by 下载技能包
最后更新
2026/4/24
安全扫描
OpenClaw
可疑
high confidence该技能声称是被动的,且未声明任何所需凭据,但随附代码会主动进行 DNS/解析/AXFR 尝试,并依赖未记录的环境变量和本地许可证文件——行为与需求与描述不完全一致。
评估建议
This skill is inconsistent in important ways: it advertises passive reconnaissance but the code actively resolves hostnames, runs bruteforce resolution, and attempts zone-transfer-like network activity. Metadata says no env vars are required, yet the tool uses EDGEIQ_EMAIL, EDGEIQ_LICENSE_KEY, and ~/.edgeiq/license.key to unlock paid features — the author even hardcodes a specific email that will enable Pro features locally. Before installing or running: (1) review the Python source yourself or ...详细分析 ▾
⚠ 用途与能力
The description promises 'passive' enumeration (CT logs, no active probing) but the code performs active DNS resolution, bruteforce queries, and attempts zone transfer/AXFR-like TCP interactions — these are active probes. The skill also includes a licensing/payment model even though registry metadata lists no required credentials or config. This mismatch between advertised 'passive' behavior and implemented active network probing is a substantive inconsistency.
⚠ 指令范围
SKILL.md and README instruct the user to set EDGEIQ_EMAIL or a license file to unlock Pro/Bundle and to run the Python script; the runtime code contacts crt.sh and performs DNS/hostname resolution and takeover checks. The docs repeatedly claim 'no active probing' while instructing bruteforce and AXFR checks. The instructions also propose using the skill from Discord, and include external links (Stripe, Discord) — those endpoints are expected for a paid tool, but the omission of EDGEIQ_* env vars from declared requirements is a scope mismatch.
ℹ 安装机制
There is no install spec (instruction-only), and no external binary downloads — the distribution is just Python files. This is lower risk than arbitrary remote downloads, but the package does include executable code that will run network operations. Also the SKILL.md implies copying files into ~/.openclaw/skills; the presence of code files contradicts the 'instruction-only' framing in metadata (minor inconsistency).
⚠ 凭证需求
Registry metadata declares no required env vars or credentials, yet SKILL.md and the code read EDGEIQ_EMAIL and EDGEIQ_LICENSE_KEY and a local license file (~/.edgeiq/license.key). The licensing module also treats a specific email (gpalmieri21@gmail.com) as sufficient to grant Pro/Bundle access — this is an undocumented local bypass and an odd, unjustified use of an env var. Requesting or using these env vars should have been declared and justified in metadata.
✓ 持久化与权限
The skill does not request always: true and does not appear to modify other skills or system-wide agent settings. It reads a local license file and environment variables but does not request elevated privileges or persistent, autonomous installation. No evidence of persistent background processes or self-enablement beyond being installed as a skill.
⚠ subdomain_hunter.py:216
Potential obfuscated payload detected.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/4/24
初始版本:CT 枚举、区域传输检查、接管检测、暴力破解字典、JSON 导出。
● 无害
安装命令
点击复制官方npx clawhub@latest install edgeiq-subdomain-hunter
镜像加速npx clawhub@latest install edgeiq-subdomain-hunter --registry https://cn.longxiaskill.com
技能文档
技能名称: subdomain-hunter
版本: 1.0.0
分类: 安全 / 侦察
价格: 免费(基础版)/ Pro($19/月)/ 套装($39/月)
作者: EdgeIQ Labs
OpenClaw 兼容: 是 — Python 3,纯 stdlib + socket,WSL + Linux
---
功能
被动子域名枚举:利用证书透明度日志、DNS 区域传输检查及接管检测,无主动探测即可达到侦察级发现。⚠️ 法律提示: 仅可枚举您拥有或已获书面授权的域名,未经授权的侦察属违法。
---
特性
- 证书透明度枚举 — 爬取 crt.sh 子域名历史
- DNS 区域传输检查 — 对常见 NS 记录尝试 AXFR
- 接管检测 — 识别指向未认领/失效服务的子域名(CNAME 指向死端点)
- 常见子域名暴力破解 — 轻量级字典扫描
- 子域名解析验证 — 校验发现结果能否解析
- JSON 导出 — 结构化输出,便于集成
---
版本对比
| 功能 | 免费 | Pro($19/月) | 套装($39/月) | |------|------|---------------|----------------| | CT 日志枚举 | ✅(50 条) | ✅(无限制) | ✅(无限制) | | 区域传输检查 | ✅ | ✅ | ✅ | | 接管检测 | — | ✅ | ✅ | | 暴力破解字典 | — | ✅(500 条) | ✅(2000 条) | | JSON 导出 | — | ✅ | ✅ | | 并发解析 | — | ✅(20 线程) | ✅(50 线程) |---
安装
``bash
cp -r /home/guy/.openclaw/workspace/apps/subdomain-hunter ~/.openclaw/skills/subdomain-hunter
` ---
用法
基础扫描(免费版 — 50 条结果)
`bash
python3 subdomain_hunter.py --domain example.com
` Pro 扫描(无限制 + 接管检测)
`bash
EDGEIQ_EMAIL=your_email@gmail.com python3 subdomain_hunter.py --domain example.com --pro
` 套装完整扫描(暴力破解 + 并发线程)
`bash
EDGEIQ_EMAIL=your_email@gmail.com python3 subdomain_hunter.py --domain example.com --bundle --bruteforce
` 导出 JSON
`bash
python3 subdomain_hunter.py --domain example.com --output results.json
` 仅接管检测
`bash
python3 subdomain_hunter.py --domain example.com --takeover-only
` OpenClaw Discord 命令
在 #edgeiq-support 频道:
`
!subdomain example.com
!subdomain example.com --takeover
!subdomain example.com --bruteforce
` ---
参数
| 标志 | 类型 | 默认值 | 说明 |
|------|------|--------|------|
| --domain | string | — | 目标域名 |
| --pro | flag | False | 启用 Pro 功能 |
| --bundle | flag | False | 启用套装功能 |
| --bruteforce | flag | False | 运行常见子域名字典 |
| --takeover | flag | False | 运行接管检测 |
| --takeover-only | flag | False | 仅运行接管检测 |
| --output | string | — | 将 JSON 报告写入文件 |
| --threads | int | 20/50 | 并发线程数(Pro/套装) | ---
输出示例
`
=== Subdomain Hunter ===
example.com
CT 条目:47
已解析:31
失效:5
接管:2 🔴 发现子域名:
api.example.com ✅ 解析 → 1.2.3.4
staging.example.com ✅ 解析 → 1.2.3.5
dev.example.com ❌ 失效(CNAME 至 Heroku)
old.example.com 🔴 可接管(无 CNAME,404)
blog.example.com ✅ 解析 → 1.2.3.6
区域传输:被阻止
威胁等级:MEDIUM
``
---
升级 Pro
无限 CT 结果、接管检测、暴力破解字典及 JSON 导出: 👉 升级至 Pro — $19/月---