From d5f1d8d66280457efb4ec82d10bf0ebce51fe4cd Mon Sep 17 00:00:00 2001
From: Ice3man543 <nizamulrana@gmail.com>
Date: Thu, 5 Dec 2019 01:23:34 +0530
Subject: [PATCH] Added validations on subdomains

---
 pkg/runner/runner.go | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/pkg/runner/runner.go b/pkg/runner/runner.go
index 79931b7..af2ed89 100644
--- a/pkg/runner/runner.go
+++ b/pkg/runner/runner.go
@@ -5,6 +5,7 @@ import (
 	"io"
 	"os"
 	"path"
+	"strings"
 	"sync"
 	"time"
 
@@ -114,18 +115,24 @@ func (r *Runner) EnumerateSingleDomain(domain, output string) error {
 			case subscraping.Error:
 				log.Warningf("Could not run source %s: %s\n", result.Source, result.Error)
 			case subscraping.Subdomain:
-				// Check if the subdomain is a duplicate. If not,
-				// send the subdomain for resolution.
-				if _, ok := uniqueMap[result.Value]; ok {
+				// Validate the subdomain found and remove wildcards from
+				if !strings.HasSuffix(result.Value, "."+domain) {
 					continue
 				}
-				uniqueMap[result.Value] = struct{}{}
+				subdomain := strings.ReplaceAll(strings.ToLower(result.Value), "*.", "")
+
+				// Check if the subdomain is a duplicate. If not,
+				// send the subdomain for resolution.
+				if _, ok := uniqueMap[subdomain]; ok {
+					continue
+				}
+				uniqueMap[subdomain] = struct{}{}
 
 				// Log the verbose message about the found subdomain and send the
 				// host for resolution to the resolution pool
-				log.Verbosef("%s\n", result.Source, result.Value)
+				log.Verbosef("%s\n", result.Source, subdomain)
 
-				resolutionPool.Tasks <- result.Value
+				resolutionPool.Tasks <- subdomain
 			}
 		}
 		close(resolutionPool.Tasks)