sonar.sh bug fixes

README.md

@@ -29,16 +29,26 @@ Requires [Go](https://golang.org/dl/).
 
 `fingerprints.json` can be modified to add or remove hosted platforms to probe for. Many obscure platforms are included, and removing fingerprints for services that are uninteresting to you can speed up the scan.
 
+If you plan on using a high number of threads to speed the process up, you may need to [temporarily raise the `ulimit` of your shell](http://posidev.com/blog/2009/06/04/set-ulimit-parameters-on-ubuntu/):
+
+```
+ulimit -a          # show current limit (usually 1024)
+ulimit -n 10000    # set waaaaay higher
+ulimit -a          # check new limit
+```
+
+After generating a list of all vulnerable subdomains, you can use my [collection of domains invoked in bug bounty programs](https://github.com/jakejarvis/bounty-domains/blob/master/domains.txt) to narrow down valuable targets and possibly get some ca$h monie$$$.
+
 ### Examples
 
 `./sonar.sh 2018-10-27-1540655191-fdns_cname.json.gz sonar_all_cnames.txt`
 
 `subtake -f sonar_all_cnames.txt -t 50 -ssl -a -o vulnerable.txt`
 
-## Subdomain Takeovers
+## Subdomain Takeover Tips
 
 - A great explanation of the risks of takeovers and steps to responsibly disclose takeovers to companies: https://0xpatrik.com/subdomain-takeover/
-- A comprehensive list of what services are vulnerable and how to proceed once finding them: https://github.com/EdOverflow/can-i-take-over-xyz
+- A comprehensive list of what services are vulnerable (and the basis of `fingerprints.json`), and how to proceed once finding them: https://github.com/EdOverflow/can-i-take-over-xyz
 
 ## Services Checked
 

sonar.sh

@@ -2,7 +2,7 @@
 # Usage : ./sonar.sh <version number> <file>
 # Example: ./sonar.sh 2018-10-27-1540655191-fdns_cname.json.gz cname_list.txt
 
-# Premium
+# Progress spinner
 function ech() {
   spinner=( "|" "/" "-" "\\" )
   while true; do
@@ -41,19 +41,18 @@ function run() {
 
 # Gathering data from scans.io / Rapid7 Project Sonar
 # Find the latest filename listed at https://opendata.rapid7.com/sonar.fdns_v2/ ending with fdns_cname.json.gz and pass in as first argument
-#file=$(echo "2018-10-27-1540655191-fdns_cname.json.gz")
-#latest=$(curl -s "https://opendata.rapid7.com/sonar.fdns_v2/" | grep "<td><a" | tail -1 | cut -d'"' -f2)
-#file=$(echo $latest | cut -d'/' -f3)
-#cmd="wget -q https://opendata.rapid7.com$latest"
-#run "Downloading $file (This may take a while)." "$cmd" "Finished Downloading $file"
-cmd="wget -q https://opendata.rapid7.com/sonar.fdns_v2/$1"
-run "Downloading $1, this may take a while..." "$cmd" "Finished downloading $1."
+# Example: 2018-10-27-1540655191-fdns_cname.json.gz
+
+if [ ! -f $1 ]; then
+  cmd="wget -q https://opendata.rapid7.com/sonar.fdns_v2/$1"
+  run "Downloading $1, this may take a while..." "$cmd" "Finished downloading $1."
+fi
 
 # Parsing it into a file called cname_scanio
 msg="Grepping for CNAME records."
 ech $msg &
 pid=$!
-zcat < $file | grep 'type":"cname' | awk -F'":"' '{print $3, $5}' | \
+zcat < $1 | grep 'type":"cname' | awk -F'":"' '{print $3, $5}' | \
   awk -F'"' '{print $1, $3}' | sed -e s/" type "/" "/g >> cname_scanio
 die $pid "CNAME records grepped." $msg
 
@@ -122,7 +121,7 @@ cmd="grep -Ei '${DOMAINS}' cname_scanio >> cname_db"
 run "Sorting CNAME records." "$cmd" "CNAME records sorted."
 
 # Sorting the CNAME list
-cmd="cat cname_db | cut -d' ' -f1 | sort | uniq >> $1"
+cmd="cat cname_db | cut -d' ' -f1 | sort | uniq >> $2"
 run "Cleaning up." "$cmd" "Cleaned up."
 
 # RM files.