS]
# -h // Specifies what hosts to scan // ss13 -h something.com
# -l // Specifies the subdomain list // ss13 -h blah.com -l subs.txt
# -s // Specifies the scan type used // ss13 -h something.com -s 1
# -w // Sets the Wildcard DNS flag   // ss13 -h something.com -s 1 -w 1
# -n // Specifies the netblocks scan // ss13 -h something.com -s 2 -n 24.16.5
# -f // Sets Filters for the output  // ss13 -h something.com -s 2 -f mailserver
# Ex: ss13 -h host.com
# Ex: ss13 -h host.com -s 1 -w 1
# Ex: ss13 -h host.com -s 1 -f host.com                                             
# Ex: ss13 -h host.com -s 2 -n 24.16.5
# Ex: ss13 -h host.com -s 1 -f host.com
# Ex: ss13 -h host.com -s 2 -n 24.16.5 -f host.com


Downloads:
SubScan 1.3 DNS Enumeration Utility
SubScan 1.3 Sample Output File Of Microsoft