import pydig
import dns.resolver
import tldextract
import whois
import requests
import json
from multiprocessing import Pool, cpu_count
requests.packages.urllib3.disable_warnings()
def sorgu(sub):
print(sub)
try:
dns_sorgula = dns.resolver.query(sub,"A")
requestsender(sub)
except dns.resolver.NXDOMAIN:
dns_sorgula = pydig.query(sub,"CNAME")
if dns_sorgula:
parse = tldextract.extract(dns_sorgula[0])
parse = parse.domain + "." + parse.suffix
if parse in microsoft_list:
slacksend(sub,parse)
else:
domain = whois.query(parse)
if domain == None:
slacksend(sub,"you can buy cname record")
else:
pass
else:
pass
except dns.resolver.NoAnswer:
pass
except:
pass
def slacksend(sub,service):
slack_data = {'text':f'Subdomain Takeover Found: {str(sub)}\nService: {str(service)}'}
slack_send = requests.post(posting_webhook, data=json.dumps(slack_data), headers={'Content-Type': 'application/json'})
def statusattack(x):
slack_data = {'text':f'Status: {x}'}
slack_send = requests.post(posting_webhook, data=json.dumps(slack_data), headers={'Content-Type': 'application/json'})
def requestsender(sub):
header = {"User-Agent":"Mozilla/5.0 (iPhone; CPU iPhone OS 12_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1 Mobile/15E148 Safari/604.1"}
try:
site = "http://"+str(sub)
istek = requests.get(site,verify=False,headers=header,timeout=2).text
takeoversender(istek,sub)
except requests.exceptions.ConnectionError:
site = "https://"+str(sub)
istek = requests.get(site,verify=False,headers=header,timeout=2).text
takeoversender(istek,sub)
except:
pass
def takeoversender(istek,sub):
response = [("There isn't a GitHub Pages site here.","Github"),
("The specified bucket does not exist","S3BUCKET"),
("NoSuchBucket","S3BUCKET"),
("Fastly error: unknown domain","Fastly"),
("Repository not found","Bitbucket"),
("Trying to access your account?","Campaign Monitor"),
("Domain uses DO name serves with no records in DO.","Digitalocean"),
("The feed has not been found.","Feedpress"),
("The thing you were looking for is no longer here, or never was","Ghost"),
("404 Blog is not found","HatenaBlog"),
("We could not find what you're looking for.","Help Juice"),
("No settings were found for this company:","Help Scout"),
("No such app","Heroku"),
("Uh oh. That page doesn't exist.","Intercom"),
("is not a registered InCloud YouTrack","JetBrains"),
("No Site For Domain","Kinsta"),
("It looks like you may have taken a wrong turn somewhere. Don't worry...","LaunchRock"),
("Unrecognized domain","Mashery"),
("404 error unknown site!","Pantheon"),
("Project doesnt exist... yet!","Readme.io"),
("Sorry, this shop is currently unavailable.","Shopify"),
("Visiting the subdomain will redirect users to","Statuspage"),
("project not found","Surge.sh"),
("Whatever you were looking for doesn't currently exist at this address","Tumblr"),
("Please renew your subscription","Tilda"),
("This UserVoice subdomain is currently available!","UserVoice"),
("Do you want to register *.wordpress.com?","Wordpress")]
for bul in response:
if bul[0] in istek:
slacksend(sub,bul[1])
else:
pass
def test(sub):
sayı = 0
blacklist = ["*","-.",".-","..",".,",",.","?","/",")","(","]","[",">","<","!","#","&",",","{","}","+","%","|"]
for i in blacklist:
if i in sub:
sayı +=1
else:
pass
if sayı == 0:
return True
else:
return False
def main():
target_list = []
with open("subdomains.txt","r",encoding="utf-8") as f:
[target_list.append(i) for i in f.read().lower().split("\n") if i and test(i)]
with Pool(cpu_count()) as p:
p.map(sorgu,target_list)
if __name__ == "__main__":
posting_webhook = "https://hooks.slack.com/services/SLACK-HOOK-ADDRESS"
microsoft_list = ["trafficmanager.net","cloudapp.net","azure.com","azurewebsites.net",
"windows.net","azure-api.net","azurehdinsight.net","azureedge.net","azurecontainer.io",
"azuredatalakestore.net","azurecr.io","visualstudio.com"]
statusattack("Subdomain Takeover Attack started")
main()
statusattack("Subdomain Takeover Attack Finished")
