Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Issue] dnsrepo source does not work anymore #1538

Open
firefoxskull opened this issue Feb 14, 2025 · 2 comments · May be fixed by #1540
Open

[Issue] dnsrepo source does not work anymore #1538

firefoxskull opened this issue Feb 14, 2025 · 2 comments · May be fixed by #1540
Assignees
@dogancanbakir

Comments

@firefoxskull
Copy link

firefoxskull commented Feb 14, 2025
edited
Loading

Describe the bug
dnsrepo source aka https://dnsarchive.net/ (formally https://dnsrepo.noc.org) no longer works with subfinder.

The API endpoint has changed and so has the authentication syntax.

subfinder sends the following request https://dnsrepo.noc.org/api/?apikey=[redacted]&search=signal.com, when the new supported syntax is (using curl) is:

curl -D - --header "X-API-Access: [redacted]" "https://dnsarchive.net/api/?apikey=[redacted]&search=signal.com&limit=1"

NOTE: THE APIKEY AND X-API-Access headers have different values!

More details here https://dnsarchive.net/api-access

Subfinder version
Include the version of subfinder you are using, subfinder -version
v2.6.8 (latest)
Complete command you used to reproduce this

First notice dnsrepo.noc.com redirects to dnsarchive.net

echo https://dnsrepo.noc.org | httpx -follow-redirects --silent
https://dnsrepo.noc.org [https://dnsarchive.net]

Using subfinder shows the old domain and auth syntax

user@user:~$ echo tesla.com | subfinder -s dnsrepo -stats -v  -pc p-config.yaml 

               __    _____           __         
   _______  __/ /_  / __(_)___  ____/ /__  _____
  / ___/ / / / __ \/ /_/ / __ \/ __  / _ \/ ___/
 (__  ) /_/ / /_/ / __/ / / / / /_/ /  __/ /    
/____/\__,_/_.___/_/ /_/_/ /_/\__,_/\___/_/

		projectdiscovery.io

[INF] Current subfinder version v2.6.8 (latest)
[INF] Loading provider config from p-config.yaml
[DBG] API key(s) found for bevigil.
[DBG] API key(s) found for binaryedge.
[DBG] API key(s) found for c99.
[DBG] API key(s) found for certspotter.
[DBG] API key(s) found for chaos.
[DBG] API key(s) found for dnsdumpster.
[DBG] API key(s) found for dnsrepo.
[DBG] API key(s) found for fofa.
[DBG] API key(s) found for fullhunt.
[DBG] API key(s) found for intelx.
[DBG] API key(s) found for netlas.
[DBG] API key(s) found for leakix.
[DBG] API key(s) found for robtex.
[DBG] API key(s) found for securitytrails.
[DBG] API key(s) found for shodan.
[DBG] API key(s) found for virustotal.
[DBG] API key(s) found for whoisxmlapi.
[DBG] API key(s) found for zoomeyeapi.
[DBG] API key(s) found for facebook.
[DBG] Selected source(s) for this search: dnsrepo
[INF] Enumerating subdomains for tesla.com
[DBG] Response for failed request against https://dnsrepo.noc.org/api/?apikey=[redacted]&search=tesla.com:
{"status":"error", "reason":"API key not active."}
[WRN] Encountered an error with source dnsrepo: unexpected status code 403 received from https://dnsrepo.noc.org/api/?apikey=[redacted]&search=tesla.com
[INF] Found 0 subdomains for tesla.com in 152 milliseconds 332 microseconds
[INF] Printing source statistics for tesla.com

 Source               Duration      Results     Errors
────────────────────────────────────────────────────────
 dnsrepo              152ms               0          1

A working request/response example

curl -D - --header "X-API-Access: [redacted]" "https://dnsarchive.net/api/?apikey=[redacted]&search=signal.com&limit=1"
HTTP/2 200 
date: Fri, 14 Feb 2025 19:47:31 GMT
content-type: application/json
content-length: 111
noc-api-access: pass
noc-api-limit-hour: 1000
noc-api-usage-hour: 2
server: noc.org/cdn
noc-cdn-location: cdn-edge-canada-montreal1
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests

[
    {
        "domain": "t1.free-signal.com.",
        "ipv4": [
            "51.79.145.87"
        ]
    }
]

I tried the new syntax with the old domain and it doesnt work either

curl -D - --header "X-API-Access: [redacted]" "https://dnsarchive.net/api/?apikey=[redacted]&search=signal.com&limit=1"
HTTP/2 403 
date: Fri, 14 Feb 2025 19:48:47 GMT
content-type: application/json
content-length: 98
noc-api-access: pass
noc-api-limit-hour: 1000
noc-api-usage-hour: 3
server: noc.org/cdn
noc-cdn-location: cdn-edge-canada-montreal1
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests

{"status":"error", "reason":"Missing API key. Contact [email protected] to get one created for you."}

Screenshots
Add screenshots of the error for a better context.
@dogancanbakir dogancanbakir self-assigned this Feb 16, 2025
@dogancanbakir dogancanbakir linked a pull request Feb 17, 2025 that will close this issue
Open
@dogancanbakir
Copy link
Member

Could you retry it with update_dnsrepo_api_endpoint branch? I don't have an API, couldn't test it.

@dogancanbakir
Copy link
Member

test done, it works!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dogancanbakir dogancanbakir

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

update dnsrepo api endpoint projectdiscovery/subfinder
2 participants
@firefoxskull @dogancanbakir