Skip to content

Commit

Permalink
Implement takeover checker
Browse files Browse the repository at this point in the history
  • Loading branch information
@abuvanth
abuvanth committed Jun 15, 2019
1 parent ad1297e commit 91a78aa
Show file tree
Hide file tree
Showing 4 changed files with 318 additions and 4 deletions.
8 changes: 8 additions & 0 deletions kickdomain/dnstest.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
'''import dns.resolver
answer=dns.resolver.query("support.freshdesk.com", "CNAME")
for i in answer:
cname=i
print i'''
from kickdomain import *

print(takeover_check(['app.weeschool.com']))
51 changes: 49 additions & 2 deletions kickdomain/kickdomain.py
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import requests,re,argparse
import providers
import dns.resolver
csrftoken=r'[a-zA-Z0-9]{32}'
def clear_url(target):
return re.sub('.*www\.','',target,1).split('/')[0].strip()
Expand Down Expand Up @@ -29,9 +31,54 @@ def domains_from_virustotal(target):
return finddomains
def getSubdomains(target):
return remove_duplicate(domains_from_crt_sh(target)+domains_from_dnsdumpster(target)+domains_from_virustotal(target))
def takeover_check(subdomains):
result=[]
for subdomain in subdomains:
try:
answer=dns.resolver.query(subdomain, "CNAME")
for i in answer:
cname=str(i)
except:
cname=''
try:
data=requests.get('http://'+subdomain).content
except:
data=''
pro_list=[]
res_list=[]
c=False
d=False
p=False
for k in providers.provider:
pro_list.append(k['cname'])
res_list.append(k['response'])
for t in pro_list:
for w in t:
if cname.__contains__(w):
c=True
for s in res_list:
for f in s:
if data.__contains__(f):
d=True
if c and d:
p=True
result=result+[(subdomain,p)]
return result
if __name__=='__main__':
ap = argparse.ArgumentParser()
ap.add_argument("-u", "--url", required=True,help="Please enter target Url without http or https")
ap.add_argument("-t", "--takeover", required=False,help="True or False")
args = vars(ap.parse_args())
for domain in getSubdomains(clear_url(args['url'])):
print(domain)
if args['url'].startswith('http'):
print("Enter url without http and www")
exit()
domains=getSubdomains(clear_url(args['url']))
for domain in domains:
print(domain)
if args['takeover']:
for i in takeover_check(domains):
if i[1]:
print(i[0]+' is vulnerable to takeover')
else:
print(i[0]+' is not vulnerable to takeover')

259 changes: 259 additions & 0 deletions kickdomain/providers.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,259 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
provider=[
{
"name":"github",
"cname":["github.io", "github.map.fastly.net"],
"response":["There isn't a GitHub Pages site here.", "For root URLs (like http://example.com/) you must provide an index.html file"]
},
{
"name":"heroku",
"cname":["herokudns.com", "herokussl.com", "herokuapp.com"],
"response":["There's nothing here, yet.", "herokucdn.com/error-pages/no-such-app.html", "<title>No such app</title>"]
},
{
"name":"unbounce",
"cname":["unbouncepages.com"],
"response":["The requested URL / was not found on this server.", "The requested URL was not found on this server"]
},
{
"name":"tumblr",
"cname":["tumblr.com"],
"response":["There's nothing here.", "Whatever you were looking for doesn't currently exist at this address."]
},
{
"name":"shopify",
"cname":["myshopify.com"],
"response":["Sorry, this shop is currently unavailable.", "Only one step left!"]
},
{
"name":"instapage",
"cname":["pageserve.co", "secure.pageserve.co", "https://instapage.com/"],
"response":["You've Discovered A Missing Link. Our Apologies!"]
},
{
"name":"desk",
"cname":["desk.com"],
"response":["Please try again or try Desk.com free for 14 days.", "Sorry, We Couldn't Find That Page"]
},
{
"name":"tictail",
"cname":["tictail.com", "domains.tictail.com"],
"response":["Building a brand of your own?", "to target URL: <a href=\"https://tictail.com", "Start selling on Tictail."]
},
{
"name":"campaignmonitor",
"cname":["createsend.com", "name.createsend.com"],
"response":["Double check the URL", "<strong>Trying to access your account?</strong>"]
},
{
"name":"cargocollective",
"cname":["cargocollective.com"],
"response":["404 Not Found"]
},
{
"name":"statuspage",
"cname":["statuspage.io"],
"response":["Better Status Communication", "You are being <a href=\"https://www.statuspage.io\">redirected"]
},
{
"name":"amazonaws",
"cname":["amazonaws.com"],
"response":["NoSuchBucket", "The specified bucket does not exist"]
},
{
"name":"cloudfront",
"cname":["cloudfront.net"],
"response":["The request could not be satisfied", "ERROR: The request could not be satisfied"]
},
{
"name":"bitbucket",
"cname":["bitbucket.org"],
"response":["The page you have requested does not exist"]
},
{
"name":"smartling",
"cname":["smartling.com"],
"response":["Domain is not configured"]
},
{
"name":"acquia",
"cname":["acquia.com"],
"response":["If you are an Acquia Cloud customer and expect to see your site at this address"]
},
{
"name":"fastly",
"cname":["fastly.net"],
"response":["Please check that this domain has been added to a service", "Fastly error: unknown domain"]
},
{
"name":"pantheon",
"cname":["pantheonsite.io"],
"response":["The gods are wise", "The gods are wise, but do not know of the site which you seek."]
},
{
"name":"zendesk",
"cname":["zendesk.com"],
"response":["<title>Help Center Closed | Zendesk</title>", "Help Center Closed"]
},
{
"name":"uservoice",
"cname":["uservoice.com"],
"response":["This UserVoice subdomain is currently available!"]
},
{
"name":"ghost",
"cname":["ghost.io"],
"response":["The thing you were looking for is no longer here", "The thing you were looking for is no longer here, or never was"]
},
{
"name":"pingdom",
"cname":["stats.pingdom.com"],
"response":["pingdom"]
},
{
"name":"tilda",
"cname":["tilda.ws"],
"response":["Domain has been assigned"]
},
{
"name":"wordpress",
"cname":["wordpress.com"],
"response":["Do you want to register"]
},
{
"name":"teamwork",
"cname":["teamwork.com"],
"response":["Oops - We didn't find your site."]
},
{
"name":"helpjuice",
"cname":["helpjuice.com"],
"response":["We could not find what you're looking for."]
},
{
"name":"helpscout",
"cname":["helpscoutdocs.com"],
"response":["No settings were found for this company:"]
},
{
"name":"cargo",
"cname":["cargocollective.com"],
"response":["If you're moving your domain away from Cargo you must make this configuration through your registrar's DNS control panel."]
},
{
"name":"feedpress",
"cname":["redirect.feedpress.me"],
"response":["The feed has not been found."]
},
{
"name":"surge",
"cname":["surge.sh"],
"response":["project not found"]
},
{
"name":"surveygizmo",
"cname":["privatedomain.sgizmo.com", "privatedomain.surveygizmo.eu", "privatedomain.sgizmoca.com"],
"response":["data-html-name"]
},
{
"name":"mashery",
"cname":["mashery.com"],
"response":["Unrecognized domain <strong>"]
},
{
"name":"intercom",
"cname":["custom.intercom.help"],
"response":["This page is reserved for artistic dogs.","<h1 class=\"headline\">Uh oh. That page doesn’t exist.</h1>"]
},
{
"name":"webflow",
"cname":["proxy.webflow.io"],
"response":["<p class=\"description\">The page you are looking for doesn't exist or has been moved.</p>"]
},
{
"name":"kajabi",
"cname":["endpoint.mykajabi.com"],
"response":["<h1>The page you were looking for doesn't exist.</h1>"]
},
{
"name":"thinkific",
"cname":["thinkific.com"],
"response":["You may have mistyped the address or the page may have moved."]
},
{
"name":"tave",
"cname":["clientaccess.tave.com"],
"response":["<h1>Error 404: Page Not Found</h1>"]
},
{
"name":"wishpond",
"cname":["wishpond.com"],
"response":["https://www.wishpond.com/404?campaign=true"]
},
{
"name":"aftership",
"cname":["aftership.com"],
"response":["Oops.</h2><p class=\"text-muted text-tight\">The page you're looking for doesn't exist."]
},
{
"name":"aha",
"cname":["ideas.aha.io"],
"response":["There is no portal here ... sending you back to Aha!"]
},
{
"name":"brightcove",
"cname":["brightcovegallery.com", "gallery.video", "bcvp0rtal.com"],
"response":["<p class=\"bc-gallery-error-code\">Error Code: 404</p>"]
},
{
"name":"bigcartel",
"cname":["bigcartel.com"],
"response":["<h1>Oops! We couldn&#8217;t find that page.</h1>"]
},
{
"name":"activecompaign",
"cname":["activehosted.com"],
"response":["alt=\"LIGHTTPD - fly light.\""]
},
{
"name":"compaignmonitor",
"cname":["createsend.com"],
"response":["Double check the URL or <a href=\"mailto:[email protected]"]
},
{
"name":"acquia",
"cname":["acquia-test.co"],
"response":["The site you are looking for could not be found."]
},
{
"name":"proposify",
"cname":["proposify.biz"],
"response":["If you need immediate assistance, please contact <a href=\"mailto:[email protected]"]
},
{
"name":"simplebooklet",
"cname":["simplebooklet.com"],
"response":["We can't find this <a href=\"https://simplebooklet.com"]
},
{
"name":"getresponse",
"cname":[".gr8.com"],
"response":["With GetResponse Landing Pages, lead generation has never been easier"]
},
{
"name":"vend",
"cname":["vendecommerce.com"],
"response":["Looks like you've traveled too far into cyberspace."]
},
{
"name":"jetbrains",
"cname":["myjetbrains.com"],
"response":["is not a registered InCloud YouTrack."]
},
{
"name":"azure",
"cname":["azurewebsites.net"],
"response":["404 Web Site not found"]
}
]
4 changes: 2 additions & 2 deletions setup.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
install_requires = f.read().splitlines()
setuptools.setup(
name="kickdomain",
version="1.0.1",
version="1.0.2",
author="Syed Abuthahir",
author_email="[email protected]",
description="Subdomain takeover tool",
Expand All @@ -27,4 +27,4 @@
"License :: OSI Approved :: MIT License",
"Operating System :: OS Independent",
],
)
)

0 comments on commit 91a78aa

Please sign in to comment.