GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → NetSPI → crossdomainscanner

NetSPI / crossdomainscanner

Licence: other
Python tool for expired domain discovery in crossdomain.xml files

Programming Languages

python
139335 projects - #7 most used programming language

crossdomainscanner

Python tool to check for expired domains still allowed in crossdomain.xml files.

For more on this tool please go here.

Installation

~$ git clone https://github.com/NetSPI/crossdomainscanner
~$ cd crossdomainScanner
~$ pip install -r requirements.txt
[follow the example below for runtime usage]

Example:

~$ python scanner.py https://jakereynolds.co -v -o output.txt
~$ cat output.txt
Searching crossdomain.xml on https://jakereynolds.co for unregistered domains

=============================================================

Crossdomain contents:
 - asdaasdasfwkjhcjhbwrgkljsv.com
 - thisisanexpireddomainaswell.es
 - thishasaninvalidTLD.invalidtld
  - Invalid TLD: invalidtld
 - jakereynoldsexpireddomain.com

Possible expired domains:
asdaasdasfwkjhcjhbwrgkljsv.com
thisisanexpireddomainaswell.es
jakereynoldsexpireddomain.com

This means that https://jakereynolds.co allows http://jakereynoldsexpireddomain.com in their crossdomain.xml file. However, the latter is not registered to any DNS. An attacker could now buy that domain and get full cross-domain access to https://jakereynolds.co

This tool is created for Ethical Hacking purposes, any illicit use is not related to its creator.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].