Bug#1088685: sublist3r: The DNSdumpster engine fails in an ugly way (throwing Python exceptions)

Fri, 29 Nov 2024 07:48:13 -0800 

Package: sublist3r
Version: 1.1-4
Severity: normal
Tags: upstream

Whenever I start a scan on a domain, the "DNSdumpster" engine fails to yield us
results. But, while other failed searches are correctly reported as failed, this
one throws an IndexError exception:

    $ sublist3r -d debian.org -v
    
                     ____        _     _ _     _   _____
                    / ___| _   _| |__ | (_)___| |_|___ / _ __
                    \___ \| | | | '_ \| | / __| __| |_ \| '__|
                     ___) | |_| | |_) | | \__ \ |_ ___) | |
                    |____/ \__,_|_.__/|_|_|___/\__|____/|_|
    
                    # Coded By Ahmed Aboul-Ela - @aboul3la
        
    [-] Enumerating subdomains now for debian.org
    [-] verbosity is enabled, will show the subdomains results in realtime
    [-] Searching now in Baidu..
    [-] Searching now in Yahoo..
    [-] Searching now in Google..
    [-] Searching now in Bing..
    [-] Searching now in Ask..
    [-] Searching now in Netcraft..
    [-] Searching now in DNSdumpster..
    [-] Searching now in Virustotal..
    [-] Searching now in ThreatCrowd..
    [-] Searching now in SSL Certificates..
    [-] Searching now in PassiveDNS..
    Process DNSdumpster-8:
    Traceback (most recent call last):
      File "/usr/lib/python3.12/multiprocessing/process.py", line 314, in 
_bootstrap
        self.run()
      File "/usr/lib/python3/dist-packages/sublist3r.py", line 269, in run
        domain_list = self.enumerate()
                      ^^^^^^^^^^^^^^^^
      File "/usr/lib/python3/dist-packages/sublist3r.py", line 649, in enumerate
        token = self.get_csrftoken(resp)
                ^^^^^^^^^^^^^^^^^^^^^^^^
      File "/usr/lib/python3/dist-packages/sublist3r.py", line 644, in 
get_csrftoken
        token = csrf_regex.findall(resp)[0]
                ~~~~~~~~~~~~~~~~~~~~~~~~^^^
    IndexError: list index out of range
    [!] Error: Virustotal probably now is blocking our requests
    SSL Certificates: cdimage-search.debian.org
    SSL Certificates: micronews.debian.org
    SSL Certificates: historical.packages.debian.org
    SSL Certificates: syncproxy4.eu.debian.org
    (...)

This exception should be catched, with a nicer "[!] Error" message displayed to
the user.

-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.8.12-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages sublist3r depends on:
ii  python3            3.12.7-1
ii  python3-dnspython  2.6.1-1
ii  python3-requests   2.32.3+dfsg-1

sublist3r recommends no packages.

sublist3r suggests no packages.

-- no debconf information

Reply via email to