Describe the bug
dnsrepo source aka https://dnsarchive.net/ (formally https://dnsrepo.noc.org) no longer works with subfinder.
The API endpoint has changed and so has the authentication syntax.
subfinder sends the following request https://dnsrepo.noc.org/api/?apikey=[redacted]&search=signal.com, when the new supported syntax is (using curl) is:
curl -D - --header "X-API-Access: [redacted]" "https://dnsarchive.net/api/?apikey=[redacted]&search=signal.com&limit=1"
NOTE: THE APIKEY AND X-API-Access headers have different values!
More details here https://dnsarchive.net/api-access
Subfinder version
Include the version of subfinder you are using, subfinder -version
v2.6.8 (latest)
Complete command you used to reproduce this
First notice dnsrepo.noc.com redirects to dnsarchive.net
echo https://dnsrepo.noc.org | httpx -follow-redirects --silent
https://dnsrepo.noc.org [https://dnsarchive.net]
Using subfinder shows the old domain and auth syntax
user@user:~$ echo tesla.com | subfinder -s dnsrepo -stats -v -pc p-config.yaml
__ _____ __
_______ __/ /_ / __(_)___ ____/ /__ _____
/ ___/ / / / __ \/ /_/ / __ \/ __ / _ \/ ___/
(__ ) /_/ / /_/ / __/ / / / / /_/ / __/ /
/____/\__,_/_.___/_/ /_/_/ /_/\__,_/\___/_/
projectdiscovery.io
[INF] Current subfinder version v2.6.8 (latest)
[INF] Loading provider config from p-config.yaml
[DBG] API key(s) found for bevigil.
[DBG] API key(s) found for binaryedge.
[DBG] API key(s) found for c99.
[DBG] API key(s) found for certspotter.
[DBG] API key(s) found for chaos.
[DBG] API key(s) found for dnsdumpster.
[DBG] API key(s) found for dnsrepo.
[DBG] API key(s) found for fofa.
[DBG] API key(s) found for fullhunt.
[DBG] API key(s) found for intelx.
[DBG] API key(s) found for netlas.
[DBG] API key(s) found for leakix.
[DBG] API key(s) found for robtex.
[DBG] API key(s) found for securitytrails.
[DBG] API key(s) found for shodan.
[DBG] API key(s) found for virustotal.
[DBG] API key(s) found for whoisxmlapi.
[DBG] API key(s) found for zoomeyeapi.
[DBG] API key(s) found for facebook.
[DBG] Selected source(s) for this search: dnsrepo
[INF] Enumerating subdomains for tesla.com
[DBG] Response for failed request against https://dnsrepo.noc.org/api/?apikey=[redacted]&search=tesla.com:
{"status":"error", "reason":"API key not active."}
[WRN] Encountered an error with source dnsrepo: unexpected status code 403 received from https://dnsrepo.noc.org/api/?apikey=[redacted]&search=tesla.com
[INF] Found 0 subdomains for tesla.com in 152 milliseconds 332 microseconds
[INF] Printing source statistics for tesla.com
Source Duration Results Errors
────────────────────────────────────────────────────────
dnsrepo 152ms 0 1
A working request/response example
curl -D - --header "X-API-Access: [redacted]" "https://dnsarchive.net/api/?apikey=[redacted]&search=signal.com&limit=1"
HTTP/2 200
date: Fri, 14 Feb 2025 19:47:31 GMT
content-type: application/json
content-length: 111
noc-api-access: pass
noc-api-limit-hour: 1000
noc-api-usage-hour: 2
server: noc.org/cdn
noc-cdn-location: cdn-edge-canada-montreal1
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
[
{
"domain": "t1.free-signal.com.",
"ipv4": [
"51.79.145.87"
]
}
]
I tried the new syntax with the old domain and it doesnt work either
curl -D - --header "X-API-Access: [redacted]" "https://dnsarchive.net/api/?apikey=[redacted]&search=signal.com&limit=1"
HTTP/2 403
date: Fri, 14 Feb 2025 19:48:47 GMT
content-type: application/json
content-length: 98
noc-api-access: pass
noc-api-limit-hour: 1000
noc-api-usage-hour: 3
server: noc.org/cdn
noc-cdn-location: cdn-edge-canada-montreal1
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
{"status":"error", "reason":"Missing API key. Contact sales@noc.org to get one created for you."}
Screenshots
Add screenshots of the error for a better context.
Describe the bug
dnsreposource aka https://dnsarchive.net/ (formally https://dnsrepo.noc.org) no longer works with subfinder.The API endpoint has changed and so has the authentication syntax.
subfinder sends the following request
https://dnsrepo.noc.org/api/?apikey=[redacted]&search=signal.com, when the new supported syntax is (using curl) is:curl -D - --header "X-API-Access: [redacted]" "https://dnsarchive.net/api/?apikey=[redacted]&search=signal.com&limit=1"NOTE: THE APIKEY AND X-API-Access headers have different values!
More details here https://dnsarchive.net/api-access
Subfinder version
Include the version of subfinder you are using,
subfinder -versionv2.6.8 (latest)Complete command you used to reproduce this
First notice dnsrepo.noc.com redirects to dnsarchive.net
Using subfinder shows the old domain and auth syntax
A working request/response example
I tried the new syntax with the old domain and it doesnt work either
Screenshots
Add screenshots of the error for a better context.