View Issue Details

IDProjectCategoryView StatusLast Update
0007761Kali Linux[All Projects] Kali Package Bugpublic2022-06-17 11:23
Reporterh49nakxs Assigned To 
PrioritylowSeverityminorReproducibilityalways
Status confirmedResolutionopen 
Product Version2022.2 
Target VersionFixed in Version 
Summary0007761: dnsrecon -D (dictionary) cannot be used with relative path
DescriptionIf we try to bruteforce subdomains with dnsrecon using a dictionary file we can only use an absolute path. This is because the command "dnsrecon" is pointing to a shell script in /usr/bin/dnsrecon that contains :

#!/bin/sh
cd /usr/share/dnsrecon/ && ./dnsrecon.py "$@"

Thus, If we use a relative path, it fails with the error :
[-] No valid dictionary files have been specified or found withing the tool

I don't know however if it has to be considered a bug or if this is an intended behavior to be able to use the dictionary files already present in /usr/share/dnsrecon.

dnsrecon -V :
DNSRecon version 1.1.0

uname -a :
Linux host 5.17.0-kali3-amd64 0000001 SMP PREEMPT Debian 5.17.11-1kali1 (2022-05-30) x86_64 GNU/Linux
Steps To Reproducecp /usr/share/seclists/Discovery/DNS/subdomains-top1million-20000.txt .

dnsrecon -D ./subdomains-top1million-20000.txt -d test.local -n 127.0.0.1 -t brt

Activities

daniruiz

2022-06-17 11:23

manager   ~0016303

I can confirm this issue. The package comes directly from Debian though, so the bug needs to be filled to their package.

I've tested replacing the helper script with a symlink to /usr/share/dnsrecon/dnsrecon.py (sudo ln -sf /usr/share/dnsrecon/dnsrecon.py /usr/bin/dnsrecon, to avoid the `cd`) and seems that's enough and doesn't break dnsrecon

image.png (105,925 bytes)
image.png (105,925 bytes)

Issue History

Date Modified Username Field Change
2022-06-17 11:00 h49nakxs New Issue
2022-06-17 11:05 daniruiz Status new => confirmed
2022-06-17 11:23 daniruiz File Added: image.png
2022-06-17 11:23 daniruiz Note Added: 0016303