Support multiple DKIM selectors (#17)

README.md

@@ -203,7 +203,7 @@ You can then email this inbox from any address, and you'll receive an email back
 | `--checkTls`     |       | Check the TLS connectivity and cert validity of domains                                                         |
 | `--concurrent`   | `-c`  | The number of domains to scan concurrently (default 10)                                                         |
 | `--debug`        | `-d`  | Print debug logs                                                                                                |
-| `--dkimSelector` |       | Specify a DKIM selector (default "x")                                                                           |
+| `--dkimSelector` |       | Specify a comma seperated list of DKIM selectors (default "")                                                   |
 | `--dnsBuffer`    |       | Specify the allocated buffer for DNS responses (default 1024)                                                   |
 | `--format`       | `-f`  | Format to print results in (yaml, json, csv) (default "yaml")                                                   |
 | `--nameservers`  | `-n`  | Use specific nameservers, in host[:port] format; may be specified multiple times                                |
@@ -215,4 +215,4 @@ You can then email this inbox from any address, and you'll receive an email back
 
 This repository is licensed under the Apache License version 2.0.
 
-Some of the project's dependencies may be under different licenses.
+Some of the project's dependencies may be under different licenses.

cmd/dss/main.go

@@ -23,7 +23,7 @@ var (
 		Use:     "dss",
 		Short:   "Scan a domain's DNS records.",
 		Long:    "Scan a domain's DNS records.\nhttps://github.com/GlobalCyberAlliance/DomainSecurityScanner",
-		Version: "2.3.3",
+		Version: "2.3.5",
 		PersistentPreRun: func(cmd *cobra.Command, args []string) {
 			if debug {
 				log = zerolog.New(zerolog.ConsoleWriter{Out: os.Stdout, TimeFormat: time.RFC3339}).With().Timestamp().Logger().Level(zerolog.DebugLevel)
@@ -46,8 +46,8 @@ var (
 	cfg                                      *Config
 	log                                      zerolog.Logger
 	concurrent, writeToFileCounter           int
-	dkimSelector, format, outputFile         string
-	nameservers                              []string
+	format, outputFile                       string
+	dkimSelector, nameservers                []string
 	timeout                                  int64
 	advise, debug, cache, checkTls, zoneFile bool
 	dnsBuffer                                uint16
@@ -59,7 +59,7 @@ func main() {
 	cmd.PersistentFlags().BoolVar(&checkTls, "checkTls", false, "Check the TLS connectivity and cert validity of domains")
 	cmd.PersistentFlags().IntVarP(&concurrent, "concurrent", "c", runtime.NumCPU(), "The number of domains to scan concurrently")
 	cmd.PersistentFlags().BoolVarP(&debug, "debug", "d", false, "Print debug logs")
-	cmd.PersistentFlags().StringVar(&dkimSelector, "dkimSelector", "x", "Specify a DKIM selector")
+	cmd.PersistentFlags().StringSliceVar(&dkimSelector, "dkimSelector", []string{}, "Specify a DKIM selector")
 	cmd.PersistentFlags().Uint16Var(&dnsBuffer, "dnsBuffer", 1024, "Specify the allocated buffer for DNS responses")
 	cmd.PersistentFlags().StringVarP(&format, "format", "f", "yaml", "Format to print results in (yaml, json)")
 	cmd.PersistentFlags().StringSliceVarP(&nameservers, "nameservers", "n", nil, "Use specific nameservers, in `host[:port]` format; may be specified multiple times")

cmd/dss/scan.go

@@ -48,7 +48,7 @@ var cmdScan = &cobra.Command{
 			log.Fatal().Err(err).Msg("An unexpected error occurred.")
 		}
 
-		sc.DKIMSelector = dkimSelector
+		sc.DKIMSelectors = dkimSelector
 
 		if format == "csv" && outputFile == "" {
 			log.Info().Msg("CSV header: domain,A,AAAA,BIMI,CNAME,DKIM,DMARC,MX,SPF,TXT,duration,error,advice")

pkg/http/scan.go

@@ -53,7 +53,7 @@ func (s *Server) handleScanDomains(c *gin.Context) {
 	source := scanner.TextSource(domainList)
 
 	if queryParam, ok := c.GetQuery("dkimSelector"); ok {
-		s.Scanner.DKIMSelector = queryParam
+		s.Scanner.DKIMSelectors = strings.Split(queryParam, ",")
 	}
 
 	var resultsWithAdvice []model.ScanResultWithAdvice

pkg/scanner/requests.go

@@ -8,6 +8,21 @@ import (
 	"github.com/pkg/errors"
 )
 
+var (
+	knownDkimSelectors = []string{
+		"x",             // Generic
+		"google",        // Google
+		"selector1",     // Microsoft
+		"selector2",     // Microsoft
+		"k1",            // MailChimp
+		"mandrill",      // Mandrill
+		"everlytickey1", // Everlytic
+		"everlytickey2", // Everlytic
+		"dkim",          // Hetzner
+		"mxvault",       // MxVault
+	}
+)
+
 func (s *Scanner) getDNSAnswers(domain string, recordType uint16) ([]dns.RR, error) {
 	req := new(dns.Msg)
 	req.SetQuestion(dns.Fqdn(domain), recordType)
@@ -133,26 +148,11 @@ func (s *Scanner) getTypeCNAME(domain string) (string, error) {
 	return "", nil
 }
 
-func (s *Scanner) getTypeDKIM(name string) (string, error) {
-	if s.DKIMSelector == "" {
-		s.DKIMSelector = "x"
-	}
+func (s *Scanner) getTypeDKIM(domain string) (string, error) {
+	selectors := append(s.DKIMSelectors, knownDkimSelectors...)
 
-	for _, dname := range []string{
-		s.DKIMSelector + "._domainkey." + name,
-		"email._domainkey." + name,         // Generic
-		"google._domainkey." + name,        // Google
-		"selector1._domainkey." + name,     // Microsoft
-		"selector2._domainkey." + name,     // Microsoft
-		"k1._domainkey." + name,            // MailChimp
-		"mandrill._domainkey." + name,      // Mandrill
-		"everlytickey1._domainkey." + name, // Everlytic
-		"everlytickey2._domainkey." + name, // Everlytic
-		"dkim._domainkey." + name,          // Hetzner
-		"mxvault._domainkey." + name,       // MxVault
-		name,
-	} {
-		txtRecords, err := s.getTypeTXT(dname)
+	for _, selector := range selectors {
+		txtRecords, err := s.getTypeTXT(selector + "._domainkey." + domain)
 		if err != nil {
 			return "", nil
 		}

pkg/scanner/scanner.go

@@ -55,9 +55,9 @@ type (
 		// the scanner.
 		Cache map[string]cachedResult
 
-		// DKIMSelector is used to specify where a DKIM record is hosted for
+		// DKIMSelectors is used to specify where a DKIM record is hosted for
 		// a specific domain.
-		DKIMSelector string
+		DKIMSelectors []string
 
 		// Nameservers is a slice of "host:port" strings of nameservers to
 		// issue queries against.