sdfdsf

From fdsf, 1 Year ago, written in Go.

Embed

Download Paste or View Raw
Hits: 209

package main

import (

"bufio"

"encoding/json"

"fmt"

"net/http"

"os"

"strings"

"sync"

)

// Fingerprints struct to hold fingerprint data

type Fingerprints struct {

Fingerprint string `json:"Fingerprint"`

Service string `json:"Service"`

Cname []string `json:"Cname"`

}

func main() {

// Okunacak dosya adı

filename := "subdomains.txt"

// Dosyayı aç

file, err := os.Open(filename)

if err != nil {

fmt.Println("Dosya açılamadı:", err)

return

}

defer file.Close()

// Fingerprints map oluştur

fingerprints := make(map[string]Fingerprints)

// Örnek parmak izini ekle

fingerprints["404 - Page Not Found` `Oops… looks like you got lost"] = Fingerprints{

Fingerprint: "404 - Page Not Found` `Oops… looks like you got lost",

Service: "Frontify",

Cname: []string{},

}

var wg sync.WaitGroup

scanner := bufio.NewScanner(file)

// Satırları oku

for scanner.Scan() {

subdomain := scanner.Text()

wg.Add(1)

go func(subdomain string) {

defer wg.Done()

checkSubdomain(subdomain, fingerprints)

}(subdomain)

}

wg.Wait()

}

func checkSubdomain(subdomain string, fingerprints map[string]Fingerprints) {

// HTTP GET isteği yap

resp, err := http.Get("http://" + subdomain)

if err != nil {

fmt.Printf("%s: Bağlantı hatası\n", subdomain)

return

}

defer resp.Body.Close()

// Eğer hedef subdomain'in response kodu 404 ise subdomain takeover zafiyeti olabilir

if resp.StatusCode == http.StatusNotFound {

bodyText := make([]byte, 512)

_, err := resp.Body.Read(bodyText)

if err != nil {

fmt.Printf("%s: 404 - Subdomain takeover zafiyeti olabilir\n", subdomain)

} else {

bodyStr := string(bodyText)

for _, fp := range fingerprints {

if strings.Contains(bodyStr, fp.Fingerprint) {

fmt.Printf("%s: 404 - Subdomain takeover zafiyeti olabilir (%s)\n", subdomain, fp.Service)

return

}

}

fmt.Printf("%s: 404 - Ancak subdomain takeover zafiyeti olmayabilir\n", subdomain)

}

} else {

fmt.Printf("%s: HTTP status code %d\n", subdomain, resp.StatusCode)

}

}

Author

Title

Language

Your paste - Paste your paste here

package main

import (
    &quot;bufio&quot;
    &quot;encoding/json&quot;
    &quot;fmt&quot;
    &quot;net/http&quot;
    &quot;os&quot;
    &quot;strings&quot;
    &quot;sync&quot;
)

// Fingerprints struct to hold fingerprint data
type Fingerprints struct {
    Fingerprint string   `json:&quot;Fingerprint&quot;`
    Service     string   `json:&quot;Service&quot;`
    Cname       []string `json:&quot;Cname&quot;`
}

func main() {
    // Okunacak dosya adı
    filename := &quot;subdomains.txt&quot;

// Dosyayı aç
    file, err := os.Open(filename)
    if err != nil {
        fmt.Println(&quot;Dosya açılamadı:&quot;, err)
        return
    }
    defer file.Close()

// Fingerprints map oluştur
    fingerprints := make(map[string]Fingerprints)

// Örnek parmak izini ekle
    fingerprints[&quot;404 - Page Not Found` `Oops… looks like you got lost&quot;] = Fingerprints{
        Fingerprint: &quot;404 - Page Not Found` `Oops… looks like you got lost&quot;,
        Service:     &quot;Frontify&quot;,
        Cname:       []string{},
    }

var wg sync.WaitGroup
    scanner := bufio.NewScanner(file)

// Satırları oku
    for scanner.Scan() {
        subdomain := scanner.Text()
        wg.Add(1)
        go func(subdomain string) {
            defer wg.Done()
            checkSubdomain(subdomain, fingerprints)
        }(subdomain)
    }

wg.Wait()
}

func checkSubdomain(subdomain string, fingerprints map[string]Fingerprints) {
    // HTTP GET isteği yap
    resp, err := http.Get(&quot;http://&quot; + subdomain)
    if err != nil {
        fmt.Printf(&quot;%s: Bağlantı hatası\n&quot;, subdomain)
        return
    }
    defer resp.Body.Close()

// Eğer hedef subdomain'in response kodu 404 ise subdomain takeover zafiyeti olabilir
    if resp.StatusCode == http.StatusNotFound {
        bodyText := make([]byte, 512)
        _, err := resp.Body.Read(bodyText)
        if err != nil {
            fmt.Printf(&quot;%s: 404 - Subdomain takeover zafiyeti olabilir\n&quot;, subdomain)
        } else {
            bodyStr := string(bodyText)
            for _, fp := range fingerprints {
                if strings.Contains(bodyStr, fp.Fingerprint) {
                    fmt.Printf(&quot;%s: 404 - Subdomain takeover zafiyeti olabilir (%s)\n&quot;, subdomain, fp.Service)
                    return
                }
            }
            fmt.Printf(&quot;%s: 404 - Ancak subdomain takeover zafiyeti olmayabilir\n&quot;, subdomain)
        }
    } else {
        fmt.Printf(&quot;%s: HTTP status code %d\n&quot;, subdomain, resp.StatusCode)
    }
}

Private - Private paste aren't shown in recent listings.

Delete After - When should we delete your paste?

Spam protection -

{"html5":"htmlmixed","css":"css","javascript":"javascript","php":"php","python":"python","ruby":"ruby","lua":"text\/x-lua","bash":"text\/x-sh","go":"go","c":"text\/x-csrc","cpp":"text\/x-c++src","diff":"diff","latex":"stex","sql":"sql","xml":"xml","apl":"apl","asterisk":"asterisk","c_loadrunner":"text\/x-csrc","c_mac":"text\/x-csrc","coffeescript":"text\/x-coffeescript","csharp":"text\/x-csharp","d":"d","ecmascript":"javascript","erlang":"erlang","groovy":"text\/x-groovy","haskell":"text\/x-haskell","haxe":"text\/x-haxe","html4strict":"htmlmixed","java":"text\/x-java","java5":"text\/x-java","jquery":"javascript","mirc":"mirc","mysql":"sql","ocaml":"text\/x-ocaml","pascal":"text\/x-pascal","perl":"perl","perl6":"perl","plsql":"sql","properties":"text\/x-properties","q":"text\/x-q","scala":"scala","scheme":"text\/x-scheme","tcl":"text\/x-tcl","vb":"text\/x-vb","verilog":"text\/x-verilog","yaml":"text\/x-yaml","z80":"text\/x-z80"}

Reply to "sdfdsf"