This small script tries to detect subdomain takeovers from a list of domains. Fingerprints are taken from https://github.com/EdOverflow/can-i-take-over-xyz.
Project description
This small script tries to detect subdomain takeovers from a list of domains. Fingerprints are taken from https://github.com/EdOverflow/can-i-take-over-xyz.
Installation
pip install takeover.py
Usage
takeover blog.example.com
Using with other tools:
subfinder -d "example.com" -silent | takeover
Automation:
Creating a automated scan server:
import json, asyncio, pickle, os
from pathlib import Path
from takeover.takeover import takeover
home = str(Path.home())
# config is an dictionary. See ~/.config/takeover/config.json for structure
config = json.load(open(home + "/.config/takeover/config.json"))
# Do not forget to replace pointer to fingerprints with the valid data. See ~/.config/takeover/fingerprints.json for structure
config['fingerprints'] = json.load(open(home + "/.config/takeover/fingerprints.json"))
async def loop():
print("Starting infinite loop:")
while True:
takeoverObject = takeover(config)
try:
takeoverObject.found = pickle.load(open("found.pickle", 'rb'))
except FileNotFoundError:
print("No old data found.", end="\r")
try:
with open("subdomains.txt") as subdomainFile:
subdomains = enumerate(subdomainFile)
await takeoverObject.checkHosts(subdomains)
except FileNotFoundError:
continue
with open("found.pickle", 'wb') as foundFile:
pickle.dump(takeoverObject.found, foundFile)
os.remove("subdomains.txt")
print("Enumerated all targets in subdomains.txt for takeover")
asyncio.run(loop())
The above automation script can be used along with any subdomain enumeration tool:
subfinder -d example.com -o subdomains.txt
and the running infinite loop will automatically detect subdomains.txt file and start looking for takeovers. After completion, it also deletes the subdomains.txt so that you can add new targets. Obviously, you can tweak it however you want.
How it Works
Matches CNAME against takeover-able services
If CNAME found, matches fingerprints in the body.
Note
The output is a lot verbose so it is recommended to use a discord webhook to get notified. I am planning to change it in a major update.
If you need some extra features, feel free to submit a new issue on GitHub.
License
Disclaimer
I make guns, I sell guns, I give away guns but I take no responsibility of who dies with the guns.
Legally speaking, What you do with this has nothing to do with me. I am not responsible for your actions.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for takeover.py-0.0.9-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 207df0405f8139636f76293212756eed3047e71dec50dd87dc53f8424c22a730 |
|
MD5 | 5956084c919139c90404db9f2a40d3f7 |
|
BLAKE2b-256 | 7b377a2cd8aa1d73f10290468da84b4a5387903fa1e93dbb9b92819e17437692 |